cc76ea6e3a 
								
							 
						 
						
							
							
								
								XACE: Add generic support for property and selection polyinstantiation.  
							
							
							
						 
						
							2008-02-29 18:01:37 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								34bf308a9e 
								
							 
						 
						
							
							
								
								dix: Refactoring of selection code to allow for polyinstantiation.  
							
							... 
							
							
							
							Introduces dixLookupSelection() API.
Removes NumCurrentSelections from API. 
							
						 
						
							2008-02-29 18:01:37 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								d04ea267a4 
								
							 
						 
						
							
							
								
								xselinux: Don't require device "read" permission for XQueryPointer.  
							
							... 
							
							
							
							These keyboard and pointer state polling calls are a real problem. 
							
						 
						
							2008-02-28 21:53:16 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								3fb17a3e64 
								
							 
						 
						
							
							
								
								xselinux: Log messages to both libaudit and Xorg.0.log.  
							
							
							
						 
						
							2008-02-28 21:52:57 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								27bcf40cda 
								
							 
						 
						
							
							
								
								XACE: Fix instances of DixUnknownAccess at hook callsites.  
							
							
							
						 
						
							2008-02-28 16:43:43 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								f616735f17 
								
							 
						 
						
							
							
								
								xselinux: Prefix a few remaining error messages with "SELinux".  
							
							
							
						 
						
							2008-02-27 22:48:29 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								e40cc5305b 
								
							 
						 
						
							
							
								
								xselinux: Don't throw BadAccess if DixUnknownAccess is passed in to a hook.  
							
							... 
							
							
							
							The avc will still appear, however, so that the callsite can be fixed. 
							
						 
						
							2008-02-27 22:48:28 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								3f0681fb0b 
								
							 
						 
						
							
							
								
								xselinux: Stub out selection protocol requests.  
							
							
							
						 
						
							2008-02-26 23:14:29 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								4632ea2258 
								
							 
						 
						
							
							
								
								xselinux: Rip out the selection code in advance of polyinstantiation support.  
							
							... 
							
							
							
							This resolves an issue where BadWindow errors were being thrown. 
							
						 
						
							2008-02-26 22:00:52 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								c8e979b3b8 
								
							 
						 
						
							
							
								
								security: Register resource names in the server-side name registry.  
							
							
							
						 
						
							2008-02-26 21:36:46 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								ee21aba6be 
								
							 
						 
						
							
							
								
								Fix Xinerama's consolidated visual handling.  
							
							... 
							
							
							
							Formerly the code claimed it could only handle up to 256 visuals, which
was true.  Also true, but not explicitly stated, was that it could only
handle visuals with VID < 256.  If you have enough screens, and subsystems
that add lots of visuals, you can easily run off the end.  (Made worse
because we allocate visual IDs from the same pool as XIDs.)  If your app
then chooses a visual > 256, then the Xinerama code would throw BadMatch
on CreateColormap and your app wouldn't start.
With this change, PanoramiXVisualTable is gone.  Other subsystems that
were using it as a translation table between each screen's visuals now
use a PanoramiXTranslateVisual() helper. 
							
						 
						
							2008-02-22 15:19:54 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								f343265a28 
								
							 
						 
						
							
							
								
								XACE: Make the default window background state configurable per-window.  
							
							... 
							
							
							
							To recap: the original XC-SECURITY extension disallowed background "None" if
the window was untrusted.  XACE 1.0 preserved this check as a hook function.
XACE pre-2.0 removed the hook and first abolished background "None entirely,
then restored it as a global on/off switch in response to Bug #13683 .
Now it's back to being per-window, via a flag instead of a hook function. 
							
						 
						
							2008-02-20 15:59:40 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								4573cb2ce4 
								
							 
						 
						
							
							
								
								security: Revise set of permissions granted to untrusted clients.  
							
							... 
							
							
							
							Bug #14480 : untrusted access broken on 7.3. 
							
						 
						
							2008-02-13 20:20:49 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								e99aadbc26 
								
							 
						 
						
							
							
								
								xselinux: Add use to permission map for devices.  
							
