Re: Subject: [PATCH 1/1] XSELinux: When SELinux is enabled the xserver seg faults
Hi,
Looks good to me, although I thought this was handled at the callsites. I
guess some callsites have been added or changed that pass in the special
ID's.
Acked-by: Eamon Walsh
On Tue, Jun 12, 2012 at 9:49 AM, Richard Haines <
richard_c_hai...@btinternet.com> wrote:
> This patch was created using xorg-server-1.12.0 source.
>
> When using Fedora 17 with xorg-server-1.12.0 and SELinux is enabled
> ('setsebool xserver_object_manager on') the xserver will not load. The X
> log file has a seg fault pointing to XACE/SELinux. Bug 50641 was raised
> (https://bugs.freedesktop.org/show_bug.cgi?id=50641). The patch below is a
> possible fix.
>
> The bug is caused by X calling XaceHook(XACE_DEVICE_ACCESS, client, ...)
> with a device ID of '1' that is XIAllMasterDevices. It would also happen
> if the device ID = 0 (XIAllDevices).
>
> The only places currently seen calling with a device id=1 are:
> GrabKey - in Xi/exevents.c and AddPassiveGrabToList - in dix/grabs.c
> These start life in ProcXIPassiveGrabDevice (in Xi/xipassivegrab.c) that
> has been called by XIGrabKeycode.
>
> The patch has been tested using the other XI calls that would also impact
> this: XIGrabTouchBegin, XIGrabButton, XIGrabFocusIn and XIGrabEnter with
> and without the correct permissions (grab and freeze) with no problems.
>
> Both possible classes have to be checked (x_keyboard and x_pointer) as it
> is not known whether it is a pointer or keyboard as this info is not
> available. To get this info would require a change to the
> XaceHook(XACE_DEVICE_ACCESS, client, ..) call to pass an additional
> parameter stating the actual devices (that would defeat the objective of
> the XIAllMasterDevices and XIAllDevices dev ids).
>
> Note that there are other devices apart from the keyboard and pointer, for
> example on the test system: DeviceID: 9 is the Integrated_Webcam_1.3M. As
> it is classed as a slave keyboard it is checked.
>
> Signed-off-by: Richard Haines
> ---
> Xext/xselinux_hooks.c | 44 +++-
> 1 file changed, 39 insertions(+), 5 deletions(-)
>
> diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
> index 0d4c9ab..c2b21d6 100644
> --- a/Xext/xselinux_hooks.c
> +++ b/Xext/xselinux_hooks.c
> @@ -336,9 +336,17 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused,
> pointer calldata)
> SELinuxAuditRec auditdata = { .client = rec->client, .dev = rec->dev };
> security_class_t cls;
> int rc;
> +DeviceIntPtr dev = NULL;
> +int i = 0;
>
> subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
> -obj = dixLookupPrivate(&rec->dev->devPrivates, objectKey);
> + /*
> +* The XIAllMasterDevices or XIAllDevices do not have devPrivates
> +* entries. Therefore dixLookupPrivate for the object is done later
> +* for these device IDs.
> +*/
> + if (rec->dev->id != XIAllDevices && rec->dev->id !=
> XIAllMasterDevices)
> + obj = dixLookupPrivate(&rec->dev->devPrivates, objectKey);
>
> /* If this is a new object that needs labeling, do it now */
> if (rec->access_mode & DixCreateAccess) {
> @@ -356,12 +364,38 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused,
> pointer calldata)
>}
> }
>
> -cls = IsPointerDevice(rec->dev) ? SECCLASS_X_POINTER :
> SECCLASS_X_KEYBOARD;
> -rc = SELinuxDoCheck(subj, obj, cls, rec->access_mode, &auditdata);
> -if (rc != Success)
> - rec->status = rc;
> + if (rec->dev->id != XIAllDevices && rec->dev->id !=
> XIAllMasterDevices) {
> + cls = IsPointerDevice(rec->dev) ? SECCLASS_X_POINTER :
> SECCLASS_X_KEYBOARD;
> + rc = SELinuxDoCheck(subj, obj, cls, rec->access_mode,
> &auditdata);
> + if (rc != Success)
> + rec->status = rc;
> + return;
> + } else {
> + /*
> +* Device ID must be 0 or 1
> +* We have to check both possible classes as we don't know
> whether it
> +* was a pointer or keyboard. Therefore all devices are
> checked for:
> +* rec->dev->id == XIAllDevices
> +* and only masters for:
> +* rec->dev->id == XIAllMasterDevices
> +*
> +* An error is returned should any device fail
> SELinuxDoCheck
> +*/
> + for (dev = inputInfo.devices; dev; dev = dev->next, i++) {
> + if (!IsMaster(dev)
Re: [PATCH] xselinux: Fix GetDrawableContext
Reviewed-by: Eamon Walsh This should go as a bugfix on release branches; I'll take care of that after it goes in. Thanks! On 01/20/2011 11:01 PM, Adam Jackson wrote: > M_DRAWABLE_PIXMAP is the lookup mask to dixLookupDrawable, and _not_ the > type value in the drawable itself. > > Signed-off-by: Adam Jackson > --- > Xext/xselinux_ext.c |6 ++ > 1 files changed, 2 insertions(+), 4 deletions(-) > > diff --git a/Xext/xselinux_ext.c b/Xext/xselinux_ext.c > index 93c1b59..374571c 100644 > --- a/Xext/xselinux_ext.c > +++ b/Xext/xselinux_ext.c > @@ -231,13 +231,11 @@ ProcSELinuxGetDrawableContext(ClientPtr client) > REQUEST(SELinuxGetContextReq); > REQUEST_SIZE_MATCH(SELinuxGetContextReq); > > -rc = dixLookupDrawable(&pDraw, stuff->id, client, > -M_WINDOW | M_DRAWABLE_PIXMAP, > -DixGetAttrAccess); > +rc = dixLookupDrawable(&pDraw, stuff->id, client, 0, DixGetAttrAccess); > if (rc != Success) > return rc; > > -if (pDraw->type == M_DRAWABLE_PIXMAP) > +if (pDraw->type == DRAWABLE_PIXMAP) > privatePtr = &((PixmapPtr)pDraw)->devPrivates; > else > privatePtr = &((WindowPtr)pDraw)->devPrivates; -- Eamon Walsh National Security Agency ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
[PATCH 1.9] Add screens to the PRIVATE_XSELINUX set.
On 08/30/2010 04:37 PM, Eamon Walsh wrote:
> The SELinux extension does store a security label in the screen
> devPrivates. Fixes crash caused by overwriting another private.
>
> Signed-off-by: Eamon Walsh
> Reported-by: Justin Mattock
> ---
> dix/privates.c |1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/dix/privates.c b/dix/privates.c
> index ec818d4..17e1050 100644
> --- a/dix/privates.c
> +++ b/dix/privates.c
> @@ -71,6 +71,7 @@ static struct {
> } keys[PRIVATE_LAST];
>
> static const Bool xselinux_private[PRIVATE_LAST] = {
> +[PRIVATE_SCREEN] = TRUE,
> [PRIVATE_CLIENT] = TRUE,
> [PRIVATE_WINDOW] = TRUE,
> [PRIVATE_PIXMAP] = TRUE,
>
--
Eamon Walsh
National Security Agency
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
[PATCH 1.9] Fix property and selection devPrivate allocation.
On 08/23/2010 04:04 PM, Eamon Walsh wrote:
> Selection objects were not being allocated with privates, and both
> objects had a stray statement that zeroed out the devPrivates field.
>
> Signed-off-by: Eamon Walsh
> Reported-by: Justin Mattock
> ---
> dix/property.c |1 -
> dix/selection.c |3 +--
> 2 files changed, 1 insertions(+), 3 deletions(-)
>
> diff --git a/dix/property.c b/dix/property.c
> index 87e5c2d..1d4332a 100644
> --- a/dix/property.c
> +++ b/dix/property.c
> @@ -284,7 +284,6 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr
> pWin, Atom property,
> pProp->format = format;
> pProp->data = data;
> pProp->size = len;
> - pProp->devPrivates = NULL;
> rc = XaceHookPropertyAccess(pClient, pWin, &pProp,
> DixCreateAccess|DixWriteAccess);
> if (rc != Success) {
> diff --git a/dix/selection.c b/dix/selection.c
> index bae3a30..87ed1ab 100644
> --- a/dix/selection.c
> +++ b/dix/selection.c
> @@ -196,12 +196,11 @@ ProcSetSelectionOwner(ClientPtr client)
> /*
>* It doesn't exist, so add it...
>*/
> - pSel = malloc(sizeof(Selection));
> + pSel = dixAllocateObjectWithPrivates(Selection, PRIVATE_SELECTION);
> if (!pSel)
> return BadAlloc;
>
> pSel->selection = stuff->selection;
> - pSel->devPrivates = NULL;
>
> /* security creation/labeling check */
> rc = XaceHookSelectionAccess(client, &pSel,
>
--
Eamon Walsh
National Security Agency
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
[PATCH] Add screens to the PRIVATE_XSELINUX set.
