xace: add XACE_SELECTION_ACCESS hook for selection redirection/access.

Xext/xace.c

@@ -147,6 +147,16 @@ int XaceHook(int hook, ...)
 	    prv = &rec.rval;
 	    break;
 	}
+	case XACE_SELECTION_ACCESS: {
+	    XaceSelectionAccessRec rec = {
+		va_arg(ap, ClientPtr),
+		va_arg(ap, Selection*),
+		TRUE	/* default allow */
+	    };
+	    calldata = &rec;
+	    prv = &rec.rval;
+	    break;
+	}
 	case XACE_SITE_POLICY: {
 	    XaceSitePolicyRec rec = {
 		va_arg(ap, char*),

Xext/xace.h

@@ -50,13 +50,14 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #define XACE_BACKGRND_ACCESS		7
 #define XACE_EXT_ACCESS			8
 #define XACE_HOSTLIST_ACCESS		9
-#define XACE_SITE_POLICY		10
+#define XACE_SELECTION_ACCESS		10
-#define XACE_DECLARE_EXT_SECURE		11
+#define XACE_SITE_POLICY		11
-#define XACE_AUTH_AVAIL			12
+#define XACE_DECLARE_EXT_SECURE		12
-#define XACE_KEY_AVAIL			13
+#define XACE_AUTH_AVAIL			13
-#define XACE_AUDIT_BEGIN		14
+#define XACE_KEY_AVAIL			14
-#define XACE_AUDIT_END			15
+#define XACE_AUDIT_BEGIN		15
-#define XACE_NUM_HOOKS			16
+#define XACE_AUDIT_END			16
+#define XACE_NUM_HOOKS			17
 
 extern CallbackListPtr XaceHooks[XACE_NUM_HOOKS];
 

Xext/xacestr.h

@@ -27,6 +27,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #include "gcstruct.h"
 #include "windowstr.h"
 #include "inputstr.h"
+#include "selection.h"
 #include "xace.h"
 
 /* XACE_CORE_DISPATCH */
@@ -93,6 +94,13 @@ typedef struct {
     int rval;
 } XaceHostlistAccessRec;
 
+/* XACE_SELECTION_ACCESS */
+typedef struct {
+    ClientPtr client;
+    Selection *selection;
+    int rval;
+} XaceSelectionAccessRec;
+
 /* XACE_SITE_POLICY */
 typedef struct {
     char *policyString;

dix/dispatch.c

@@ -1113,7 +1113,8 @@ ProcGetSelectionOwner(register ClientPtr client)
         reply.type = X_Reply;
 	reply.length = 0;
 	reply.sequenceNumber = client->sequence;
-        if (i < NumCurrentSelections)
+        if (i < NumCurrentSelections &&
+	    XaceHook(XACE_SELECTION_ACCESS, client, &CurrentSelections[i]))
             reply.owner = CurrentSelections[i].window;
         else
             reply.owner = None;
@@ -1153,9 +1154,7 @@ ProcConvertSelection(register ClientPtr client)
 	       CurrentSelections[i].selection != stuff->selection) i++;
 	if ((i < NumCurrentSelections) &&
 	    (CurrentSelections[i].window != None) &&
-	    XaceHook(XACE_RESOURCE_ACCESS, client,
+	    XaceHook(XACE_SELECTION_ACCESS, client, &CurrentSelections[i]))
-		     CurrentSelections[i].window, RT_WINDOW,
-		     DixReadAccess, CurrentSelections[i].pWin))
 	{        
 	    event.u.u.type = SelectionRequest;
 	    event.u.selectionRequest.time = stuff->time;