search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
os: if inet_ntop() is available, use it for IPv4 addresses as well
[xserver.git] / Xext / xselinux_ext.c
blob506eb5d0fdd5fb2032cf1c16fbd8df7b4ce79c88
1 /************************************************************
2
3 Author: Eamon Walsh <ewalsh@tycho.nsa.gov>
4
5 Permission to use, copy, modify, distribute, and sell this software and its
6 documentation for any purpose is hereby granted without fee, provided that
7 this permission notice appear in supporting documentation. This permission
8 notice shall be included in all copies or substantial portions of the
9 Software.
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14 AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
15 AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
16 CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
17
18 ********************************************************/
19
20 #include <dix-config.h>
21
22 #include "dix/dix_priv.h"
23 #include "dix/property_priv.h"
24
25 #include "selection.h"
26 #include "inputstr.h"
27 #include "windowstr.h"
28 #include "propertyst.h"
29 #include "extnsionst.h"
30 #include "extinit_priv.h"
31 #include "xselinuxint.h"
32
33 #define CTX_DEV offsetof(SELinuxSubjectRec, dev_create_sid)
34 #define CTX_WIN offsetof(SELinuxSubjectRec, win_create_sid)
35 #define CTX_PRP offsetof(SELinuxSubjectRec, prp_create_sid)
36 #define CTX_SEL offsetof(SELinuxSubjectRec, sel_create_sid)
37 #define USE_PRP offsetof(SELinuxSubjectRec, prp_use_sid)
38 #define USE_SEL offsetof(SELinuxSubjectRec, sel_use_sid)
39
40 typedef struct {
41 char *octx;
42 char *dctx;
43 CARD32 octx_len;
44 CARD32 dctx_len;
45 CARD32 id;
46 } SELinuxListItemRec;
47
48 Bool noSELinuxExtension = FALSE;
49 int selinuxEnforcingState = SELINUX_MODE_DEFAULT;
50
51 /*
52 * Extension Dispatch
53 */
54
55 static char *
56 SELinuxCopyContext(char *ptr, unsigned len)
57 {
58 char *copy = malloc(len + 1);
59
60 if (!copy)
61 return NULL;
62 strncpy(copy, ptr, len);
63 copy[len] = '\0';
64 return copy;
65 }
66
67 static int
68 ProcSELinuxQueryVersion(ClientPtr client)
69 {
70 SELinuxQueryVersionReply rep = {
71 .type = X_Reply,
72 .sequenceNumber = client->sequence,
73 .length = 0,
74 .server_major = SELINUX_MAJOR_VERSION,
75 .server_minor = SELINUX_MINOR_VERSION
76 };
77 if (client->swapped) {
78 swaps(&rep.sequenceNumber);
79 swapl(&rep.length);
80 swaps(&rep.server_major);
81 swaps(&rep.server_minor);
82 }
83 WriteToClient(client, sizeof(rep), &rep);
84 return Success;
85 }
86
87 static int
88 SELinuxSendContextReply(ClientPtr client, security_id_t sid)
89 {
90 SELinuxGetContextReply rep;
91 char *ctx = NULL;
92 int len = 0;
93
94 if (sid) {
95 if (avc_sid_to_context_raw(sid, &ctx) < 0)
96 return BadValue;
97 len = strlen(ctx) + 1;
98 }
99
100 rep = (SELinuxGetContextReply) {
101 .type = X_Reply,
102 .sequenceNumber = client->sequence,
103 .length = bytes_to_int32(len),
104 .context_len = len
105 };
106
107 if (client->swapped) {
108 swapl(&rep.length);
109 swaps(&rep.sequenceNumber);
110 swapl(&rep.context_len);
111 }
112
113 WriteToClient(client, sizeof(SELinuxGetContextReply), &rep);
114 WriteToClient(client, len, ctx);
115 freecon(ctx);
116 return Success;
117 }
118
119 static int
120 ProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
121 {
122 PrivateRec **privPtr = &client->devPrivates;
123 security_id_t *pSid;
