xace: drop map-window checking hook, add new hooks for controlling the

delivery of events to windows and clients. This is tentative. It's likely that an additional last-resort hook will be necessary for code that calls TryClientEvents or WriteEventsToClient directly. It's also possible that new xace machinery will be necessary to classify events and pull useful resource ID's out of them. The failure case also needs some thinking through. Should event delivery "succeed" or should it report undeliverable? Finally, XKB appears to call WriteToClient to pass events. Sigh.
2007-08-29 14:16:46 -04:00 · 2007-08-29 14:16:46 -04:00 · e39694789e
parent 41355a53c2
commit e39694789e
5 changed files with 75 additions and 25 deletions
--- a/Xext/xace.c
+++ b/Xext/xace.c
@ -113,10 +113,25 @@ int XaceHook(int hook, ...)
 	    prv = &rec.status;
 	    break;
 	}
-	case XACE_MAP_ACCESS: {
-	    XaceMapAccessRec rec = {
+	case XACE_SEND_ACCESS: {
+	    XaceSendAccessRec rec = {
+		va_arg(ap, ClientPtr),
+		va_arg(ap, DeviceIntPtr),
+		va_arg(ap, WindowPtr),
+		va_arg(ap, xEventPtr),
+		va_arg(ap, int),
+		Success /* default allow */
+	    };
+	    calldata = &rec;
+	    prv = &rec.status;
+	    break;
+	}
+	case XACE_RECEIVE_ACCESS: {
+	    XaceReceiveAccessRec rec = {
 		va_arg(ap, ClientPtr),
 		va_arg(ap, WindowPtr),
+		va_arg(ap, xEventPtr),
+		va_arg(ap, int),
 		Success /* default allow */
 	    };
 	    calldata = &rec;
--- a/Xext/xace.h
+++ b/Xext/xace.h
@ -46,18 +46,19 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #define XACE_DEVICE_ACCESS		3
 #define XACE_PROPERTY_ACCESS		4
 #define XACE_DRAWABLE_ACCESS		5
-#define XACE_MAP_ACCESS			6
-#define XACE_CLIENT_ACCESS		7
-#define XACE_EXT_ACCESS			8
-#define XACE_SERVER_ACCESS		9
-#define XACE_SELECTION_ACCESS		10
-#define XACE_SCREEN_ACCESS		11
-#define XACE_SCREENSAVER_ACCESS		12
-#define XACE_AUTH_AVAIL			13
-#define XACE_KEY_AVAIL			14
-#define XACE_AUDIT_BEGIN		15
-#define XACE_AUDIT_END			16
-#define XACE_NUM_HOOKS			17
+#define XACE_SEND_ACCESS		6
+#define XACE_RECEIVE_ACCESS		7
+#define XACE_CLIENT_ACCESS		8
+#define XACE_EXT_ACCESS			9
+#define XACE_SERVER_ACCESS		10
+#define XACE_SELECTION_ACCESS		11
+#define XACE_SCREEN_ACCESS		12
+#define XACE_SCREENSAVER_ACCESS		13
+#define XACE_AUTH_AVAIL			14
+#define XACE_KEY_AVAIL			15
+#define XACE_AUDIT_BEGIN		16
+#define XACE_AUDIT_END			17
+#define XACE_NUM_HOOKS			18

 extern CallbackListPtr XaceHooks[XACE_NUM_HOOKS];

--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@ -70,12 +70,24 @@ typedef struct {
    int status;
 } XaceDrawableAccessRec;

-/* XACE_MAP_ACCESS */
+/* XACE_SEND_ACCESS */
+typedef struct {
+    ClientPtr client;
+    DeviceIntPtr dev;
+    WindowPtr pWin;
+    xEventPtr events;
+    int count;
+    int status;
+} XaceSendAccessRec;
+
+/* XACE_RECEIVE_ACCESS */
 typedef struct {
    ClientPtr client;
    WindowPtr pWin;
+    xEventPtr events;
+    int count;
    int status;
-} XaceMapAccessRec;
+} XaceReceiveAccessRec;