The SELinux extension does store a security label in the screen
devPrivates. Fixes crash caused by overwriting another private.
Signed-off-by: Eamon Walsh
Reported-by: Justin Mattock
---
dix/privates.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/dix/privates.c b/dix/privates.c
index ec818d4..17e1050 100644
--- a/dix/privates.c
+++ b/dix/privates.c
@@ -71,6 +71,7 @@ static struct {
} keys[PRIVATE_LAST];
static const Bool xselinux_private[PRIVATE_LAST] = {
+[PRIVATE_SCREEN] = TRUE,
[PRIVATE_CLIENT] = TRUE,
[PRIVATE_WINDOW] = TRUE,
[PRIVATE_PIXMAP] = TRUE,
--
1.7.2.1
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
[PATCH] Fix property and selection devPrivate allocation.
Selection objects were not being allocated with privates, and both
objects had a stray statement that zeroed out the devPrivates field.
Signed-off-by: Eamon Walsh
Reported-by: Justin Mattock
---
dix/property.c |1 -
dix/selection.c |3 +--
2 files changed, 1 insertions(+), 3 deletions(-)
diff --git a/dix/property.c b/dix/property.c
index 87e5c2d..1d4332a 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -284,7 +284,6 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin,
Atom property,
pProp->format = format;
pProp->data = data;
pProp->size = len;
- pProp->devPrivates = NULL;
rc = XaceHookPropertyAccess(pClient, pWin, &pProp,
DixCreateAccess|DixWriteAccess);
if (rc != Success) {
diff --git a/dix/selection.c b/dix/selection.c
index bae3a30..87ed1ab 100644
--- a/dix/selection.c
+++ b/dix/selection.c
@@ -196,12 +196,11 @@ ProcSetSelectionOwner(ClientPtr client)
/*
* It doesn't exist, so add it...
*/
- pSel = malloc(sizeof(Selection));
+ pSel = dixAllocateObjectWithPrivates(Selection, PRIVATE_SELECTION);
if (!pSel)
return BadAlloc;
pSel->selection = stuff->selection;
- pSel->devPrivates = NULL;
/* security creation/labeling check */
rc = XaceHookSelectionAccess(client, &pSel,
--
1.7.2.1
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: Are we ready for X server 1.9?
On 08/23/2010 11:22 AM, Adam Jackson wrote: > On Fri, 2010-08-20 at 17:08 -0700, Keith Packard wrote: > > >> As for the midispcur bugs, I'd like to suggest that damage records lose >> their ability to hold private storage; it's not currently used >> anywhere. That's an ABI change though, so not suitable for 1.9 (or 1.9.1). >> > In the absence of XACE, Damages seem like Regions; I can't imagine > anything interesting a DDX subsystem would want to attach to a Damage. > > As a security question it's a little weirder. The thing you could do > there is selectively control which bits of damage are reported to the > listening client. I'm not sure that's a useful thing to constrain? > Maybe you want a more-secure app to be able to render over less-secure > apps without them knowing, but that's just a race you're going to lose > the next time the less-secure app redraws. Seems like what you really > want there is preventing rendering, not preventing knowing about > rendering; in which case all the information you need about whether to > allow a Damage to be created is there up-front and doesn't need a > devprivate. > > - ajax > I'm OK with taking out the damage devprivates. The dixLookupDrawable() calls in ProcDamageCreate and ProcDamageAdd check for client permission to touch the drawable (although not sure if the "read" and "write" access modes currently used are appropriate since it's not really reading or writing the drawable contents, as you note). The SELinux code doesn't even use the damage devPrivates right now because there is no offset registered in dix/privates.c for the damage type. dixLookupPrivateOffset() returns -1 which causes SELinux to fall back on the owning client's devPrivates instead. You don't want this for things like windows where you'd like to be able to have the window's security context be different from the client itself, but for damage resources it should be fine. -- Eamon Walsh National Security Agency ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: Are we ready for X server 1.9?
On 08/18/2010 04:27 PM, Keith Packard wrote: > I've pushed a couple more minor patches to master today, and I don't > have anything else sitting in my patchq. 1.9 is schedule for Friday, so > if you've got some critical (and well tested) bug-fixes, please let me > know so I can review them tomorrow for possible inclusion. > I'm getting a devPrivates assertion failure in SELinuxExtensionInit(): Xorg: privates.c:202: dixRegisterPrivateKey: Assertion `!keys[t].created' failed. Which is caused by the fact that pixmaps are being created early: #0 _dixInitPrivates (privates=0x99ba768, addr=0x99ba780, type=PRIVATE_PIXMAP) at privates.c:277 #1 0x0808710c in AllocatePixmap (pScreen=0x82f1d90, pixDataSize=4) at pixmap.c:127 #2 0x00769a94 in fbCreatePixmapBpp (pScreen=0x82f1d90, width=0, height=0, depth=8, bpp=8, usage_hint=268435456) at fbpixmap.c:53 #3 0x00769b9f in fbCreatePixmap (pScreen=0x82f1d90, width=0, height=0, depth=8, usage_hint=268435456) at fbpixmap.c:96 #4 0x002566eb in intel_uxa_create_pixmap (screen=0x82f1d90, w=1024, h=1024, depth=8, usage=268435456) at intel_uxa.c:935 #5 0x0026d783 in uxa_realize_glyph_caches (pScreen=0x82f1d90) at uxa-glyphs.c:162 #6 uxa_glyphs_init (pScreen=0x82f1d90) at uxa-glyphs.c:215 #7 0x00269d3d in uxa_resources_init (screen=0x82f1d90) at uxa.c:585 #8 0x0025364e in I830ScreenInit (scrnIndex=0, screen=0x82f1d90, argc=1, argv=0xbfda6bb4) at intel_driver.c:1019 #9 0x0806f48c in AddScreen (pfnInit=0x252e20 , argc=1, argv=0xbfda6bb4) at dispatch.c:3919 #10 0x080b5591 in InitOutput (pScreenInfo=0x81fdae0, argc=1, argv=0xbfda6bb4) at xf86Init.c:762 #11 0x08061fc5 in main (argc=1, argv=0xbfda6bb4, envp=0xbfda6bbc) at main.c:209 The pixmap type does not have a "fixup" function in privates.c to deal with already-allocated objects. So yeah, I don't have a patch for this atm, but it is a crasher. -- Eamon Walsh National Security Agency ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: Disabling XACE Extension (and other code build) by default
On 07/05/2010 09:21 AM, Vignatti Tiago (Nokia-MS/Helsinki) wrote: > On Sat, Jul 03, 2010 at 10:25:34PM +0200, ext Eamon Walsh wrote: > >> On 06/21/2010 09:52 AM, Tiago Vignatti wrote: >> >>> Last I remember, we want all possible build options set as on by default >>> just >>> to be sure the code they enable still being able to build after general >>> changes. Is that correct? >>> >>> --- >>> >>> Apart from that, is there a reason to have XACE enabled by default without >>> any >>> hook backend? This is how the server is being compiled now by default. >>> >> As long as the in-tree security extensions are disabled by default I >> think it should be OK to disable XACE by default as well. >> > Thanks for the answer, Eamon. > > So I disabled XACE here in my machine and now my static analyzer is accusing > ~100 pieces of deadcode. That's because we have XaceHook everywhere and, when > disabling the extension, this function will always return Success which makes > the subsequent "if (rc != Success)" useless. > > I took a look on the code and couldn't find a way to put this conditional > inside the XaceHook, when the extension is being used. Do you think there's an > easy way to do so? Do we really need to always check for value or this is just > a safety check? Or do you have an better idea? > > > Thank you, > Tiago > > When XACE is disabled, XaceHook turns into a macro for Success, not a function call that returns Success. The compiler should optimize out all the dead code. This seems like a pretty common idiom to me. I don't think the static analyzer should warn on stuff like this. -- Eamon Walsh National Security Agency ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: Disabling XACE Extension (and other code build) by default
On 06/21/2010 09:52 AM, Tiago Vignatti wrote: > Hi Eamon and all, > > Last I remember, we want all possible build options set as on by default just > to be sure the code they enable still being able to build after general > changes. Is that correct? > > --- > > Apart from that, is there a reason to have XACE enabled by default without any > hook backend? This is how the server is being compiled now by default. > > As long as the in-tree security extensions are disabled by default I think it should be OK to disable XACE by default as well. -- Eamon Walsh National Security Agency ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH] SecurityResource should not segfault when client owning resource has exited
On 06/03/2010 11:13 PM, Alan Coopersmith wrote:
> From: Sam Lau
>
> Fixes OpenSolaris bug 6949754:
> Xorg crashes when the magnifier is enabled at gdm login greeter window.
