From e40cc5305bec656108077ab13fcc8e6e82b3707a Mon Sep 17 00:00:00 2001
From: Eamon Walsh <ewalsh@tycho.nsa.gov>
Date: Wed, 27 Feb 2008 22:29:15 -0500
Subject: [PATCH] xselinux: Don't throw BadAccess if DixUnknownAccess is passed
 in to a hook.

The avc will still appear, however, so that the callsite can be fixed.
---
 Xext/xselinux.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index d3fe86b3a..6862bb304 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -312,6 +312,8 @@ SELinuxDoCheck(SELinuxSubjectRec *subj, SELinuxObjectRec *obj,
 
     if (avc_has_perm(subj->sid, obj->sid, class, mode, &subj->aeref,
 		     auditdata) < 0) {
+	if (mode == DixUnknownAccess)
+	    return Success; /* DixUnknownAccess requests OK ... for now */
 	if (errno == EACCES)
 	    return BadAccess;
 	ErrorF("ServerPerm: unexpected error %d\n", errno);