124 char *ctx = NULL;
125 char *ptr;
126 int rc;
127
128 REQUEST(SELinuxSetCreateContextReq);
129 REQUEST_FIXED_SIZE(SELinuxSetCreateContextReq, stuff->context_len);
130
131 if (stuff->context_len > 0) {
132 ctx = SELinuxCopyContext((char *) (stuff + 1), stuff->context_len);
133 if (!ctx)
134 return BadAlloc;
135 }
136
137 ptr = dixLookupPrivate(privPtr, subjectKey);
138 pSid = (security_id_t *) (ptr + offset);
139 *pSid = NULL;
140
141 rc = Success;
142 if (stuff->context_len > 0) {
143 if (security_check_context_raw(ctx) < 0 ||
144 avc_context_to_sid_raw(ctx, pSid) < 0)
145 rc = BadValue;
146 }
147
148 free(ctx);
149 return rc;
150 }
151
152 static int
153 ProcSELinuxGetCreateContext(ClientPtr client, unsigned offset)
154 {
155 security_id_t *pSid;
156 char *ptr;
157
158 REQUEST_SIZE_MATCH(SELinuxGetCreateContextReq);
159
160 if (offset == CTX_DEV)
161 ptr = dixLookupPrivate(&serverClient->devPrivates, subjectKey);
162 else
163 ptr = dixLookupPrivate(&client->devPrivates, subjectKey);
164
165 pSid = (security_id_t *) (ptr + offset);
166 return SELinuxSendContextReply(client, *pSid);
167 }
168
169 static int
170 ProcSELinuxSetDeviceContext(ClientPtr client)
171 {
172 char *ctx;
173 security_id_t sid;
174 DeviceIntPtr dev;
175 SELinuxSubjectRec *subj;
176 SELinuxObjectRec *obj;
177 int rc;
178
179 REQUEST(SELinuxSetContextReq);
180 REQUEST_FIXED_SIZE(SELinuxSetContextReq, stuff->context_len);
181
182 if (stuff->context_len < 1)
183 return BadLength;
184 ctx = SELinuxCopyContext((char *) (stuff + 1), stuff->context_len);
185 if (!ctx)
186 return BadAlloc;
187
188 rc = dixLookupDevice(&dev, stuff->id, client, DixManageAccess);
189 if (rc != Success)
190 goto out;
191
192 if (security_check_context_raw(ctx) < 0 ||
193 avc_context_to_sid_raw(ctx, &sid) < 0) {
194 rc = BadValue;
195 goto out;
196 }
197
198 subj = dixLookupPrivate(&dev->devPrivates, subjectKey);
199 subj->sid = sid;
200 obj = dixLookupPrivate(&dev->devPrivates, objectKey);
201 obj->sid = sid;
202
203 rc = Success;
204 out:
205 free(ctx);
206 return rc;
207 }
208
209 static int
210 ProcSELinuxGetDeviceContext(ClientPtr client)
211 {
212 DeviceIntPtr dev;
213 SELinuxSubjectRec *subj;
214 int rc;
215
216 REQUEST(SELinuxGetContextReq);
217 REQUEST_SIZE_MATCH(SELinuxGetContextReq);
218
219 rc = dixLookupDevice(&dev, stuff->id, client, DixGetAttrAccess);
220 if (rc != Success)
221 return rc;
222
223 subj = dixLookupPrivate(&dev->devPrivates, subjectKey);
224 return SELinuxSendContextReply(client, subj->sid);
225 }
226
227 static int
228 ProcSELinuxGetDrawableContext(ClientPtr client)
229 {
230 DrawablePtr pDraw;
231 PrivateRec **privatePtr;
232 SELinuxObjectRec *obj;
233 int rc;
234
235 REQUEST(SELinuxGetContextReq);
236 REQUEST_SIZE_MATCH(SELinuxGetContextReq);
237
238 rc = dixLookupDrawable(&pDraw, stuff->id, client, 0, DixGetAttrAccess);
239 if (rc != Success)
240 return rc;
241
242 if (pDraw->type == DRAWABLE_PIXMAP)
243 privatePtr = &((PixmapPtr) pDraw)->devPrivates;
244 else
245 privatePtr = &((WindowPtr) pDraw)->devPrivates;
246
247 obj = dixLookupPrivate(privatePtr, objectKey);
248 return SELinuxSendContextReply(client, obj->sid);
249 }
250
251 static int
252 ProcSELinuxGetPropertyContext(ClientPtr client, void *privKey)
253 {
254 WindowPtr pWin;
255 PropertyPtr pProp;
256 SELinuxObjectRec *obj;
257 int rc;
258
259 REQUEST(SELinuxGetPropertyContextReq);