> http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6949754
>
> Signed-off-by: Alan Coopersmith
> ---
> Xext/security.c |8 +---
> 1 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/Xext/security.c b/Xext/security.c
> index e58ba10..4d496ad 100644
> --- a/Xext/security.c
> +++ b/Xext/security.c
> @@ -805,7 +805,6 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused,
> pointer calldata)
> Mask allowed = SecurityResourceMask;
>
> subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
> -obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey);
>
> /* disable background None for untrusted windows */
> if ((requested & DixCreateAccess) && (rec->rtype == RT_WINDOW))
> @@ -831,8 +830,11 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused,
> pointer calldata)
> allowed |= DixReadAccess;
> }
>
> -if (SecurityDoCheck(subj, obj, requested, allowed) == Success)
> - return;
> +if (clients[cid] != NULL) {
> + obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey);
> + if (SecurityDoCheck(subj, obj, requested, allowed) == Success)
> + return;
> +}
>
> SecurityAudit("Security: denied client %d access %x to resource 0x%x "
> "of client %d on request %s\n", rec->client->index,
>
Reviewed-by: Eamon Walsh
--
Eamon Walsh
National Security Agency
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
[PATCH] xselinux: Remove use of devPrivates init/free callbacks.
Commit eb9210097efea81065c301e5b6b4da7a566deb4a removed the
sidget/sidput calls which were the major reason for using the
callbacks. The remaining operations can be skipped or worked
around.
Signed-off-by: Eamon Walsh
---
Xext/xselinux_hooks.c | 47 ++-
Xext/xselinuxint.h|4 +++-
2 files changed, 5 insertions(+), 46 deletions(-)
diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
index 135992a..13e5243 100644
--- a/Xext/xselinux_hooks.c
+++ b/Xext/xselinux_hooks.c
@@ -151,12 +151,7 @@ SELinuxLabelClient(ClientPtr client)
if (bytes <= 0)
goto finish;
- subj->command = malloc(bytes);
- if (!subj->command)
- goto finish;
-
- memcpy(subj->command, path, bytes);
- subj->command[bytes - 1] = 0;
+ strncpy(subj->command, path, COMMAND_LEN - 1);
}
finish:
@@ -464,7 +459,7 @@ SELinuxExtension(CallbackListPtr *pcbl, pointer unused,
pointer calldata)
/* If this is a new object that needs labeling, do it now */
/* XXX there should be a separate callback for this */
-if (obj->sid == unlabeled_sid) {
+if (obj->sid == NULL) {
security_id_t sid;
serv = dixLookupPrivate(&serverClient->devPrivates, subjectKey);
@@ -809,39 +804,6 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer
unused, pointer calldata)
}
-/*
- * DevPrivates Callbacks
- */
-
-static void
-SELinuxSubjectInit(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
-PrivateCallbackRec *rec = calldata;
-SELinuxSubjectRec *subj = *rec->value;
-
-subj->sid = unlabeled_sid;
-
-avc_entry_ref_init(&subj->aeref);
-}
-
-static void
-SELinuxSubjectFree(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
-PrivateCallbackRec *rec = calldata;
-SELinuxSubjectRec *subj = *rec->value;
-
-free(subj->command);
-}
-
-static void
-SELinuxObjectInit(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
-PrivateCallbackRec *rec = calldata;
-SELinuxObjectRec *obj = *rec->value;
-
-obj->sid = unlabeled_sid;
-}
-
static int netlink_fd;
static void
@@ -953,11 +915,6 @@ SELinuxFlaskInit(void)
NULL);
/* Register callbacks */
-ret &= dixRegisterPrivateInitFunc(subjectKey, SELinuxSubjectInit, NULL);
-ret &= dixRegisterPrivateDeleteFunc(subjectKey, SELinuxSubjectFree, NULL);
-ret &= dixRegisterPrivateInitFunc(objectKey, SELinuxObjectInit, NULL);
-ret &= dixRegisterPrivateInitFunc(dataKey, SELinuxObjectInit, NULL);
-
ret &= AddCallback(&ClientStateCallback, SELinuxClientState, NULL);
ret &= AddCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
diff --git a/Xext/xselinuxint.h b/Xext/xselinuxint.h
index 854a57d..e5dbe11 100644
--- a/Xext/xselinuxint.h
+++ b/Xext/xselinuxint.h
@@ -36,6 +36,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
* Types
*/
+#define COMMAND_LEN 64
+
/* subject state (clients and devices only) */
typedef struct {
security_id_t sid;
@@ -46,7 +48,7 @@ typedef struct {
security_id_t sel_use_sid;
security_id_t prp_use_sid;
struct avc_entry_ref aeref;
-char *command;
+char command[COMMAND_LEN];
int privileged;
} SELinuxSubjectRec;
--
1.7.0.1
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH 1/4] CreateGC: Pass current client on to ChangeGC.
Reviewed-by: Eamon Walsh On 05/09/2010 01:56 AM, Jamey Sharp wrote: > Otherwise we can't check that the XIDs this GC is being initialized with > are accessible to this client. > > Signed-off-by: Jamey Sharp > Cc: Eamon Walsh > --- > dix/gc.c |2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/dix/gc.c b/dix/gc.c > index 86b1b67..bf21a70 100644 > --- a/dix/gc.c > +++ b/dix/gc.c > @@ -538,7 +538,7 @@ CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, > int *pStatus, > if (!(*pGC->pScreen->CreateGC)(pGC)) > *pStatus = BadAlloc; > else if (mask) > -*pStatus = ChangeGCXIDs(NullClient, pGC, mask, pval); > +*pStatus = ChangeGCXIDs(client, pGC, mask, pval); > else > *pStatus = Success; > > -- Eamon Walsh National Security Agency ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH 07/14] doPolyText needs UseAccess to each font, not ReadAccess.
Reviewed-by: Eamon Walsh
On 05/08/2010 07:39 PM, Jamey Sharp wrote:
> In commit 42d6112ec21949a336ee8b34469f2695273ee2d6, Eamon changed
> dixChangeGC to require DixUseAccess on any GCFont XID. I think
> doPolyText needs to require the same level of access. Otherwise
> dixChangeGC could fail when it does the same lookup, which doPolyText
> doesn't check for.
>
> Signed-off-by: Jamey Sharp
> Cc: Eamon Walsh
> ---
> dix/dixfonts.c |2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/dix/dixfonts.c b/dix/dixfonts.c
> index 6dc8193..313d085 100644
> --- a/dix/dixfonts.c
> +++ b/dix/dixfonts.c
> @@ -1235,7 +1235,7 @@ doPolyText(ClientPtr client, PTclosurePtr c)
>| ((Font)*(c->pElt+2)) << 16
>| ((Font)*(c->pElt+1)) << 24;
> err = dixLookupResourceByType((pointer *)&pFont, fid, RT_FONT,
> - client, DixReadAccess);
> + client, DixUseAccess);
> if (err != Success)
> {
> err = (err == BadValue) ? BadFont : err;
>
--
Eamon Walsh
National Security Agency
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: XSELinux and the new devPrivates
On 04/29/2010 05:48 PM, Keith Packard wrote: > Here are a few comments about how I see the new devPrivates scheme > working with XSELinux. Note that the current implementation is > sub-optimal when XSELinux is enabled -- the XSELinux private keys get > initialized late in the game and end up increasing the size of all of > the private records with big chunks of wasted space between their > highest other private index and the XSELinux private index. > Our mails crossed! I sent a lengthy reply to the original post. > The new privates scheme allows for some of the private keys to remain > 'global', useful in all objects with privates. That's how the old > private implementation worked, so this provides an obvious replication > of that functionality. > > It's not what XSELinux actually needs though. XSELinux uses privates in: > > client > window > pixmap > gc > cursor > colormap > device > extension > selection > property > > It doesn't need privates in > > screen > cursor_bits > dbe_screen > dbe_window > damage > glyph > glyphset > picture > SELinux does use the picture and glyphset privates. Any resource type with a devPrivates field and a registered offset (returned by dixLookupPrivateOffset) gets used in the resource lookup security hook (that gets called from dixLookupResource). I'd like any resource or object that can be named from client-space to have a devPrivates field and a security label. > So, the first obvious optimization is to simply not provide private > space for 'PRIVATE_ALL' in these objects. Renaming this > 'PRIVATE_XSELINUX' might be prudent though. > I guess, although hardcoding that set of object types into the core server doesn't seem ideal. Maybe there could be a way to register a key and then "add" new object types to it, causing the offsets to be recomputed to make it work? > The second optimization should be to sort the PRIVATE_ALL data below > all of the other private data. That way you'll get the shared > PRIVATE_ALL fields first in privates with the per-object data stacked on > top without any gaps. Because we've got pointers to every key, it should > be easy to adjust the offsets when a PRIVATE_ALL key is registered. It's > convenient that XSELinux doesn't need a screen private as that is the > only serious special case in the current privates code. > I think this is the big win. I didn't think it was possible, but if you can fiddle with the offsets to achieve this without affecting the caller I'm all for it. In my other mail I mentioned something about setting aside space at configure time. I still worry about stray objects getting created early in the initialization sequence before everything has had a chance to register. > Finally, the subjectKey is only needed in clients and devices, and in > each case the XSELinux code knows which object it is dealing with. So, > creating separate keys for each of those objects would save space in all > of the other objects. > Agreed. > With those changes, the XSELinux privates should be more efficient than > they are today. > > However, it seems like someone who can actually run the code should be > involved in the process. Should I code some stuff up and let others get > it working? Or just sit around waiting for someone else to submit fixes? > I will test as needed and change the SELinux code as required. -- Eamon Walsh National Security Agency ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: Fixing devPrivates
e in
> every object (like fb's GC private structure), just ask the privates
> code to allocate some space there. There are two exceptions to this
> rule -- screens and and the server client, each of which are
> allocated before most of the initialization code in the server is
> run.