 /* XACE_CLIENT_ACCESS */
 typedef struct {
--- a/dix/events.c
+++ b/dix/events.c
@ -1753,8 +1753,10 @@ DeliverEventsToWindow(WindowPtr pWin, xEvent *pEvents, int count,
 	if (filter != CantBeFiltered &&
 	    !((wOtherEventMasks(pWin)|pWin->eventMask) & filter))
 	    return 0;
-	if ( (attempt = TryClientEvents(wClient(pWin), pEvents, count,
-				      pWin->eventMask, filter, grab)) )
+	if (XaceHook(XACE_RECEIVE_ACCESS, wClient(pWin), pWin, pEvents, count))
+	    nondeliveries--;
+	else if ( (attempt = TryClientEvents(wClient(pWin), pEvents, count,
+					     pWin->eventMask, filter, grab)) )
 	{
 	    if (attempt > 0)
 	    {
@ -1781,7 +1783,10 @@ DeliverEventsToWindow(WindowPtr pWin, xEvent *pEvents, int count,
 	    other = (InputClients *)wOtherClients(pWin);
 	for (; other; other = other->next)
 	{
-	    if ( (attempt = TryClientEvents(rClient(other), pEvents, count,
+	    if (XaceHook(XACE_RECEIVE_ACCESS, rClient(other), pWin, pEvents,
+			 count))
+		nondeliveries--;
+	    else if ( (attempt = TryClientEvents(rClient(other), pEvents, count,
 					  other->mask[mskidx], filter, grab)) )
 	    {
 		if (attempt > 0)
@ -1878,6 +1883,8 @@ MaybeDeliverEventsToClient(WindowPtr pWin, xEvent *pEvents,
 	    return XineramaTryClientEventsResult(
 			wClient(pWin), NullGrab, pWin->eventMask, filter);
 #endif
+	if (XaceHook(XACE_RECEIVE_ACCESS, wClient(pWin), pWin, pEvents, count))
+	    return 0;
 	return TryClientEvents(wClient(pWin), pEvents, count,
 			       pWin->eventMask, filter, NullGrab);
    }
@ -1892,6 +1899,9 @@ MaybeDeliverEventsToClient(WindowPtr pWin, xEvent *pEvents,
 	      return XineramaTryClientEventsResult(
 			rClient(other), NullGrab, other->mask, filter);
 #endif
+	    if (XaceHook(XACE_RECEIVE_ACCESS, rClient(other), pWin, pEvents,
+			 count))
+		return 0;
 	    return TryClientEvents(rClient(other), pEvents, count,
 				   other->mask, filter, NullGrab);
 	}
@ -1986,6 +1996,9 @@ DeliverDeviceEvents(WindowPtr pWin, xEvent *xE, GrabPtr grab,
    Mask filter = filters[type];
    int deliveries = 0;

+    if (XaceHook(XACE_SEND_ACCESS, NULL, dev, pWin, xE, count))
+	return 0;
+
    if (type & EXTENSION_EVENT_BASE)
    {
 	OtherInputMasks *inputMasks;
@ -2829,6 +2842,8 @@ DeliverFocusedEvent(DeviceIntPtr keybd, xEvent *xE, WindowPtr window, int count)
 	    return;
    }
    /* just deliver it to the focus window */
+    if (XaceHook(XACE_SEND_ACCESS, NULL, keybd, focus, xE, count))
+	return;
    FixUpEventFromWindow(xE, focus, None, FALSE);
    if (xE->u.u.type & EXTENSION_EVENT_BASE)
 	mskidx = keybd->id;
@ -2877,9 +2892,12 @@ DeliverGrabbedEvent(xEvent *xE, DeviceIntPtr thisDev,
    if (!deliveries)
    {
 	FixUpEventFromWindow(xE, grab->window, None, TRUE);
-	deliveries = TryClientEvents(rClient(grab), xE, count,
-				     (Mask)grab->eventMask,
-				     filters[xE->u.u.type], grab);
+	if (!XaceHook(XACE_SEND_ACCESS, thisDev, grab->window, xE, count) &&
+	    !XaceHook(XACE_RECEIVE_ACCESS, rClient(grab), grab->window, xE,
+		      count))
+	    deliveries = TryClientEvents(rClient(grab), xE, count,
+					 (Mask)grab->eventMask,
+					 filters[xE->u.u.type], grab);
 	if (deliveries && (xE->u.u.type == MotionNotify
 #ifdef XINPUT
 			   || xE->u.u.type == DeviceMotionNotify
@ -4530,6 +4548,9 @@ ProcSendEvent(ClientPtr client)
    {
 	for (;pWin; pWin = pWin->parent)
 	{
+	    if (XaceHook(XACE_SEND_ACCESS, client, NULL, pWin,
+			 &stuff->event, 1))
+		return Success;
 	    if (DeliverEventsToWindow(pWin, &stuff->event, 1, stuff->eventMask,
 				      NullGrab, 0))
 		return Success;
@ -4540,7 +4561,7 @@ ProcSendEvent(ClientPtr client)
 		break;
 	}
    }
-    else
+    else if (!XaceHook(XACE_SEND_ACCESS, client, NULL, pWin, &stuff->event, 1))
 	(void)DeliverEventsToWindow(pWin, &stuff->event, 1, stuff->eventMask,
 				    NullGrab, 0);
    return Success;
--- a/dix/window.c
+++ b/dix/window.c
@ -2744,8 +2744,9 @@ MapWindow(WindowPtr pWin, ClientPtr client)
 	return(Success);

    /*  general check for permission to map window */
-    if (XaceHook(XACE_MAP_ACCESS, client, pWin) != Success)
-	 return Success;
+    if (XaceHook(XACE_RESOURCE_ACCESS, client, pWin->drawable.id, RT_WINDOW,
+		 DixShowAccess, pWin) != Success)
+	return Success;

    pScreen = pWin->drawable.pScreen;
    if ( (pParent = pWin->parent) )