diff --git a/Xext/shm.c b/Xext/shm.c index 427cf1b4e..1e236cc51 100644 --- a/Xext/shm.c +++ b/Xext/shm.c @@ -997,7 +997,7 @@ ProcPanoramiXShmCreatePixmap(ClientPtr client) stuff->offset); if (pMap) { - result = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, + result = XaceHookResourceAccess(client, stuff->pid, X11_RESTYPE_PIXMAP, pMap, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (result != Success) { pDraw->pScreen->DestroyPixmap(pMap); @@ -1112,7 +1112,7 @@ ProcShmCreatePixmap(ClientPtr client) shmdesc->addr + stuff->offset); if (pMap) { - rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, X11_RESTYPE_PIXMAP, + rc = XaceHookResourceAccess(client, stuff->pid, X11_RESTYPE_PIXMAP, pMap, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (rc != Success) { pDraw->pScreen->DestroyPixmap(pMap); diff --git a/Xext/xace.c b/Xext/xace.c index 71e43f254..726d0190a 100644 --- a/Xext/xace.c +++ b/Xext/xace.c @@ -62,13 +62,21 @@ XaceHookSelectionAccess(ClientPtr client, Selection ** ppSel, Mask access_mode) return rec.status; } +int XaceHookResourceAccess(ClientPtr client, XID id, RESTYPE rtype, void *res, + RESTYPE ptype, void *parent, Mask access_mode) +{ + XaceResourceAccessRec rec = { client, id, rtype, res, ptype, parent, + access_mode, Success }; + CallCallbacks(&XaceHooks[XACE_RESOURCE_ACCESS], &rec); + return rec.status; +} + /* Entry point for hook functions. Called by Xserver. */ int XaceHook(int hook, ...) { union { - XaceResourceAccessRec res; XaceDeviceAccessRec dev; XaceSendAccessRec send; XaceReceiveAccessRec recv; @@ -93,18 +101,6 @@ XaceHook(int hook, ...) * sets calldata directly to a single argument (with no return result) */ switch (hook) { - case XACE_RESOURCE_ACCESS: - u.res.client = va_arg(ap, ClientPtr); - u.res.id = va_arg(ap, XID); - u.res.rtype = va_arg(ap, RESTYPE); - u.res.res = va_arg(ap, void *); - u.res.ptype = va_arg(ap, RESTYPE); - u.res.parent = va_arg(ap, void *); - u.res.access_mode = va_arg(ap, Mask); - - u.res.status = Success; /* default allow */ - prv = &u.res.status; - break; case XACE_DEVICE_ACCESS: u.dev.client = va_arg(ap, ClientPtr); u.dev.dev = va_arg(ap, DeviceIntPtr); diff --git a/Xext/xace.h b/Xext/xace.h index 841ea82a7..ff3ce8404 100644 --- a/Xext/xace.h +++ b/Xext/xace.h @@ -78,6 +78,10 @@ int XaceHookPropertyAccess(ClientPtr ptr, WindowPtr pWin, PropertyPtr *ppProp, Mask access_mode); int XaceHookSelectionAccess(ClientPtr ptr, Selection ** ppSel, Mask access_mode); +/* needs to be exported for in-tree modsetting, but not part of public API */ +_X_EXPORT int XaceHookResourceAccess(ClientPtr client, XID id, RESTYPE rtype, void *res, + RESTYPE ptype, void *parent, Mask access_mode); + /* Register a callback for a given hook. */ #define XaceRegisterCallback(hook,callback,data) \ diff --git a/composite/compext.c b/composite/compext.c index 62bce26e7..d0e4e0bfa 100644 --- a/composite/compext.c +++ b/composite/compext.c @@ -252,7 +252,7 @@ ProcCompositeNameWindowPixmap(ClientPtr client) return BadMatch; /* security creation/labeling check */ - rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pixmap, X11_RESTYPE_PIXMAP, + rc = XaceHookResourceAccess(client, stuff->pixmap, X11_RESTYPE_PIXMAP, pPixmap, X11_RESTYPE_WINDOW, pWin, DixCreateAccess); if (rc != Success) return rc; @@ -306,7 +306,7 @@ ProcCompositeGetOverlayWindow(ClientPtr client) return BadAlloc; } - rc = XaceHook(XACE_RESOURCE_ACCESS, client, cs->pOverlayWin->drawable.id, + rc = XaceHookResourceAccess(client, cs->pOverlayWin->drawable.id, X11_RESTYPE_WINDOW, cs->pOverlayWin, X11_RESTYPE_NONE, NULL, DixGetAttrAccess); if (rc != Success) { @@ -828,7 +828,7 @@ PanoramiXCompositeGetOverlayWindow(ClientPtr client) return BadAlloc; } - rc = XaceHook(XACE_RESOURCE_ACCESS, client, + rc = XaceHookResourceAccess(client, cs->pOverlayWin->drawable.id, X11_RESTYPE_WINDOW, cs->pOverlayWin, X11_RESTYPE_NONE, NULL, DixGetAttrAccess); diff --git a/dbe/midbe.c b/dbe/midbe.c index eb6057748..0b3b25ade 100644 --- a/dbe/midbe.c +++ b/dbe/midbe.c @@ -169,9 +169,9 @@ miDbeAllocBackBufferName(WindowPtr pWin, XID bufId, int swapAction) } /* Security creation/labeling check. */ - rc = XaceHook(XACE_RESOURCE_ACCESS, serverClient, bufId, - dbeDrawableResType, pDbeWindowPriv->pBackBuffer, - X11_RESTYPE_WINDOW, pWin, DixCreateAccess); + rc = XaceHookResourceAccess(serverClient, bufId, dbeDrawableResType, + pDbeWindowPriv->pBackBuffer, X11_RESTYPE_WINDOW, + pWin, DixCreateAccess); /* Make the back pixmap a DBE drawable resource. */ if (rc != Success || !AddResource(bufId, dbeDrawableResType, diff --git a/dix/colormap.c b/dix/colormap.c index ec787349f..0673c68d7 100644 --- a/dix/colormap.c +++ b/dix/colormap.c @@ -379,7 +379,7 @@ CreateColormap(Colormap mid, ScreenPtr pScreen, VisualPtr pVisual, /* * Security creation/labeling check */ - i = XaceHook(XACE_RESOURCE_ACCESS, clients[client], mid, X11_RESTYPE_COLORMAP, + i = XaceHookResourceAccess(clients[client], mid, X11_RESTYPE_COLORMAP, pmap, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (i != Success) { FreeResource(mid, X11_RESTYPE_NONE); diff --git a/dix/cursor.c b/dix/cursor.c index 13678b9f0..94f1c044f 100644 --- a/dix/cursor.c +++ b/dix/cursor.c @@ -279,7 +279,7 @@ AllocARGBCursor(unsigned char *psrcbits, unsigned char *pmaskbits, pCurs->id = cid; /* security creation/labeling check */ - rc = XaceHook(XACE_RESOURCE_ACCESS, client, cid, X11_RESTYPE_CURSOR, + rc = XaceHookResourceAccess(client, cid, X11_RESTYPE_CURSOR, pCurs, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (rc != Success) goto error; @@ -459,7 +459,7 @@ AllocGlyphCursor(Font source, unsigned sourceChar, Font mask, unsigned maskChar, pCurs->id = cid; /* security creation/labeling check */ - rc = XaceHook(XACE_RESOURCE_ACCESS, client, cid, X11_RESTYPE_CURSOR, + rc = XaceHookResourceAccess(client, cid, X11_RESTYPE_CURSOR, pCurs, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (rc != Success) goto error; diff --git a/dix/dispatch.c b/dix/dispatch.c index fee0f171c..b3a759ee4 100644 --- a/dix/dispatch.c +++ b/dix/dispatch.c @@ -1518,7 +1518,7 @@ ProcCreatePixmap(ClientPtr client) pMap->drawable.serialNumber = NEXT_SERIAL_NUMBER; pMap->drawable.id = stuff->pid; /* security creation/labeling check */ - rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, X11_RESTYPE_PIXMAP, + rc = XaceHookResourceAccess(client, stuff->pid, X11_RESTYPE_PIXMAP, pMap, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (rc != Success) { (*pDraw->pScreen->DestroyPixmap) (pMap); diff --git a/dix/events.c b/dix/events.c index 2d07bf406..dfc53958c 100644 --- a/dix/events.c +++ b/dix/events.c @@ -4531,7 +4531,7 @@ EventSelectForWindow(WindowPtr pWin, ClientPtr client, Mask mask) } check = (mask & ManagerMask); if (check) { - rc = XaceHook(XACE_RESOURCE_ACCESS, client, pWin->drawable.id, + rc = XaceHookResourceAccess(client, pWin->drawable.id, X11_RESTYPE_WINDOW, pWin, X11_RESTYPE_NONE, NULL, DixManageAccess); if (rc != Success) return rc; diff --git a/dix/gc.c b/dix/gc.c index 24444f49a..b0011127d 100644 --- a/dix/gc.c +++ b/dix/gc.c @@ -549,7 +549,7 @@ CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, int *pStatus, } /* security creation/labeling check */ - *pStatus = XaceHook(XACE_RESOURCE_ACCESS, client, gcid, X11_RESTYPE_GC, pGC, + *pStatus = XaceHookResourceAccess(client, gcid, X11_RESTYPE_GC, pGC, X11_RESTYPE_NONE, NULL, DixCreateAccess | DixSetAttrAccess); if (*pStatus != Success) goto out; diff --git a/dix/resource.c b/dix/resource.c index f6fa42247..e9c6e0149 100644 --- a/dix/resource.c +++ b/dix/resource.c @@ -1223,7 +1223,7 @@ dixLookupResourceByType(void **result, XID id, RESTYPE rtype, return