>
ISTR all kinds of trouble calling dixFreePrivates(), and/or allocating
objects together with privates, because some objects were allocated or
freed deep in the guts of the DDX instead of in dix. I'm pretty sure it
was pixmaps that were the problem. Don't recall for sure, your code
seems to be a lot cleaner.
>
> 2) All DevPrivateKeys must be registered before any dynamic objects are
> created (anything but a screen or serverClient). This is required by
> the above optimization.
>
I'm worried about things like scratch/global objects created in
extension load functions before other extensions have had a chance to
load and register. For example, I thought the Composite overlay window
might be a problem (but it appears to be created as-needed). I guess
the assertion in the registration function will catch this if it does
happen.
>
> 3) The init/delete callbacks only work for PRIVATE_ALL keys. I'd love
> to figure out how to eliminate these completely as the only user
> is XSELinux. Note that because the storage for all of the indices
> is allocated when the object is created, the init callbacks will
> be called for every object, not just when the object has a label.
> I suggest that a good plan would be to limit the scope of
> PRIVATE_ALL to a subset of the objects in the server that are used
> by XSELinux (and perhaps rename it as well). That would reduce
> memory usage when XSELinux is enabled.
>
Recent changes to libselinux have made these callbacks less necessary.
They are now only used to free a string, which could be done in a
separate private, and to set a default security label of "unlabeled" on
everything, which should in theory always be updated to a real label
before being read.
I am willing to drop them entirely.
> 4) Fetching a devPrivate is now a very short operation:
>
> static inline void *
> dixGetPrivateAddr(PrivatePtr *privates, const DevPrivateKey key)
> {
> assert(key->initialized);
> return (char *) (*privates) + key->offset;
> }
>
> Because all of the storage is always available, it really is as
> simple as adding the 'offset' value to the devPrivates field in the
> object. Note that 'key' is likely to be the address of a global
> variable, so this reduces to a couple of fetches and an add. The
> other operations are similarly short and have become inlined.
>
Just a warning, making the lookup functions static inlines means that
the internal representation of the privates list becomes part of the
server ABI.
--
Eamon Walsh
National Security Agency
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: Fixing devPrivates
On 04/29/2010 01:20 PM, Keith Packard wrote: > On Thu, 29 Apr 2010 14:06:19 +0200, Matthias Hopf wrote: > >> On Apr 28, 10 23:59:06 -0700, Keith Packard wrote: >> >>> It's possible to adapt to this change with some very small adjustments >>> in your code; simply replace 'int' in the index variable declaration >>> with 'DevPrivateKeyRec' and make sure dixRegisterPrivateKey is called >>> (potentially replacing an existing call to dixRequestPrivate). The rest >>> of your code should work just fine. >>> >> I suggest that you have some sort of compile-time define available to >> determine the API type - in case some out-of-Xserver part (drivers?) >> wants to be backward compatible and support both APIs. >> > That's a good idea. I can add a #define to let drivers know that there's > a change in the DevPrivate API. Of course, they could check the ABI > version numbers while building, but having something specific to the > DevPrivate change would make things easier. > Some of the drivers do appear to use devPrivates, for example the sunleo driver (which I got into Big Trouble for breaking on the first go-round). Now there is code like: #define LEO_OLDPRIV (GET_ABI_MAJOR(ABI_VIDEODRV_VERSION) < 4) #if LEO_OLDPRIV #define LeoGetGCPrivate(g) (g)->devPrivates[LeoGCPrivateIndex].ptr #else #define LeoGetGCPrivate(g) dixLookupPrivate(&(g)->devPrivates, &LeoGCPrivateIndex) #endif So a new rev of devPrivates would involve adding another clause to these ifdefs. -- Eamon Walsh National Security Agency ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [ANNOUNCE] xorg-server 1.7.5.901
On 03/05/2010 11:45 AM, Dan Nicholson wrote:
> On Fri, Mar 5, 2010 at 8:15 AM, Alan Coopersmith
> wrote:
>
>> Dan Nicholson wrote:
>>
>>> Is X at least linked to the right libraries? If not, then I think what
>>> we need to do is add them Xext/libXextmodule.la. Something like the
>>> attached patch should work, but I'm not sure it's the right thing.
>>>
>>
I can confirm that libXext should be the only place that references
libselinux symbols.
I modified the patch to use "_LIBADD" instead of "_LIBS" (based on
Alan's example) and to remove SELINUX_LIBS from XSERVER_SYS_LIBS because
that should not be necessary with this fix.
Please review...hopefully this finally fixes the issues.
--
Eamon Walsh
National Security Agency
>From f1a3ef1976e9a690c8d6f8858e96cfee0bbb8914 Mon Sep 17 00:00:00 2001
From: Eamon Walsh
Date: Mon, 8 Mar 2010 16:33:37 -0500
Subject: [PATCH] Xext: Link to external libraries when necessary.
Although the DDX should be linked to the necessary libraries, we may
also need to pull them in directly to the module to ensure the symbols
are resolved at runtime. Should fix this bug with XSELINUX:
/usr/bin/X: symbol lookup error:
/usr/lib64/xorg/modules/extensions/libextmod.so: undefined symbol:
is_selinux_enabled
-v2: use _LIBADD instead of _LIBS; remove SELINUX_LIBS from
XSERVER_SYS_LIBS as it should only be needed in extmod.
Signed-off-by: Dan Nicholson
Signed-off-by: Eamon Walsh
---
Xext/Makefile.am |4
configure.ac |2 +-
2 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/Xext/Makefile.am b/Xext/Makefile.am
index 7287c4a..193d6e5 100644
--- a/Xext/Makefile.am
+++ b/Xext/Makefile.am
@@ -32,6 +32,7 @@ BUILTIN_SRCS = \
# Sources always included in libXextmodule.la & libXext.la. That's right, zero.
MODULE_SRCS =
+MODULE_LIBS =
# Optional sources included if extension enabled by configure.ac rules
@@ -83,6 +84,7 @@ endif
XSELINUX_SRCS = xselinux_ext.c xselinux_hooks.c xselinux_label.c xselinux.h xselinuxint.h
if XSELINUX
MODULE_SRCS += $(XSELINUX_SRCS)
+MODULE_LIBS += $(SELINUX_LIBS)
endif
# Security extension: multi-level security to protect clients from each other
@@ -119,11 +121,13 @@ endif
# Now take all of the above, mix well, bake for 10 minutes and get libXext*.la
libXext_la_SOURCES = $(BUILTIN_SRCS) $(MODULE_SRCS)
+libXext_la_LIBADD = $(MODULE_LIBS)
if XORG
libXextbuiltin_la_SOURCES = $(BUILTIN_SRCS)
libXextmodule_la_SOURCES = $(MODULE_SRCS)
+libXextmodule_la_LIBADD = $(MODULE_LIBS)
endif
EXTRA_DIST = \
diff --git a/configure.ac b/configure.ac
index 0579551..3e8ea10 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1432,7 +1432,7 @@ PKG_CHECK_MODULES([XSERVERLIBS], [$REQUIRED_LIBS])
#
XSERVER_CFLAGS="${XSERVER_CFLAGS} ${XSERVERCFLAGS_CFLAGS}"
XSERVER_LIBS="$DIX_LIB $CONFIG_LIB $MI_LIB $OS_LIB"
-XSERVER_SYS_LIBS="${XSERVERLIBS_LIBS} ${SYS_LIBS} ${LIBS} ${SELINUX_LIBS}"
+XSERVER_SYS_LIBS="${XSERVERLIBS_LIBS} ${SYS_LIBS} ${LIBS}"
AC_SUBST([XSERVER_LIBS])
AC_SUBST([XSERVER_SYS_LIBS])
--
1.7.0
___
xorg-devel mailing list
xorg-devel@lists.x.org
http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH 2/2] configure: move SELINUX_LIBS to XSERVER_SYS_LIBS
On 02/25/2010 08:44 PM, Peter Hutterer wrote:
> All ddxs require linking against selinux if enabled.