							
							
						 
						
							2008-02-13 20:20:49 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								f3b3b37ec6 
								
							 
						 
						
							
							
								
								Use strerror instead of errno values in user strings.  
							
							
							
						 
						
							2008-02-14 07:52:02 +11:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								62cfe88638 
								
							 
						 
						
							
							
								
								Redact all mention of PanoramiX from user strings.  
							
							
							
						 
						
							2008-02-14 07:11:14 +11:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								0d492b2166 
								
							 
						 
						
							
							
								
								XACE: Move the selection access hook to its own function.  
							
							
							
						 
						
							2008-02-12 19:59:10 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								31934132a4 
								
							 
						 
						
							
							
								
								xselinux: Use the device name in debugging output.  
							
							
							
						 
						
							2008-02-07 16:32:06 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								6dcb7d732b 
								
							 
						 
						
							
							
								
								xselinux: Split devPrivate state into subject and object records.  
							
							
							
						 
						
							2008-02-07 16:00:52 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								2259b144f0 
								
							 
						 
						
							
							
								
								xselinux: Add getattr and setattr to the permission map for properties.  
							
							
							
						 
						
							2008-02-07 14:35:02 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								5c30327275 
								
							 
						 
						
							
							
								
								XACE: Push the dix "structure" includes down to the security modules.  
							
							
							
						 
						
							2008-02-05 21:06:05 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								bb1a577a68 
								
							 
						 
						
							
							
								
								XACE: Move the property access hook to its own function.  
							
							
							
						 
						
							2008-02-05 20:07:08 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								e915a26397 
								
							 
						 
						
							
							
								
								xselinux: Move the extension to extmod instead of being built-in.  
							
							
							
						 
						
							2008-01-25 19:22:19 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								f6a78ee143 
								
							 
						 
						
							
							
								
								XACE: Remove the extension code entirely, XACE is completely static now.  
							
							
							
						 
						
							2008-01-25 18:04:10 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								7724c30a75 
								
							 
						 
						
							
							
								
								XACE: Stop using fake requestVectors in favor of a simple hook call.  
							
							
							
						 
						
							2008-01-25 17:28:17 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								f82329b081 
								
							 
						 
						
							
							
								
								XACE: Don't need to actually register a protocol extension.  
							
							
							
						 
						
							2008-01-25 16:20:46 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								46794d0c96 
								
							 
						 
						
							
							
								
								xselinux: Rename SelectionManager to more generic SecurityManager.  
							
							
							
						 
						
							2008-01-24 19:49:13 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								6ffeecabb7 
								
							 
						 
						
							
							
								
								xselinux: Use a privileged bit in the state instead of passing an index  
							
							... 
							
							
							
							to the permission checking function. 
							
						 
						
							2008-01-24 18:11:49 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								7ba8e97cba 
								
							 
						 
						
							
							
								
								xselinux: Implement "get context" protocol requests.  
							
							
							
						 
						
							2008-01-24 19:09:58 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								f0bf9a5231 
								
							 
						 
						
							
							
								
								xselinux: Whitespace fixups.  
							
							
							
						 
						
							2008-01-24 19:02:35 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								be6c17fcf9 
								
							 
						 
						
							
							
								
								CVE-2007-6429: Always test for size+offset wrapping.  
							
							
							
						 
						
							2008-01-21 16:13:21 +01:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								e9fa7c1c88 
								
							 
						 
						
							
							
								
								CVE-2007-6429: Don't spuriously reject <8bpp shm pixmaps.  
							
							... 
							
							
							
							Move size validation after depth validation, and only validate size if
the bpp of the pixmap format is > 8.  If bpp < 8 then we're already
protected from overflow by the width and height checks. 
							
						 
						
							2008-01-18 14:41:20 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								6de61f8272 
								
							 
						 
						
							
							
								
								Fix for CVE-2007-6429 - MIT-SHM and EVI extensions integer overflows.  
							