260 REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq);
261
262 rc = dixLookupWindow(&pWin, stuff->window, client, DixGetPropAccess);
263 if (rc != Success)
264 return rc;
265
266 rc = dixLookupProperty(&pProp, pWin, stuff->property, client,
267 DixGetAttrAccess);
268 if (rc != Success)
269 return rc;
270
271 obj = dixLookupPrivate(&pProp->devPrivates, privKey);
272 return SELinuxSendContextReply(client, obj->sid);
273 }
274
275 static int
276 ProcSELinuxGetSelectionContext(ClientPtr client, void *privKey)
277 {
278 Selection *pSel;
279 SELinuxObjectRec *obj;
280 int rc;
281
282 REQUEST(SELinuxGetContextReq);
283 REQUEST_SIZE_MATCH(SELinuxGetContextReq);
284
285 rc = dixLookupSelection(&pSel, stuff->id, client, DixGetAttrAccess);
286 if (rc != Success)
287 return rc;
288
289 obj = dixLookupPrivate(&pSel->devPrivates, privKey);
290 return SELinuxSendContextReply(client, obj->sid);
291 }
292
293 static int
294 ProcSELinuxGetClientContext(ClientPtr client)
295 {
296 ClientPtr target;
297 SELinuxSubjectRec *subj;
298 int rc;
299
300 REQUEST(SELinuxGetContextReq);
301 REQUEST_SIZE_MATCH(SELinuxGetContextReq);
302
303 rc = dixLookupClient(&target, stuff->id, client, DixGetAttrAccess);
304 if (rc != Success)
305 return rc;
306
307 subj = dixLookupPrivate(&target->devPrivates, subjectKey);
308 return SELinuxSendContextReply(client, subj->sid);
309 }
310
311 static int
312 SELinuxPopulateItem(SELinuxListItemRec * i, PrivateRec ** privPtr, CARD32 id,
313 int *size)
314 {
315 SELinuxObjectRec *obj = dixLookupPrivate(privPtr, objectKey);
316 SELinuxObjectRec *data = dixLookupPrivate(privPtr, dataKey);
317
318 if (avc_sid_to_context_raw(obj->sid, &i->octx) < 0)
319 return BadValue;
320 if (avc_sid_to_context_raw(data->sid, &i->dctx) < 0)
321 return BadValue;
322
323 i->id = id;
324 i->octx_len = bytes_to_int32(strlen(i->octx) + 1);
325 i->dctx_len = bytes_to_int32(strlen(i->dctx) + 1);
326
327 *size += i->octx_len + i->dctx_len + 3;
328 return Success;
329 }
330
331 static void
332 SELinuxFreeItems(SELinuxListItemRec * items, int count)
333 {
334 int k;
335
336 for (k = 0; k < count; k++) {
337 freecon(items[k].octx);
338 freecon(items[k].dctx);
339 }
340 free(items);
341 }
342
343 static int
344 SELinuxSendItemsToClient(ClientPtr client, SELinuxListItemRec * items,
345 int size, int count)
346 {
347 int rc, k, pos = 0;
348 SELinuxListItemsReply rep;
349 CARD32 *buf;
350
351 buf = calloc(size, sizeof(CARD32));
352 if (size && !buf) {
353 rc = BadAlloc;
354 goto out;
355 }
356
357 /* Fill in the buffer */
358 for (k = 0; k < count; k++) {
359 buf[pos] = items[k].id;
360 if (client->swapped)
361 swapl(buf + pos);
362 pos++;
363
364 buf[pos] = items[k].octx_len * 4;
365 if (client->swapped)
366 swapl(buf + pos);
367 pos++;
368
369 buf[pos] = items[k].dctx_len * 4;
370 if (client->swapped)
371 swapl(buf + pos);
372 pos++;
373
374 memcpy((char *) (buf + pos), items[k].octx, strlen(items[k].octx) + 1);
375 pos += items[k].octx_len;
376 memcpy((char *) (buf + pos), items[k].dctx, strlen(items[k].dctx) + 1);
377 pos += items[k].dctx_len;
378 }
379
380 /* Send reply to client */
381 rep = (SELinuxListItemsReply) {
382 .type = X_Reply,
383 .sequenceNumber = client->sequence,
384 .length = size,
385 .count = count
386 };
387
388 if (client->swapped) {
389 swapl(&rep.length);
390 swaps(&rep.sequenceNumber);
391 swapl(&rep.count);
392 }
393
394 WriteToClient(client, sizeof(SELinuxListItemsReply), &rep);