>
> Signed-off-by: Peter Hutterer
> ---
> configure.ac |4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/configure.ac b/configure.ac
> index 7d6944d..0579551 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -1432,7 +1432,7 @@ PKG_CHECK_MODULES([XSERVERLIBS], [$REQUIRED_LIBS])
> #
> XSERVER_CFLAGS="${XSERVER_CFLAGS} ${XSERVERCFLAGS_CFLAGS}"
> XSERVER_LIBS="$DIX_LIB $CONFIG_LIB $MI_LIB $OS_LIB"
> -XSERVER_SYS_LIBS="${XSERVERLIBS_LIBS} ${SYS_LIBS} ${LIBS}"
> +XSERVER_SYS_LIBS="${XSERVERLIBS_LIBS} ${SYS_LIBS} ${LIBS} ${SELINUX_LIBS}"
> AC_SUBST([XSERVER_LIBS])
> AC_SUBST([XSERVER_SYS_LIBS])
>
> @@ -1580,7 +1580,7 @@ if test "x$XORG" = xyes; then
> AC_CHECK_FUNCS([pci_device_vgaarb_init])
> LIBS=$SAVE_LIBS
> CFLAGS=$SAVE_CFLAGS
> - XORG_SYS_LIBS="$XORG_SYS_LIBS $PCIACCESS_LIBS $GLX_SYS_LIBS
> $SELINUX_LIBS"
> + XORG_SYS_LIBS="$XORG_SYS_LIBS $PCIACCESS_LIBS $GLX_SYS_LIBS"
> XORG_CFLAGS="$XORG_CFLAGS $PCIACCESS_CFLAGS"
>
> case $host_os in
>
Reviewed-by: Eamon Walsh
Both patches, please push.
___
xorg-devel mailing list
xorg-devel@lists.x.org
http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PULL] XACE and SELinux updates for master
On 02/04/2010 06:57 AM, Daniel Stone wrote: > On Wed, Feb 03, 2010 at 05:04:17PM -0800, Keith Packard wrote: > >> On Wed, 03 Feb 2010 16:39:26 -0500, Eamon Walsh wrote: >> >>> I chose option (3) and renamed the requests. The SELinux extension >>> doesn't have a traditional Xlib client side that needs to be changed, >>> only XCB support. I have an XCB patch ready to alias the old names. >>> >> Yeah, these seem good to me now. I know the kernel developers would like >> to see the patch sequence refactored so that the name changes occurred >> together, but I'm not sure I care that much as long as the final result >> looks good (and the intermediate versions build and run fine). >> > As long as it doesn't break bisecting, I guess. > > Cheers, > Daniel > All the patches will bisect OK. Feel free to cherry-pick out of my tree if you want to reorder them. Please merge soon though, because I need to backport the version bump to 1.7. -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PULL] XACE and SELinux updates for master
On 01/24/2010 03:20 PM, Keith Packard wrote: > On 01/06/2010 02:00 PM, Eamon Walsh wrote: > > >> xselinux: Allow SetWindowCreateContext to be used for pixmaps as well. >> > This is a fairly significant change in extension semantics, and as such > needs to be reflected throughout the stack, including an update to the > extension minor version so that applications can tell whether this > semantic is present in the X server. > > We've got several ways of doing this: > > 1) Create a new protocol request with the new semantics. > Bonus credit for reporting an error if an old client > uses the new request. > 2) Detect the client version and change semantic for new clients. > 3) Changing the semantic of the existing request. > > For the last two, we'll want to change the name of the request, library > interface and server internal bits and then provide aliases for old > libraries and clients. > Hi Keith, I chose option (3) and renamed the requests. The SELinux extension doesn't have a traditional Xlib client side that needs to be changed, only XCB support. I have an XCB patch ready to alias the old names. Please pull these updates into master. Thanks. The following changes are available in the git repository at: git://anongit.freedesktop.org/~ewalsh/xserver master Eamon Walsh (8): xselinux: Allow SetWindowCreateContext to be used for pixmaps as well. libselinux now has a pkgconfig file. Use it. Revert "Remove some debug messages that trigger on XACE event delivery failure." Don't print a failure message when XACE denies an input event delivery. xselinux: Remove reference counting calls for SID objects. xselinux: Allow GetWindowContext to be used for pixmaps as well. xselinux: Rename window-related requests that now support pixmaps. xselinux: Bump extension minor version. Xext/xselinux.h |8 ++-- Xext/xselinux_ext.c | 41 +++--- Xext/xselinux_hooks.c | 73 --- Xext/xselinux_label.c | 23 +- configure.ac| 11 ++- dix/events.c| 62 ++-- include/dix-config.h.in |2 - 7 files changed, 84 insertions(+), 136 deletions(-) ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PULL] XACE and SELinux updates for master
Ping? On 01/06/2010 02:00 PM, Eamon Walsh wrote: > Hi Keith, > > Please pull these updates into master. > > Thanks. > > > The following changes are available in the git repository at: > > git://anongit.freedesktop.org/~ewalsh/xserver master > > > Eamon Walsh (5): > xselinux: Allow SetWindowCreateContext to be used for pixmaps as well. > libselinux now has a pkgconfig file. Use it. > Revert "Remove some debug messages that trigger on XACE event delivery > failure." > Don't print a failure message when XACE denies an input event delivery. > xselinux: Remove reference counting calls for SID objects. > > Xext/xselinux_ext.c |5 +-- > Xext/xselinux_hooks.c | 73 > --- > Xext/xselinux_label.c | 23 +- > configure.ac| 11 ++- > dix/events.c| 62 ++-- > include/dix-config.h.in |2 - > 6 files changed, 58 insertions(+), 118 deletions(-) > > > -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
[PULL] XACE and SELinux updates for master
Hi Keith, Please pull these updates into master. Thanks. The following changes are available in the git repository at: git://anongit.freedesktop.org/~ewalsh/xserver master Eamon Walsh (5): xselinux: Allow SetWindowCreateContext to be used for pixmaps as well. libselinux now has a pkgconfig file. Use it. Revert "Remove some debug messages that trigger on XACE event delivery failure." Don't print a failure message when XACE denies an input event delivery. xselinux: Remove reference counting calls for SID objects. Xext/xselinux_ext.c |5 +-- Xext/xselinux_hooks.c | 73 --- Xext/xselinux_label.c | 23 +- configure.ac| 11 ++- dix/events.c| 62 ++-- include/dix-config.h.in |2 - 6 files changed, 58 insertions(+), 118 deletions(-) -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH 1/2] Properly un/rewrap CreateWindow
On 11/17/2009 07:58 PM, Daniel Stone wrote:
> On Tue, Nov 17, 2009 at 01:59:42PM -0500, Adam Jackson wrote:
>
>> static Bool
>> DUMMYCreateWindow(WindowPtr pWin)
>> {
>> DUMMYPtr dPtr = DUMMYPTR(DUMMYScrn);
>> WindowPtr pWinRoot;
>> int ret;
>> -
>> +
>> +pScreen->CreateWindow = dPtr->CreateWindow;
>> ret = dPtr->CreateWindow(pWin);
>> +pScreen->CreateWindow = DUMMYCreateWindow;
>> +
>> if(ret != TRUE)
>> return(ret);
>>
> Hm, is this canon? I thought the generally-accepted way to wrap would've
> been also to set dPtr->CreateWindow = pScreen->CreateWindow after
> calling the saved function, but I could be wrong.
>
> Cheers,
>
Also of note here:
dummy_driver.c: In function ‘DUMMYCreateWindow’:
dummy_driver.c:772: error: ‘pScreen’ undeclared (first use in this function)
dummy_driver.c:772: error: (Each undeclared identifier is reported only once
dummy_driver.c:772: error: for each function it appears in.)
