Naming change: Security*Operation -> Xace*Operation
This commit is contained in:
Eamon Walsh
Eamon Walsh
parent
f44f14fe56
commit
ac90ce58ba
|
|
@ -1251,7 +1251,7 @@ typedef struct _PropertyAccessRec {
|
||||||
} PropertyAccessRec, *PropertyAccessPtr;
|
} PropertyAccessRec, *PropertyAccessPtr;
|
||||||
|
|
||||||
static PropertyAccessPtr PropertyAccessList = NULL;
|
static PropertyAccessPtr PropertyAccessList = NULL;
|
||||||
static char SecurityDefaultAction = SecurityErrorOperation;
|
static char SecurityDefaultAction = XaceErrorOperation;
|
||||||
static char *SecurityPolicyFile = DEFAULTPOLICYFILE;
|
static char *SecurityPolicyFile = DEFAULTPOLICYFILE;
|
||||||
static ATOM SecurityMaxPropertyName = 0;
|
static ATOM SecurityMaxPropertyName = 0;
|
||||||
|
|
||||||
|
|
@ -1410,9 +1410,9 @@ SecurityParsePropertyAccessRule(
|
||||||
{
|
{
|
||||||
switch (c)
|
switch (c)
|
||||||
{
|
{
|
||||||
case 'i': action = SecurityIgnoreOperation; break;
|
case 'i': action = XaceIgnoreOperation; break;
|
||||||
case 'a': action = SecurityAllowOperation; break;
|
case 'a': action = XaceAllowOperation; break;
|
||||||
case 'e': action = SecurityErrorOperation; break;
|
case 'e': action = XaceErrorOperation; break;
|
||||||
|
|
||||||
case 'r': readAction = action; break;
|
case 'r': readAction = action; break;
|
||||||
case 'w': writeAction = action; break;
|
case 'w': writeAction = action; break;
|
||||||
|
|
@ -1797,7 +1797,7 @@ CALLBACK(SecurityCheckPropertyAccess)
|
||||||
* If pacl doesn't apply, something above should have
|
* If pacl doesn't apply, something above should have
|
||||||
* executed a continue, which will skip the follwing code.
|
* executed a continue, which will skip the follwing code.
|
||||||
*/
|
*/
|
||||||
action = SecurityAllowOperation;
|
action = XaceAllowOperation;
|
||||||
if (access_mode & SecurityReadAccess)
|
if (access_mode & SecurityReadAccess)
|
||||||
action = max(action, pacl->readAction);
|
action = max(action, pacl->readAction);
|
||||||
if (access_mode & SecurityWriteAccess)
|
if (access_mode & SecurityWriteAccess)
|
||||||
|
|
@ -1808,11 +1808,11 @@ CALLBACK(SecurityCheckPropertyAccess)
|
||||||
} /* end for each pacl */
|
} /* end for each pacl */
|
||||||
} /* end if propertyName <= SecurityMaxPropertyName */
|
} /* end if propertyName <= SecurityMaxPropertyName */
|
||||||
|
|
||||||
if (SecurityAllowOperation != action)
|
if (XaceAllowOperation != action)
|
||||||
{ /* audit the access violation */
|
{ /* audit the access violation */
|
||||||
int cid = CLIENT_ID(pWin->drawable.id);
|
int cid = CLIENT_ID(pWin->drawable.id);
|
||||||
int reqtype = ((xReq *)client->requestBuffer)->reqType;
|
int reqtype = ((xReq *)client->requestBuffer)->reqType;
|
||||||
char *actionstr = (SecurityIgnoreOperation == action) ?
|
char *actionstr = (XaceIgnoreOperation == action) ?
|
||||||
"ignored" : "error";
|
"ignored" : "error";
|
||||||
SecurityAudit("client %d attempted request %d with window 0x%x property %s (atom 0x%x) of client %d, %s\n",
|
SecurityAudit("client %d attempted request %d with window 0x%x property %s (atom 0x%x) of client %d, %s\n",
|
||||||
client->index, reqtype, pWin->drawable.id,
|
client->index, reqtype, pWin->drawable.id,
|
||||||
|
|
|
||||||
|
|
@ -99,7 +99,7 @@ int XaceHook(int hook, ...)