395 WriteToClient(client, size * 4, buf);
396
397 /* Free stuff and return */
398 rc = Success;
399 free(buf);
400 out:
401 SELinuxFreeItems(items, count);
402 return rc;
403 }
404
405 static int
406 ProcSELinuxListProperties(ClientPtr client)
407 {
408 WindowPtr pWin;
409 PropertyPtr pProp;
410 SELinuxListItemRec *items;
411 int rc, count, size, i;
412 CARD32 id;
413
414 REQUEST(SELinuxGetContextReq);
415 REQUEST_SIZE_MATCH(SELinuxGetContextReq);
416
417 rc = dixLookupWindow(&pWin, stuff->id, client, DixListPropAccess);
418 if (rc != Success)
419 return rc;
420
421 /* Count the number of properties and allocate items */
422 count = 0;
423 for (pProp = wUserProps(pWin); pProp; pProp = pProp->next)
424 count++;
425 items = calloc(count, sizeof(SELinuxListItemRec));
426 if (count && !items)
427 return BadAlloc;
428
429 /* Fill in the items and calculate size */
430 i = 0;
431 size = 0;
432 for (pProp = wUserProps(pWin); pProp; pProp = pProp->next) {
433 id = pProp->propertyName;
434 rc = SELinuxPopulateItem(items + i, &pProp->devPrivates, id, &size);
435 if (rc != Success) {
436 SELinuxFreeItems(items, count);
437 return rc;
438 }
439 i++;
440 }
441
442 return SELinuxSendItemsToClient(client, items, size, count);
443 }
444
445 static int
446 ProcSELinuxListSelections(ClientPtr client)
447 {
448 Selection *pSel;
449 SELinuxListItemRec *items;
450 int rc, count, size, i;
451 CARD32 id;
452
453 REQUEST_SIZE_MATCH(SELinuxGetCreateContextReq);
454
455 /* Count the number of selections and allocate items */
456 count = 0;
457 for (pSel = CurrentSelections; pSel; pSel = pSel->next)
458 count++;
459 items = calloc(count, sizeof(SELinuxListItemRec));
460 if (count && !items)
461 return BadAlloc;
462
463 /* Fill in the items and calculate size */
464 i = 0;
465 size = 0;
466 for (pSel = CurrentSelections; pSel; pSel = pSel->next) {
467 id = pSel->selection;
468 rc = SELinuxPopulateItem(items + i, &pSel->devPrivates, id, &size);
469 if (rc != Success) {
470 SELinuxFreeItems(items, count);
471 return rc;
472 }
473 i++;
474 }
475
476 return SELinuxSendItemsToClient(client, items, size, count);
477 }
478
479 static int
480 ProcSELinuxDispatch(ClientPtr client)
481 {
482 REQUEST(xReq);
483 switch (stuff->data) {
484 case X_SELinuxQueryVersion:
485 return ProcSELinuxQueryVersion(client);
486 case X_SELinuxSetDeviceCreateContext:
487 return ProcSELinuxSetCreateContext(client, CTX_DEV);
488 case X_SELinuxGetDeviceCreateContext:
489 return ProcSELinuxGetCreateContext(client, CTX_DEV);
490 case X_SELinuxSetDeviceContext:
491 return ProcSELinuxSetDeviceContext(client);
492 case X_SELinuxGetDeviceContext:
493 return ProcSELinuxGetDeviceContext(client);
494 case X_SELinuxSetDrawableCreateContext:
495 return ProcSELinuxSetCreateContext(client, CTX_WIN);
496 case X_SELinuxGetDrawableCreateContext:
497 return ProcSELinuxGetCreateContext(client, CTX_WIN);
498 case X_SELinuxGetDrawableContext:
499 return ProcSELinuxGetDrawableContext(client);
500 case X_SELinuxSetPropertyCreateContext:
501 return ProcSELinuxSetCreateContext(client, CTX_PRP);
502 case X_SELinuxGetPropertyCreateContext:
503 return ProcSELinuxGetCreateContext(client, CTX_PRP);
504 case X_SELinuxSetPropertyUseContext:
505 return ProcSELinuxSetCreateContext(client, USE_PRP);
506 case X_SELinuxGetPropertyUseContext:
507 return ProcSELinuxGetCreateContext(client, USE_PRP);