--
Eamon Walsh
National Security Agency
___
xorg-devel mailing list
xorg-devel@lists.x.org
http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH 3/5] GetScreenSizeRange: Document funky return code in the header
On 11/09/2009 05:56 PM, Adam Jackson wrote: > > +/* despite returning a Status, this returns 1 for success */ > Status > XRRGetScreenSizeRange (Display *dpy, Window window, > int *minWidth, int *minHeight, > FWIW, I've noticed this is somewhat common in Xlib. Other functions that do this are XAllocColor, XSendEvent, XQueryTree, XGetTextProperty. -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: Hosed X server master & server-1.6 branches (fixed now)
On 10/29/2009 08:02 PM, Jesse Barnes wrote: > In an effort emphasize the wisdom of our new development model (well > actually because I'm an idiot) I just overwrote HEAD of both master and > server-1.6-branch. Fortunately airlied had the right objects in his > tree to correct things, so they're all fixed now. > > Morale: use private repos! push forced updates of remote branches > carefully! > > I'm going back to my hole now to whimper in a corner. > Keith, My patch series to server-1.6-branch seems to have gone missing as a result of this. Can you re-push it? Hopefully you don't have to do the rebase -i thing again. Thanks. -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
[PULL -v3] XACE and SELinux updates for server-1.6-branch
Hi Keith, Please pull these updates into server-1.6-branch. Thanks. The following changes are available in the git repository at: git://anongit.freedesktop.org/~ewalsh/xserver server-1.6-branch Eamon Walsh (9): xace: Fake return values on denials in input polling requests. xselinux: Stop special-casing QueryPointer access checks. xace: Relax permissions on XkbGetState from Read to Getattr. xselinux: switch from x_device to separate x_pointer and x_keyboard classes. xselinux: Note something in the log if disabled by boolean. xselinux: Allow SetWindowCreateContext to be used for pixmaps as well. dix: Export IsPointerDevice() and IsKeyboardDevice(). xselinux: Use the now-exported IsPointerDevice() instead of a copy. xselinux: Use a more informative message when disabled by boolean. Xext/xselinux.c | 25 + Xext/xselinux.h | 13 +++-- Xi/queryst.c| 14 +- dix/devices.c |5 - dix/events.c| 11 ++- include/dix.h |4 ++-- xkb/xkb.c |2 +- 7 files changed, 42 insertions(+), 32 deletions(-) -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PULL -v2] XACE and SELinux updates for server-1.6-branch
On 10/22/2009 08:12 PM, Keith Packard wrote: > Excerpts from Eamon Walsh's message of Fri Oct 16 06:36:58 +0900 2009: > > > >>xselinux: switch from x_device to separate x_pointer and x_keyboard >> classes. >> > This duplicates of IsPointerDevice -- please export the one from > dix/events.c and use that. I backported the two patches that fix this. > Also, should we back-port the patch for > devices that have valuators, no keys and no buttons? > I sent mail to Peter asking if it's OK to backport this. >>xselinux: Note something in the log if disabled by boolean. >> > 'disabled by boolean' seems like a cryptic message to me. > I changed this message to something hopefully more informative. >>xselinux: Allow SetWindowCreateContext to be used for pixmaps as well. >> > Are you going to fix the name of this request at some point? > > I'll fix this in master. I can't change the name outright but I can add a new request opcode with the proper name. Pull request will be sent once I hear about the IsPointerDevice() fix. -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
C99 types patch
On 10/05/2009 10:08 PM, Eric Anholt wrote: > On Mon, 2009-10-05 at 15:35 -0400, Adam Jackson wrote: > >> On Sun, 2009-10-04 at 12:08 +1100, Daniel Stone wrote: >> >>> On Fri, Oct 02, 2009 at 01:42:50PM -0700, Jamey Sharp wrote: >>> >>>> On 64-bit systems, int and pointers don't have the same size, so GCC gives >>>> warnings about casts between int and pointer types. However, in the cases >>>> covered by this patch, it's always a value that fits in int being stored >>>> temporarily as a pointer and then converted back later, which is safe. >>>> Casting through the pointer-sized integer type intptr_t convinces the >>>> compiler that this is OK. >>>> >>>> Signed-off-by: Jamey Sharp >>>> >>> Alan, Matthieu -- is this portable enough? >>> >> intptr_t is part of stdint.h in C99, but seems to also be in unistd.h in >> UNIX98, which is nearly universal by this point unlike C99. >> >> I would love love love to see us move entirely to stdint types instead >> of the mess we've got now. >> > Yes. Yes yes yes. > I have a patch sitting around that does this, guess I'll float it. The key file is x11proto/Xmd.h. Xdefs.h and X.h also have some redefinitions. I just moved what I could into Xmd.h since both other headers include it. The behavior in configure.ac is kind of naive. The proper solution probably involves some kind of Xmd.h.in file. --Eamon commit 5a8962bb85045eb3500a51ea2f30b21ac3dca51e Author: Eamon Walsh Date: Wed Oct 21 20:46:33 2009 -0400 Convert CARD32 and friends to use standard integer types. Requires stdint.h to be present and contain the C99 type definitions. Also moves some resource type definitions from X.h and Xdefs.h. diff --git a/X.h b/X.h index 5cf695d..5d8e849 100644 --- a/X.h +++ b/X.h @@ -53,59 +53,7 @@ SOFTWARE. #define X_PROTOCOL 11 /* current protocol version */ #define X_PROTOCOL_REVISION 0 /* current minor version */ -/* Resources */ - -/* - * _XSERVER64 must ONLY be defined when compiling X server sources on - * systems where unsigned long is not 32 bits, must NOT be used in - * client or library code. - */ -#ifndef _XSERVER64 -# ifndef _XTYPEDEF_XID -#define _XTYPEDEF_XID -typedef unsigned long XID; -# endif -# ifndef _XTYPEDEF_MASK -#define _XTYPEDEF_MASK -typedef unsigned long Mask; -# endif -# ifndef _XTYPEDEF_ATOM -#define _XTYPEDEF_ATOM -typedef unsigned long Atom; /* Also in Xdefs.h */ -# endif -typedef unsigned long VisualID; -typedef unsigned long Time; -#else -# include -# ifndef _XTYPEDEF_XID -#define _XTYPEDEF_XID -typedef CARD32 XID; -# endif -# ifndef _XTYPEDEF_MASK -#define _XTYPEDEF_MASK -typedef CARD32 Mask; -# endif -# ifndef _XTYPEDEF_ATOM -#define _XTYPEDEF_ATOM -typedef CARD32 Atom; -# endif -typedef CARD32 VisualID; -typedef CARD32 Time; -#endif - -typedef XID Window; -typedef XID Drawable; -#ifndef _XTYPEDEF_FONT -# define _XTYPEDEF_FONT -typedef XID Font; -#endif -typedef XID Pixmap; -typedef XID Cursor; -typedef XID Colormap; -typedef XID GContext; -typedef XID KeySym; - -typedef unsigned char KeyCode; +#include /* * RESERVED RESOURCE AND CONSTANT DEFINITIONS diff --git a/Xdefs.h b/Xdefs.h index 46ffdad..44c134b 100644 --- a/Xdefs.h +++ b/Xdefs.h @@ -28,72 +28,25 @@ authorization from The XFree86 Project Inc.. #ifndef _XDEFS_H #define _XDEFS_H -#ifdef _XSERVER64 #include -#endif - -#ifndef _XTYPEDEF_ATOM -# define _XTYPEDEF_ATOM -# ifndef _XSERVER64 -typedef unsigned long Atom; -# else -typedef CARD32 Atom; -# endif -#endif #ifndef Bool -# ifndef _XTYPEDEF_BOOL -# define _XTYPEDEF_BOOL typedef int Bool; -# endif #endif -#ifndef _XTYPEDEF_POINTER -# define _XTYPEDEF_POINTER typedef void *pointer; -#endif #ifndef _XTYPEDEF_CLIENTPTR typedef struct _Client *ClientPtr; # define _XTYPEDEF_CLIENTPTR #endif -#ifndef _XTYPEDEF_XID -# define _XTYPEDEF_XID -# ifndef _XSERVER64 -typedef unsigned long XID; -# else -typedef CARD32 XID; -# endif -#endif - -#ifndef _XTYPEDEF_MASK -# define _XTYPEDEF_MASK -# ifndef _XSERVER64 -typedef unsigned long Mask; -# else -typedef CARD32 Mask; -# endif -#endif - #ifndef _XTYPEDEF_FONTPTR # define _XTYPEDEF_FONTPTR typedef struct _Font *FontPtr; /* also in fonts/include/font.h */ #endif -#ifndef _XTYPEDEF_FONT -# define _XTYPEDEF_FONT -typedef XID Font; -#endif - -#ifndef _XTYPEDEF_FSID -# ifndef _XSERVER64 -typedef unsigned long FSID; -# else typedef CARD32 FSID; -# endif -#endif - typedef FSID AccContext; /* OS independent time value diff --git a/Xmd.h b/Xmd.h index f3868b3..0478213 100644 --- a/Xmd.h +++ b/Xmd.h @@ -49,6 +49,7 @@ SOFTWARE. /* * Xmd.h: MACHINE DEPENDE
[PULL -v3] XACE and SELinux updates for server-1.7-branch
Hi Peter, Please pull these updates into server-1.7-branch. Thanks. The following changes are available in the git repository at: git://anongit.freedesktop.org/~ewalsh/xserver server-1.7-branch Eamon Walsh (9): xace: Fake return values on denials in input polling requests. xselinux: Stop special-casing QueryPointer access checks. xace: Relax permissions on XkbGetState from Read to Getattr. xselinux: switch from x_device to separate x_pointer and x_keyboard classes. xselinux: Allow SetWindowCreateContext to be used for pixmaps as well. dix: Export IsPointerDevice() and IsKeyboardDevice(). xselinux: Use the now-exported IsPointerDevice() instead of a copy. xselinux: Note something in the log if disabled by boolean. Don't print a failure message when XACE denies an input event delivery. Xext/xselinux.c| 22 ++ Xext/xselinux.h| 45 -- Xi/queryst.c | 14 +++ Xi/xiquerydevice.c | 41 +++ Xi/xiquerydevice.h |8 -- dix/devices.c |5 +++- dix/events.c | 61 +-- include/dix.h |4 +- xkb/xkb.c |2 +- 9 files changed, 128 insertions(+), 74 deletions(-) ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PULL -v2] XACE and SELinux updates for server-1.7-branch
On 10/21/2009 09:36 PM, Peter Hutterer wrote:
> On Wed, Oct 21, 2009 at 09:07:40PM -0400, Eamon Walsh wrote:
>
>> Hi Peter,
>>
>> Please pull these updates into server-1.7-branch.
>>
>> Thanks.
>>
>>
>> The following changes are available in the git repository at:
>>
>> git://anongit.freedesktop.org/~ewalsh/xserver server-1.7-branch
>>
>> Eamon Walsh (9):
>> xace: Fake return values on denials in input polling requests.
>> xselinux: Stop special-casing QueryPointer access checks.
>> xace: Relax permissions on XkbGetState from Read to Getattr.
>> xselinux: switch from x_device to separate x_pointer and x_keyboard
>> classes.