resourceTypes[rtype & TypeMask].errorValue; if (client) { - cid = XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, + cid = XaceHookResourceAccess(client, id, res->type, res->value, X11_RESTYPE_NONE, NULL, mode); if (cid == BadValue) return resourceTypes[rtype & TypeMask].errorValue; @@ -1258,7 +1258,7 @@ dixLookupResourceByClass(void **result, XID id, RESTYPE rclass, return BadValue; if (client) { - cid = XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, + cid = XaceHookResourceAccess(client, id, res->type, res->value, X11_RESTYPE_NONE, NULL, mode); if (cid != Success) return cid; diff --git a/dix/window.c b/dix/window.c index 3534ff19b..dc005caf9 100644 --- a/dix/window.c +++ b/dix/window.c @@ -638,7 +638,7 @@ CreateRootWindow(ScreenPtr pScreen) /* security creation/labeling check */ - if (XaceHook(XACE_RESOURCE_ACCESS, serverClient, pWin->drawable.id, + if (XaceHookResourceAccess(serverClient, pWin->drawable.id, X11_RESTYPE_WINDOW, pWin, X11_RESTYPE_NONE, NULL, DixCreateAccess)) return FALSE; @@ -867,7 +867,7 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w, /* security creation/labeling check */ - *error = XaceHook(XACE_RESOURCE_ACCESS, client, wid, X11_RESTYPE_WINDOW, pWin, + *error = XaceHookResourceAccess(client, wid, X11_RESTYPE_WINDOW, pWin, X11_RESTYPE_WINDOW, pWin->parent, DixCreateAccess | DixSetAttrAccess); if (*error != Success) { @@ -1115,7 +1115,7 @@ DestroySubwindows(WindowPtr pWin, ClientPtr client) */ UnmapSubwindows(pWin); while (pWin->lastChild) { - int rc = XaceHook(XACE_RESOURCE_ACCESS, client, + int rc = XaceHookResourceAccess(client, pWin->lastChild->drawable.id, X11_RESTYPE_WINDOW, pWin->lastChild, X11_RESTYPE_NONE, NULL, DixDestroyAccess); @@ -1397,7 +1397,7 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client) goto PatchUp; } if (val == xTrue) { - rc = XaceHook(XACE_RESOURCE_ACCESS, client, pWin->drawable.id, + rc = XaceHookResourceAccess(client, pWin->drawable.id, X11_RESTYPE_WINDOW, pWin, X11_RESTYPE_NONE, NULL, DixGrabAccess); if (rc != Success) { error = rc; @@ -2664,7 +2664,7 @@ MapWindow(WindowPtr pWin, ClientPtr client) return Success; /* general check for permission to map window */ - if (XaceHook(XACE_RESOURCE_ACCESS, client, pWin->drawable.id, X11_RESTYPE_WINDOW, + if (XaceHookResourceAccess(client, pWin->drawable.id, X11_RESTYPE_WINDOW, pWin, X11_RESTYPE_NONE, NULL, DixShowAccess) != Success) return Success; diff --git a/dri3/dri3_request.c b/dri3/dri3_request.c index b6128659c..4af72034d 100644 --- a/dri3/dri3_request.c +++ b/dri3/dri3_request.c @@ -239,7 +239,7 @@ proc_dri3_pixmap_from_buffer(ClientPtr client) pixmap->drawable.id = stuff->pixmap; /* security creation/labeling check */ - rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pixmap, X11_RESTYPE_PIXMAP, + rc = XaceHookResourceAccess(client, stuff->pixmap, X11_RESTYPE_PIXMAP, pixmap, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (rc != Success) { @@ -503,7 +503,7 @@ proc_dri3_pixmap_from_buffers(ClientPtr client) pixmap->drawable.id = stuff->pixmap; /* security creation/labeling check */ - rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pixmap, X11_RESTYPE_PIXMAP, + rc = XaceHookResourceAccess(client, stuff->pixmap, X11_RESTYPE_PIXMAP, pixmap, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (rc != Success) { diff --git a/glx/glxcmds.c b/glx/glxcmds.c index 651e8d39b..64dcd6b81 100644 --- a/glx/glxcmds.c +++ b/glx/glxcmds.c @@ -1395,7 +1395,7 @@ DoCreatePbuffer(ClientPtr client, int screenNum, XID fbconfigId, if (!pPixmap) return BadAlloc; - err = XaceHook(XACE_RESOURCE_ACCESS, client, glxDrawableId, X11_RESTYPE_PIXMAP, + err = XaceHookResourceAccess(client, glxDrawableId, X11_RESTYPE_PIXMAP, pPixmap, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (err != Success) { (*pGlxScreen->pScreen->DestroyPixmap) (pPixmap); diff --git a/render/animcur.c b/render/animcur.c index e736e4c24..c1d32e9b0 100644 --- a/render/animcur.c +++ b/render/animcur.c @@ -336,7 +336,7 @@ AnimCursorCreate(CursorPtr *cursors, CARD32 *deltas, int ncursor, /* security creation/labeling check */ if (ac->timer) - rc = XaceHook(XACE_RESOURCE_ACCESS, client, cid, X11_RESTYPE_CURSOR, pCursor, + rc = XaceHookResourceAccess(client, cid, X11_RESTYPE_CURSOR, pCursor, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (rc != Success) { diff --git a/render/picture.c b/render/picture.c index 45498b093..3c0da91cd 100644 --- a/render/picture.c +++ b/render/picture.c @@ -760,7 +760,7 @@ CreatePicture(Picture pid, pPicture->format = pFormat->format | (pDrawable->bitsPerPixel << 24); /* security creation/labeling check */ - *error = XaceHook(XACE_RESOURCE_ACCESS, client, pid, PictureType, pPicture, + *error = XaceHookResourceAccess(client, pid, PictureType, pPicture, X11_RESTYPE_PIXMAP, pDrawable, DixCreateAccess | DixSetAttrAccess); if (*error != Success) goto out; diff --git a/render/render.c b/render/render.c index d43c4cf4b..e6ace92a9 100644 --- a/render/render.c +++ b/render/render.c @@ -929,7 +929,7 @@ ProcRenderCreateGlyphSet(ClientPtr client) if (!glyphSet) return BadAlloc; /* security creation/labeling check */ - rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->gsid, GlyphSetType, + rc = XaceHookResourceAccess(client, stuff->gsid, GlyphSetType, glyphSet, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (rc != Success) return rc; @@ -1862,7 +1862,7 @@ ProcRenderCreateSolidFill(ClientPtr client) if (!pPicture) return error; /* security creation/labeling check */ - error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType, + error = XaceHookResourceAccess(client, stuff->pid, PictureType, pPicture, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (error != Success) return error; @@ -1901,7 +1901,7 @@ ProcRenderCreateLinearGradient(ClientPtr client) if (!pPicture) return error; /* security creation/labeling check */ - error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType, + error = XaceHookResourceAccess(client, stuff->pid, PictureType, pPicture, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (error != Success) return error; @@ -1941,7 +1941,7 @@ ProcRenderCreateRadialGradient(ClientPtr client) if (!pPicture) return error; /* security creation/labeling check */ - error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType, + error = XaceHookResourceAccess(client, stuff->pid, PictureType, pPicture, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (error != Success) return error; @@ -1980,7 +1980,7 @@ ProcRenderCreateConicalGradient(ClientPtr client) if (!pPicture) return error; /* security creation/labeling check */ - error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType, + error = XaceHookResourceAccess(client, stuff->pid, PictureType, pPicture, X11_RESTYPE_NONE, NULL, DixCreateAccess); if (error != Success) return error; diff --git a/xfixes/cursor.c b/xfixes/cursor.c index 51c7b3010..85aa272a7 100644 --- a/xfixes/cursor.c +++ b/xfixes/cursor.c @@ -373,7 +373,7 @@ ProcXFixesGetCursorImage(ClientPtr client) pCursor = CursorForClient(client); if (!pCursor) return BadCursor; - rc = XaceHook(XACE_RESOURCE_ACCESS, client, pCursor->id, X11_RESTYPE_CURSOR, + rc = XaceHookResourceAccess(client, pCursor->id, X11_RESTYPE_CURSOR, pCursor, X11_RESTYPE_NONE, NULL, DixReadAccess); if (rc != Success) return rc; @@ -522,7 +522,7 @@ ProcXFixesGetCursorImageAndName(ClientPtr client) pCursor = CursorForClient(client); if (!pCursor) return BadCursor; - rc = XaceHook(XACE_RESOURCE_ACCESS, client, pCursor->id, X11_RESTYPE_CURSOR, + rc = XaceHookResourceAccess(client, pCursor->id, X11_RESTYPE_CURSOR, pCursor, X11_RESTYPE_NONE, NULL, DixReadAccess | DixGetAttrAccess); if (rc != Success) return rc;