508 case X_SELinuxGetPropertyContext:
509 return ProcSELinuxGetPropertyContext(client, objectKey);
510 case X_SELinuxGetPropertyDataContext:
511 return ProcSELinuxGetPropertyContext(client, dataKey);
512 case X_SELinuxListProperties:
513 return ProcSELinuxListProperties(client);
514 case X_SELinuxSetSelectionCreateContext:
515 return ProcSELinuxSetCreateContext(client, CTX_SEL);
516 case X_SELinuxGetSelectionCreateContext:
517 return ProcSELinuxGetCreateContext(client, CTX_SEL);
518 case X_SELinuxSetSelectionUseContext:
519 return ProcSELinuxSetCreateContext(client, USE_SEL);
520 case X_SELinuxGetSelectionUseContext:
521 return ProcSELinuxGetCreateContext(client, USE_SEL);
522 case X_SELinuxGetSelectionContext:
523 return ProcSELinuxGetSelectionContext(client, objectKey);
524 case X_SELinuxGetSelectionDataContext:
525 return ProcSELinuxGetSelectionContext(client, dataKey);
526 case X_SELinuxListSelections:
527 return ProcSELinuxListSelections(client);
528 case X_SELinuxGetClientContext:
529 return ProcSELinuxGetClientContext(client);
530 default:
531 return BadRequest;
532 }
533 }
534
535 static int _X_COLD
536 SProcSELinuxQueryVersion(ClientPtr client)
537 {
538 return ProcSELinuxQueryVersion(client);
539 }
540
541 static int _X_COLD
542 SProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
543 {
544 REQUEST(SELinuxSetCreateContextReq);
545
546 REQUEST_AT_LEAST_SIZE(SELinuxSetCreateContextReq);
547 swapl(&stuff->context_len);
548 return ProcSELinuxSetCreateContext(client, offset);
549 }
550
551 static int _X_COLD
552 SProcSELinuxSetDeviceContext(ClientPtr client)
553 {
554 REQUEST(SELinuxSetContextReq);
555
556 REQUEST_AT_LEAST_SIZE(SELinuxSetContextReq);
557 swapl(&stuff->id);
558 swapl(&stuff->context_len);
559 return ProcSELinuxSetDeviceContext(client);
560 }
561
562 static int _X_COLD
563 SProcSELinuxGetDeviceContext(ClientPtr client)
564 {
565 REQUEST(SELinuxGetContextReq);
566
567 REQUEST_SIZE_MATCH(SELinuxGetContextReq);
568 swapl(&stuff->id);
569 return ProcSELinuxGetDeviceContext(client);
570 }
571
572 static int _X_COLD
573 SProcSELinuxGetDrawableContext(ClientPtr client)
574 {
575 REQUEST(SELinuxGetContextReq);
576
577 REQUEST_SIZE_MATCH(SELinuxGetContextReq);
578 swapl(&stuff->id);
579 return ProcSELinuxGetDrawableContext(client);
580 }
581
582 static int _X_COLD
583 SProcSELinuxGetPropertyContext(ClientPtr client, void *privKey)
584 {
585 REQUEST(SELinuxGetPropertyContextReq);
586
587 REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq);
588 swapl(&stuff->window);
589 swapl(&stuff->property);
590 return ProcSELinuxGetPropertyContext(client, privKey);
591 }
592
593 static int _X_COLD
594 SProcSELinuxGetSelectionContext(ClientPtr client, void *privKey)
595 {
596 REQUEST(SELinuxGetContextReq);
597
598 REQUEST_SIZE_MATCH(SELinuxGetContextReq);
599 swapl(&stuff->id);
600 return ProcSELinuxGetSelectionContext(client, privKey);
601 }
602
603 static int _X_COLD
604 SProcSELinuxListProperties(ClientPtr client)
605 {
606 REQUEST(SELinuxGetContextReq);
607
608 REQUEST_SIZE_MATCH(SELinuxGetContextReq);
609 swapl(&stuff->id);
610 return ProcSELinuxListProperties(client);
611 }
612
613 static int _X_COLD
614 SProcSELinuxGetClientContext(ClientPtr client)
615 {
616 REQUEST(SELinuxGetContextReq);
617
618 REQUEST_SIZE_MATCH(SELinuxGetContextReq);
619 swapl(&stuff->id);
620 return ProcSELinuxGetClientContext(client);
621 }
622
623 static int _X_COLD