							
							
						 
						
							2008-01-17 15:28:42 +01:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								7dc1717ff0 
								
							 
						 
						
							
							
								
								Fix for CVE-2007-6428 - TOG-cup extension memory corruption.  
							
							
							
						 
						
							2008-01-17 15:28:03 +01:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								e46f6ddecc 
								
							 
						 
						
							
							
								
								Yet another Xv extension byte swapping fix.  
							
							
							
						 
						
							2008-01-16 14:24:22 +01:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								6844bd2e63 
								
							 
						 
						
							
							
								
								More Xv extension byte swapping fixes  
							
							
							
						 
						
							2008-01-09 19:52:00 -08:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								c31aead0fe 
								
							 
						 
						
							
							
								
								[Kdrive] make XCalibrate 'orientation aware'  
							
							
							
						 
						
							2008-01-08 12:31:47 +01:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								39cb782f28 
								
							 
						 
						
							
							
								
								XACE: DeleteCallbackList zeroes out its argument so don't do it twice.  
							
							
							
						 
						
							2008-01-03 23:17:06 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								cd0603c2dc 
								
							 
						 
						
							
							
								
								Bug  #13765 : Heap corruption in XC-SECURITY extension code.  
							
							
							
						 
						
							2008-01-03 21:41:02 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								17a9714a67 
								
							 
						 
						
							
							
								
								Bug  #13794 : Update MBE extension devPrivates to new interface.  
							
							
							
						 
						
							2008-01-03 14:46:54 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								dfd682b582 
								
							 
						 
						
							
							
								
								X.Org bug 4947/Sun bug 6646626: Xv extension not byte-swapping properly  
							
							... 
							
							
							
							X.Org Bugzilla #4947  <https://bugs.freedesktop.org/show_bug.cgi?id=4947 >
Sun bug 6646626 <http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6646626 >
Don't use swapped data after swapping it.   When done swapping data,
send the swapped data, not the address of the pointer to it, to the client. 
							
						 
						
							2008-01-02 19:27:22 -08:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								3b23dd9fd4 
								
							 
						 
						
							
							
								
								xselinux: Fix whitespace warnings.  
							
							
							
						 
						
							2007-12-28 13:29:45 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								643c52be32 
								
							 
						 
						
							
							
								
								xselinux: Remove "X" prefix on remaining functions and strings.  
							
							... 
							
							
							
							Should be evident from the context. 
							
						 
						
							2007-12-28 13:27:28 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								f4bc333fc1 
								
							 
						 
						
							
							
								
								xselinux: don't FatalError on an invalid class mapping, just disable support.  
							
							
							
						 
						
							2007-12-28 13:27:28 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								f3780ece52 
								
							 
						 
						
							
							
								
								xselinux: Implement swapped protocol request logic.  
							
							
							
						 
						
							2007-12-28 13:27:28 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								1bbf64ab11 
								
							 
						 
						
							
							
								
								xselinux: Remove unnecessary structure definition.  
							
							
							
						 
						
							2007-12-28 13:27:28 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								743008a481 
								
							 
						 
						
							
							
								
								Report serverClient resources in the X-Resource extension.  
							
							
							
						 
						
							2007-12-23 14:27:14 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								1393a97ea9 
								
							 
						 
						
							
							
								
								xselinux: Send AVC messages to audit system instead of log file/stderr.  
							
							
							
						 
						
							2007-12-20 16:23:49 -05:00 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								66b00029e5 
								
							 
						 
						
							
							
								
								Xext: remove redefinition of Bool.  
							
							... 
							
							
							
							Thanks to Simon Thum. 
							
						 
						
							2007-12-19 18:11:32 +10:30 
							 
					 
				
					
						
							
							
								 
						
							
							
							
							
								
							
							
								51fab1eb30 
								
							 
						 
						
							
							
								
								Sun bug 6278039: Xevie checking wrong size in swapped XevieSelectInput requests  
							
							... 
							
							
							
							<http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6278039 > 
							
						 
						
							2007-12-18 11:40:09 -08:00