>> xselinux: Allow SetWindowCreateContext to be used for pixmaps as well.
>> dix: Export IsPointerDevice() and IsKeyboardDevice().
>> xselinux: Use the now-exported IsPointerDevice() instead of a copy.
>> xselinux: Note something in the log if disabled by boolean.
>> Remove some debug messages that trigger on XACE event delivery failure.
>>
> I should have spotted this earlier but - the last patch is not quite
> optimal and the commit message makes it sound like a different issue.
>
> EventToXI can return BadMatch, BadAlloc and BadImplementation. Both of the
> latter are worth noting in the log file since things are expected to go bad
> if that happens EventToCore only returns BadMatch or BadImplementation on
> failure (in both cases, BadImplementation is logged anyway).
>
> The reason why XACE triggered these logs is because the if condition was
> joined. XACE doesn't modify rc either, so just reading this patch and the
> associated commit message is confusing.
>
> I think it'd be better to split the condition from the current
>
> if (rc == Success && XACE(...) == Success)
>
> to something like this
>
> if (rc == Success) {
> if (XACE == Success) {
> do stuff
> }
> } else {
> log message
> }
>
> any opinions?
>
> Cheers,
> Peter
>
You're right, removing the log message entirely is probably bad.
I rebased the branch, removing the previous commit and adding one that
does what you suggest.
Once I've tested it I'll send a -v3 pull request.
Also, I haven't forgotten about the plan to use internal events instead
of wire events in the XACE hook. I should get started on that soon.
--Eamon
___
xorg-devel mailing list
xorg-devel@lists.x.org
http://lists.x.org/mailman/listinfo/xorg-devel
[PULL -v2] XACE and SELinux updates for server-1.7-branch
Hi Peter, Please pull these updates into server-1.7-branch. Thanks. The following changes are available in the git repository at: git://anongit.freedesktop.org/~ewalsh/xserver server-1.7-branch Eamon Walsh (9): xace: Fake return values on denials in input polling requests. xselinux: Stop special-casing QueryPointer access checks. xace: Relax permissions on XkbGetState from Read to Getattr. xselinux: switch from x_device to separate x_pointer and x_keyboard classes. xselinux: Allow SetWindowCreateContext to be used for pixmaps as well. dix: Export IsPointerDevice() and IsKeyboardDevice(). xselinux: Use the now-exported IsPointerDevice() instead of a copy. xselinux: Note something in the log if disabled by boolean. Remove some debug messages that trigger on XACE event delivery failure. Xext/xselinux.c| 22 +++--- Xext/xselinux.h| 45 ++--- Xi/queryst.c | 14 +- Xi/xiquerydevice.c | 41 +++-- Xi/xiquerydevice.h |8 +--- dix/devices.c |5 - dix/events.c | 23 +-- include/dix.h |4 ++-- xkb/xkb.c |2 +- 9 files changed, 106 insertions(+), 58 deletions(-) ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
[PULL] XACE and SELinux updates for server-1.7-branch
Hi Peter, Please pull these updates into server-1.7-branch. Thanks. The following changes are available in the git repository at: git://anongit.freedesktop.org/~ewalsh/xserver server-1.7-branch Eamon Walsh (5): xace: Fake return values on denials in input polling requests. xselinux: Stop special-casing QueryPointer access checks. xace: Relax permissions on XkbGetState from Read to Getattr. xselinux: switch from x_device to separate x_pointer and x_keyboard classes. xselinux: Allow SetWindowCreateContext to be used for pixmaps as well. Xext/xselinux.c| 28 ++-- Xext/xselinux.h| 45 ++--- Xi/queryst.c | 14 +- Xi/xiquerydevice.c | 41 +++-- Xi/xiquerydevice.h |8 +--- dix/devices.c |5 - dix/events.c | 11 ++- xkb/xkb.c |2 +- 8 files changed, 108 insertions(+), 46 deletions(-) ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
[PULL -v2] XACE and SELinux updates for server-1.6-branch
Hi Keith, Please pull these updates into server-1.6-branch. Thanks. [Missed 1 commit on the first attempt -- sorry for the spam]. The following changes are available in the git repository at: git://anongit.freedesktop.org/~ewalsh/xserver server-1.6-branch Eamon Walsh (6): xace: Fake return values on denials in input polling requests. xselinux: Stop special-casing QueryPointer access checks. xace: Relax permissions on XkbGetState from Read to Getattr. xselinux: switch from x_device to separate x_pointer and x_keyboard classes. xselinux: Note something in the log if disabled by boolean. xselinux: Allow SetWindowCreateContext to be used for pixmaps as well. Xext/xselinux.c | 35 +++ Xext/xselinux.h | 13 +++-- Xi/queryst.c| 14 +- dix/devices.c |5 - dix/events.c| 11 ++- xkb/xkb.c |2 +- 6 files changed, 50 insertions(+), 30 deletions(-) -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
[PULL] XACE and SELinux updates for server-1.6-branch
Hi Keith, Please pull these updates into server-1.6-branch. Thanks. The following changes are available in the git repository at: git://anongit.freedesktop.org/~ewalsh/xserver server-1.6-branch Eamon Walsh (5): xace: Fake return values on denials in input polling requests. xselinux: Stop special-casing QueryPointer access checks. xace: Relax permissions on XkbGetState from Read to Getattr. xselinux: switch from x_device to separate x_pointer and x_keyboard classes. xselinux: Note something in the log if disabled by boolean. Xext/xselinux.c | 33 ++--- Xext/xselinux.h | 13 +++-- Xi/queryst.c| 14 +- dix/devices.c |5 - dix/events.c| 11 ++- xkb/xkb.c |2 +- 6 files changed, 49 insertions(+), 29 deletions(-) -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PULL] fixes and clean ups for alpha
On 10/13/2009 10:10 PM, Eamon Walsh wrote: > On 10/13/2009 09:45 PM, Daniel Stone wrote: > >> Hi, >> >> On Tue, Oct 13, 2009 at 09:24:49PM -0400, Matt Turner wrote: >> >> >>> Please pull these changes into master. I've gotten confirmation from >>> multiple users that they fix the xserver on alpha. >>> >>> >> Would these be useful for 1.6 as well? It looks like there might well be >> some use in 1.6.6, if we can fix XACE (Eamon?), XKB detectable >> autorepeat, and Alpha. >> >> >> > I do have some stuff I need to go in to 1.6. The tree at > fdo/~ewalsh/xserver has the patches for master, but I need to backport > for 1.6 since it touches some XI2 stuff. > > I'll get everything cleaned up and send the pull request tomorrow. > > [Restored Keith to cc] Once the pull request to master is approved, I'll post the changes for 1.6 on the wiki. It will be a relatively small patch, the code reshuffling will _not_ be nominated for 1.6.6 (or 1.7.1). -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
[PULL -v2] XACE and SELinux updates for master
Hi Keith, Please pull these updates into master. Thanks. The following changes are available in the git repository at: git://anongit.freedesktop.org/~ewalsh/xserver master Eamon Walsh (9): xselinux: refactor extension code into smaller files. xselinux: Factor out some dynamic array code into common helpers. xace: Fake return values on denials in input polling requests. xselinux: Stop special-casing QueryPointer access checks. xace: Relax permissions on XkbGetState from Read to Getattr. Remove some debug messages that trigger on XACE event delivery failure. xselinux: switch from x_device to separate x_pointer and x_keyboard classes. dix: Export IsPointerDevice() and IsKeyboardDevice(). xselinux: Use the now-exported IsPointerDevice() instead of a copy. Xext/Makefile.am |3 +- Xext/xselinux.c | 2070 - Xext/xselinux.h | 412 -- Xext/xselinux_ext.c | 729 + Xext/xselinux_hooks.c | 1030 Xext/xselinux_label.c | 381 + Xext/xselinuxint.h| 556 + Xi/queryst.c | 14 +- Xi/xiquerydevice.c| 41 +- Xi/xiquerydevice.h|8 +- dix/devices.c |5 +- dix/events.c | 23 +- include/dix.h |4 +- xkb/xkb.c |2 +- 14 files changed, 2759 insertions(+), 2519 deletions(-) -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PULL] XACE and SELinux updates for master
Hi Keith, Please pull these updates into master. Thanks. The following changes are available in the git repository at: git://anongit.freedesktop.org/~ewalsh/xserver master Eamon Walsh (9): xselinux: refactor extension code into smaller files. xselinux: Factor out some dynamic array code into common helpers. xace: Fake return values on denials in input polling requests. xselinux: Stop special-casing QueryPointer access checks. xace: Relax permissions on XkbGetState from Read to Getattr. Remove some debug messages that trigger on XACE event delivery failure. xselinux: switch from x_device to separate x_pointer and x_keyboard classes. dix: Export IsPointerDevice() and IsKeyboardDevice(). xselinux: Use the now-exported IsPointerDevice() instead of a copy. Xext/Makefile.am |3 +- Xext/xselinux.c | 2070 - Xext/xselinux.h | 412 -- Xext/xselinux_ext.c | 729 + Xext/xselinux_hooks.c | 1030 Xext/xselinux_label.c | 381 + Xext/xselinuxint.h| 556 + Xi/queryst.c | 14 +- Xi/xiquerydevice.c| 41 +- Xi/xiquerydevice.h|8 +- dix/devices.c |5 +- dix/events.c | 23 +- include/dix.h |4 +- xkb/xkb.c |2 +- 14 files changed, 2759 insertions(+), 2519 deletions(-) -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
[PULL] XACE and SELinux updates for master
Hi Keith, Please pull these updates into master. Thanks. The following changes are available in the git repository at: git://anongit.freedesktop.org/~ewalsh/xserver master Eamon Walsh (7): xselinux: refactor extension code into smaller files. xselinux: Factor out some dynamic array code into common helpers. xace: Fake return values on denials in input polling requests. xselinux: Stop special-casing QueryPointer access checks. xace: Relax permissions on XkbGetState from Read to Getattr. Remove some debug messages that trigger on XACE event delivery failure. xselinux: switch from x_device to separate x_pointer and x_keyboard classes. Xext/Makefile.am |3 +- Xext/xselinux.c | 2070 - Xext/xselinux.h | 412 -- Xext/xselinux_ext.c | 729 + Xext/xselinux_hooks.c | 1040 + Xext/xselinux_label.c | 381 + Xext/xselinuxint.h| 556 + Xi/queryst.c | 14 +- Xi/xiquerydevice.c| 41 +- Xi/xiquerydevice.h|8 +- dix/devices.c |5 +- dix/events.c | 23 +- xkb/xkb.c |2 +- 13 files changed, 2767 insertions(+), 2517 deletions(-) -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PULL] fixes and clean ups for alpha
On 10/13/2009 09:45 PM, Daniel Stone wrote: > Hi, > > On Tue, Oct 13, 2009 at 09:24:49PM -0400, Matt Turner wrote: > >> Please pull these changes into master. I've gotten confirmation from >> multiple users that they fix the xserver on alpha. >> > Would these be useful for 1.6 as well? It looks like there might well be > some use in 1.6.6, if we can fix XACE (Eamon?), XKB detectable > autorepeat, and Alpha. > > I do have some stuff I need to go in to 1.6. The tree at fdo/~ewalsh/xserver has the patches for master, but I need to backport for 1.6 since it touches some XI2 stuff. I'll get everything cleaned up and send the pull request tomorrow. -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH] dix: remove dixLookupResource - we don't have any users left.