624 SProcSELinuxDispatch(ClientPtr client)
625 {
626 REQUEST(xReq);
627
628 swaps(&stuff->length);
629
630 switch (stuff->data) {
631 case X_SELinuxQueryVersion:
632 return SProcSELinuxQueryVersion(client);
633 case X_SELinuxSetDeviceCreateContext:
634 return SProcSELinuxSetCreateContext(client, CTX_DEV);
635 case X_SELinuxGetDeviceCreateContext:
636 return ProcSELinuxGetCreateContext(client, CTX_DEV);
637 case X_SELinuxSetDeviceContext:
638 return SProcSELinuxSetDeviceContext(client);
639 case X_SELinuxGetDeviceContext:
640 return SProcSELinuxGetDeviceContext(client);
641 case X_SELinuxSetDrawableCreateContext:
642 return SProcSELinuxSetCreateContext(client, CTX_WIN);
643 case X_SELinuxGetDrawableCreateContext:
644 return ProcSELinuxGetCreateContext(client, CTX_WIN);
645 case X_SELinuxGetDrawableContext:
646 return SProcSELinuxGetDrawableContext(client);
647 case X_SELinuxSetPropertyCreateContext:
648 return SProcSELinuxSetCreateContext(client, CTX_PRP);
649 case X_SELinuxGetPropertyCreateContext:
650 return ProcSELinuxGetCreateContext(client, CTX_PRP);
651 case X_SELinuxSetPropertyUseContext:
652 return SProcSELinuxSetCreateContext(client, USE_PRP);
653 case X_SELinuxGetPropertyUseContext:
654 return ProcSELinuxGetCreateContext(client, USE_PRP);
655 case X_SELinuxGetPropertyContext:
656 return SProcSELinuxGetPropertyContext(client, objectKey);
657 case X_SELinuxGetPropertyDataContext:
658 return SProcSELinuxGetPropertyContext(client, dataKey);
659 case X_SELinuxListProperties:
660 return SProcSELinuxListProperties(client);
661 case X_SELinuxSetSelectionCreateContext:
662 return SProcSELinuxSetCreateContext(client, CTX_SEL);
663 case X_SELinuxGetSelectionCreateContext:
664 return ProcSELinuxGetCreateContext(client, CTX_SEL);
665 case X_SELinuxSetSelectionUseContext:
666 return SProcSELinuxSetCreateContext(client, USE_SEL);
667 case X_SELinuxGetSelectionUseContext:
668 return ProcSELinuxGetCreateContext(client, USE_SEL);
669 case X_SELinuxGetSelectionContext:
670 return SProcSELinuxGetSelectionContext(client, objectKey);
671 case X_SELinuxGetSelectionDataContext:
672 return SProcSELinuxGetSelectionContext(client, dataKey);
673 case X_SELinuxListSelections:
674 return ProcSELinuxListSelections(client);
675 case X_SELinuxGetClientContext:
676 return SProcSELinuxGetClientContext(client);
677 default:
678 return BadRequest;
679 }
680 }
681
682 /*
683 * Extension Setup / Teardown
684 */
685
686 static void
687 SELinuxResetProc(ExtensionEntry * extEntry)
688 {
689 SELinuxFlaskReset();
690 SELinuxLabelReset();
691 }
692
693 void
694 SELinuxExtensionInit(void)
695 {
696 /* Check SELinux mode on system, configuration file, and boolean */
697 if (!is_selinux_enabled()) {
698 LogMessage(X_INFO, "SELinux: Disabled on system\n");
699 return;
700 }
701 if (selinuxEnforcingState == SELINUX_MODE_DISABLED) {
702 LogMessage(X_INFO, "SELinux: Disabled in configuration file\n");
703 return;
704 }
705 if (!security_get_boolean_active("xserver_object_manager")) {
706 LogMessage(X_INFO, "SELinux: Disabled by boolean\n");
707 return;
708 }
709
710 /* Set up XACE hooks */
711 SELinuxLabelInit();
712 SELinuxFlaskInit();
713
714 /* Add extension to server */
715 AddExtension(SELINUX_EXTENSION_NAME, SELinuxNumberEvents,
716 SELinuxNumberErrors, ProcSELinuxDispatch,
717 SProcSELinuxDispatch, SELinuxResetProc, StandardMinorOpcode);
718 }
Mirror of freedesktop X server git repo