frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xselinux: add hook for device acceses.

This commit is contained in:
Eamon Walsh 2007-10-17 19:27:16 -04:00 committed by Eamon Walsh
parent 503f918f55
commit aa340b2c7c
1 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Xext/xselinux.c
View File

@ -291,6 +291,36 @@ SELinuxLog(int type, const char *fmt, ...)
* XACE Callbacks * XACE Callbacks
*/ */
static void
SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
{
XaceDeviceAccessRec *rec = calldata;
SELinuxStateRec *subj, *obj;
SELinuxAuditRec auditdata = { NULL, NULL, 0, 0, 0, NULL };
int rc;
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
obj = dixLookupPrivate(&rec->dev->devPrivates, stateKey);
/* If this is a new object that needs labeling, do it now */
if (rec->access_mode & DixCreateAccess) {
sidput(obj->sid);
/* Perform a transition to obtain the final SID */
if (avc_compute_create(subj->sid, subj->sid, SECCLASS_X_DEVICE,
&obj->sid) < 0) {
ErrorF("XSELinux: a compute_create call failed!\n");
rec->status = BadValue;
return;
}
}
rc = SELinuxDoCheck(rec->client, obj, SECCLASS_X_DEVICE,
rec->access_mode, &auditdata);
if (rc != Success)
rec->status = rc;
}
static void static void
SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata) SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
{ {
@ -755,7 +785,7 @@ XSELinuxExtensionInit(INITARGS)
ret &= XaceRegisterCallback(XACE_EXT_DISPATCH, SELinuxExtension, 0); ret &= XaceRegisterCallback(XACE_EXT_DISPATCH, SELinuxExtension, 0);
ret &= XaceRegisterCallback(XACE_RESOURCE_ACCESS, SELinuxResource, 0); ret &= XaceRegisterCallback(XACE_RESOURCE_ACCESS, SELinuxResource, 0);
// ret &= XaceRegisterCallback(XACE_DEVICE_ACCESS, SELinuxDevice, 0); ret &= XaceRegisterCallback(XACE_DEVICE_ACCESS, SELinuxDevice, 0);
ret &= XaceRegisterCallback(XACE_PROPERTY_ACCESS, SELinuxProperty, 0); ret &= XaceRegisterCallback(XACE_PROPERTY_ACCESS, SELinuxProperty, 0);
// ret &= XaceRegisterCallback(XACE_SEND_ACCESS, SELinuxSend, 0); // ret &= XaceRegisterCallback(XACE_SEND_ACCESS, SELinuxSend, 0);
// ret &= XaceRegisterCallback(XACE_RECEIVE_ACCESS, SELinuxReceive, 0); // ret &= XaceRegisterCallback(XACE_RECEIVE_ACCESS, SELinuxReceive, 0);