This is fine with me, however, I know that the proprietary nvidia driver
does resource lookups so it's possible they might call this. Maybe
check with them to verify.
On 09/03/2009 11:23 PM, Peter Hutterer wrote:
> Signed-off-by: Peter Hutterer
> ---
> dix/deprecated.c | 18 --
> include/resource.h |8
> 2 files changed, 0 insertions(+), 26 deletions(-)
>
> diff --git a/dix/deprecated.c b/dix/deprecated.c
> index 8123886..21d0f57 100644
> --- a/dix/deprecated.c
> +++ b/dix/deprecated.c
> @@ -162,22 +162,4 @@ LookupIDByClass(XID id, RESTYPE classes)
> return val;
> }
>
> -/* replaced by dixLookupResourceBy{Type,Class} */
> -_X_EXPORT int
> -dixLookupResource (pointer *result, XID id, RESTYPE rtype,
> -ClientPtr client, Mask mode)
> -{
> -Bool istype = ((rtype& TypeMask)&& (rtype != RC_ANY)) || (rtype ==
> RT_NONE);
> -
> -static int warn = 1;
> -if (warn> 0&& --warn)
> - ErrorF("Warning: dixLookupResource() "
> -"is deprecated. Please convert your driver/module "
> -"to use dixLookupResourceByType/dixLookupResourceByClass().\n");
> -if (istype)
> - return dixLookupResourceByType (result, id, rtype, client, mode);
> -else
> - return dixLookupResourceByClass (result, id, rtype, client, mode);
> -}
> -
> /* end deprecated functions */
> diff --git a/include/resource.h b/include/resource.h
> index 774f81b..8ed4e56 100644
> --- a/include/resource.h
> +++ b/include/resource.h
> @@ -257,14 +257,6 @@ extern _X_EXPORT RESTYPE TypeMask;
> #define X_DEPRECATED
> #endif
>
> -/* replaced by dixLookupResourceByType or dixLookupResourceByClass */
> -extern int dixLookupResource(
> -pointer *result,
> -XID id,
> -RESTYPE rtype,
> -ClientPtr client,
> -Mask access_mode) X_DEPRECATED;
> -
> /* replaced by dixLookupResourceByType */
> extern _X_EXPORT pointer SecurityLookupIDByType(
> ClientPtr client,
>
--
Eamon Walsh
National Security Agency
___
xorg-devel mailing list
xorg-devel@lists.x.org
http://lists.x.org/mailman/listinfo/xorg-devel
Re: Proposed libX11 ABI break
Peter Hutterer wrote: > On Fri, Jun 26, 2009 at 03:46:26PM -0400, Eamon Walsh wrote: > >> Why don't we just not support returning XGE events from those old >> functions ? >> > > This was the alternative towards the end of the previous email. To quote: > >>> The only other solution I could come up with so far is to add XGENextEvent() >>> and friends as substitutes for XNextEvent & co. In this approach, XNextEvent >>> _never_ returns generic events, leaving existing clients ABI-safe. >>> XGENextEvent requires an argument of the cookie+data type. >>> New API could be conceptually cleaner and not have the cookies at all, just return a malloc'ed buffer. Even if you end up doing the cookie thing, new API could bypass that and assume the caller will take care of freeing. >>> This approach obviously has a high cost to clients as they need to adjust >>> for this new API. >>> To update an app, new code will have to be written regardless. I might be naive about the relative cost of swapping out XNextEvent. But new API does save the cost of the ABI break and under-the-hood cookie tracking. Actually I think everyone should switch to XCB :-). So, take this for what it's worth. One more thing, with the cookie scheme, you have the following contrived scenario: Thread 1 Thread 2 calls XNextEvent() calls XNextEvent() Xlib frees previous event data calls XGEGetEvent() data is gone, error Obviously you could fix this with a deeper queue, but the queue length becomes yet another parameter that needs to be twiddled. -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: Proposed libX11 ABI break
Peter Hutterer wrote: > This week, I ran into a wall trying to get XI2 events sorted out. Resolving > this may require a libX11 ABI break. This is NOT XI2 specific, it just > happens to be the first extension to run into this issue. > This is a rather lengthy email, please take the time and read it. > > == Problem == > XNextEvent(Display*, XEvent*) requires the event to be 96 (32-bit) or 192 > (64-bit) bytes. This is a side-effect of the definition of the XEvent > structure itself. > > XGE's long events may require structs that exceed this space. For XI2, the > solution I have used so far are pointers inside the respective XEvent struct > that point to other allocated memory. The client is required to call > XIFreeEventData() to ensure this extra memory is freed accordingly. > > Why don't we just not support returning XGE events from those old functions ? ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: First XI2 server implementation
Peter Hutterer wrote: > The current protocol specification is in inputproto/XI2proto.txt and in most > places identical to > http://lists.freedesktop.org/archives/xorg/2009-February/043510.html > Notable differences: > - raw events do not include button state > - FP1616 type implemented as INT16.CARD16 > - Enter/leave events include button/modifier state > - Focus events added - basically identical to enter/leave events. > Are you planning to duplicate the ListInputDevices wire encoding with the new QueryInputDevice? The ordering on the wire is not the same as in the protocol spec; all the BUTTONCLASS etc. are in one big list after the DEVICEINFO's. Same with the name strings. Not asking for it to be changed, just about consistency. It would be nice if this whole extension was more XCB-friendly though. Right now there is no XCB description for some requests because of the funky lists of variable-sized subclassed structures. More description in this mail: http://lists.freedesktop.org/archives/xcb/2007-December/003166.html -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
Re: ACE access check differences between SelectInput & RRSelectInput
Adam Jackson wrote: > On Sun, 2009-03-08 at 09:44 -0700, Alan Coopersmith wrote: > >> While tracking down problems with GTK+ applications starting up under >> Solaris Trusted Extensions since our move from Xorg 1.3 to 1.5.3, we've >> found that the root cause seems to be that ProcRRSelectInput is requesting >> we check for DixWriteAccess to write to the window (line 79 of >> randr/rrdispatch.c), while the normal XSelectInput() is handled via >> ProcChangeWindowAttributes, which checks for DixReceiveAccess for >> requesting events from the window. >> >> Is there some reason for this difference or any reason the check in >> ProcRRSelectInput shouldn't be changed to also be DixReceiveAccess ? >> > > None that I can think of. Selecting for input on a window doesn't > modify its state, so it's not "write" access. > > - ajax > Pushed this to 654449070005... in master, can be picked to 1.6-branch if you want it there. As I told Alan it's on my plate to go through and check for issues like this, I already have a bug report that I think is the result of "DixUnknownAccess" being used somewhere. -- Eamon Walsh National Security Agency ___ xorg-devel mailing list xorg-devel@lists.x.org http://lists.x.org/mailman/listinfo/xorg-devel