|
||||||
va_arg(ap, WindowPtr),
|
va_arg(ap, WindowPtr),
|
||||||
va_arg(ap, Atom),
|
va_arg(ap, Atom),
|
||||||
va_arg(ap, Mask),
|
va_arg(ap, Mask),
|
||||||
SecurityAllowOperation /* default allow */
|
XaceAllowOperation /* default allow */
|
||||||
};
|
};
|
||||||
calldata = &rec;
|
calldata = &rec;
|
||||||
prv = &rec.rval;
|
prv = &rec.rval;
|
||||||
|
|
|
||||||
10
Xext/xace.h
10
Xext/xace.h
|
|
@ -21,9 +21,9 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
#define _XACE_H
|
#define _XACE_H
|
||||||
|
|
||||||
/* Hook return codes */
|
/* Hook return codes */
|
||||||
#define SecurityErrorOperation 0
|
#define XaceErrorOperation 0
|
||||||
#define SecurityAllowOperation 1
|
#define XaceAllowOperation 1
|
||||||
#define SecurityIgnoreOperation 2
|
#define XaceIgnoreOperation 2
|
||||||
|
|
||||||
#ifdef XACE
|
#ifdef XACE
|
||||||
|
|
||||||
|
|
@ -107,10 +107,10 @@ extern void XaceCensorImage(
|
||||||
/* Define calls away when XACE is not being built. */
|
/* Define calls away when XACE is not being built. */
|
||||||
|
|
||||||
#ifdef __GNUC__
|
#ifdef __GNUC__
|
||||||
#define XaceHook(args...) SecurityAllowOperation
|
#define XaceHook(args...) XaceAllowOperation
|
||||||
#define XaceCensorImage(args...) { ; }
|
#define XaceCensorImage(args...) { ; }
|
||||||
#else
|
#else
|
||||||
#define XaceHook(...) SecurityAllowOperation
|
#define XaceHook(...) XaceAllowOperation
|
||||||
#define XaceCensorImage(...) { ; }
|
#define XaceCensorImage(...) { ; }
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -119,12 +119,12 @@ ProcRotateProperties(ClientPtr client)
|
||||||
char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i],
|
char action = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, atoms[i],
|
||||||
SecurityReadAccess|SecurityWriteAccess);
|
SecurityReadAccess|SecurityWriteAccess);
|
||||||
|
|
||||||
if (!ValidAtom(atoms[i]) || (SecurityErrorOperation == action)) {
|
if (!ValidAtom(atoms[i]) || (XaceErrorOperation == action)) {
|
||||||
DEALLOCATE_LOCAL(props);
|
DEALLOCATE_LOCAL(props);
|
||||||
client->errorValue = atoms[i];
|
client->errorValue = atoms[i];
|
||||||
return BadAtom;
|
return BadAtom;
|
||||||
}
|
}
|
||||||
if (SecurityIgnoreOperation == action) {
|
if (XaceIgnoreOperation == action) {
|
||||||
DEALLOCATE_LOCAL(props);
|
DEALLOCATE_LOCAL(props);
|
||||||
return Success;
|
return Success;
|
||||||
}
|
}
|
||||||
|
|
@ -226,10 +226,10 @@ ProcChangeProperty(ClientPtr client)
|
||||||
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
||||||
SecurityWriteAccess))
|
SecurityWriteAccess))
|
||||||
{
|
{
|
||||||
case SecurityErrorOperation:
|
case XaceErrorOperation:
|
||||||
client->errorValue = stuff->property;
|
client->errorValue = stuff->property;
|
||||||
return BadAtom;
|
return BadAtom;
|
||||||
case SecurityIgnoreOperation:
|
case XaceIgnoreOperation:
|
||||||
return Success;
|
return Success;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -495,10 +495,10 @@ ProcGetProperty(ClientPtr client)
|
||||||
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
||||||
access_mode))
|
access_mode))
|
||||||
{
|
{
|
||||||
case SecurityErrorOperation:
|
case XaceErrorOperation:
|
||||||
client->errorValue = stuff->property;
|
client->errorValue = stuff->property;
|
||||||
return BadAtom;;
|
return BadAtom;;
|
||||||
case SecurityIgnoreOperation:
|
case XaceIgnoreOperation:
|
||||||
return NullPropertyReply(client, pProp->type, pProp->format, &reply);
|
return NullPropertyReply(client, pProp->type, pProp->format, &reply);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -649,10 +649,10 @@ ProcDeleteProperty(register ClientPtr client)
|
||||||
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, stuff->property,
|
||||||
SecurityDestroyAccess))
|
SecurityDestroyAccess))
|
||||||
{
|
{
|
||||||
case SecurityErrorOperation:
|
case XaceErrorOperation:
|
||||||
client->errorValue = stuff->property;
|
client->errorValue = stuff->property;
|
||||||
return BadAtom;;
|
return BadAtom;;
|
||||||
case SecurityIgnoreOperation:
|
case XaceIgnoreOperation:
|
||||||
return Success;
|
return Success;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue