search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ci: Check for DDXen to be built
[xserver.git] / Xext / xselinuxint.h
blobdddae86e24f20cf403ff347793445eadb5cd282f
1 /************************************************************
2
3 Author: Eamon Walsh <ewalsh@tycho.nsa.gov>
4
5 Permission to use, copy, modify, distribute, and sell this software and its
6 documentation for any purpose is hereby granted without fee, provided that
7 this permission notice appear in supporting documentation. This permission
8 notice shall be included in all copies or substantial portions of the
9 Software.
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14 AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
15 AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
16 CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
17
18 ********************************************************/
19
20 #ifndef _XSELINUXINT_H
21 #define _XSELINUXINT_H
22
23 #include <selinux/selinux.h>
24 #include <selinux/avc.h>
25
26 #include "globals.h"
27 #include "dixaccess.h"
28 #include "dixstruct.h"
29 #include "privates.h"
30 #include "resource.h"
31 #include "inputstr.h"
32 #include "xselinux.h"
33
34 /*
35 * Types
36 */
37
38 #define COMMAND_LEN 64
39
40 /* subject state (clients and devices only) */
41 typedef struct {
42 security_id_t sid;
43 security_id_t dev_create_sid;
44 security_id_t win_create_sid;
45 security_id_t sel_create_sid;
46 security_id_t prp_create_sid;
47 security_id_t sel_use_sid;
48 security_id_t prp_use_sid;
49 struct avc_entry_ref aeref;
50 char command[COMMAND_LEN];
51 int privileged;
52 } SELinuxSubjectRec;
53
54 /* object state */
55 typedef struct {
56 security_id_t sid;
57 int poly;
58 } SELinuxObjectRec;
59
60 /*
61 * Globals
62 */
63
64 extern DevPrivateKeyRec subjectKeyRec;
65
66 #define subjectKey (&subjectKeyRec)
67 extern DevPrivateKeyRec objectKeyRec;
68
69 #define objectKey (&objectKeyRec)
70 extern DevPrivateKeyRec dataKeyRec;
71
72 #define dataKey (&dataKeyRec)
73
74 /*
75 * Label functions
76 */
77
78 int
79 SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec ** obj_rtn);
80
81 int
82
83 SELinuxSelectionToSID(Atom selection, SELinuxSubjectRec * subj,
84 security_id_t * sid_rtn, int *poly_rtn);
85
86 int
87
88 SELinuxPropertyToSID(Atom property, SELinuxSubjectRec * subj,
89 security_id_t * sid_rtn, int *poly_rtn);
90
91 int
92
93 SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
94 SELinuxObjectRec * sid_return);
95
96 int
97 SELinuxExtensionToSID(const char *name, security_id_t * sid_rtn);
98
99 security_class_t SELinuxTypeToClass(RESTYPE type);
100
101 char *SELinuxDefaultClientLabel(void);
102
103 void
104 SELinuxLabelInit(void);
105
106 void
107 SELinuxLabelReset(void);
108
109 /*
110 * Security module functions
111 */
112
113 void
114 SELinuxFlaskInit(void);
115
116 void
117 SELinuxFlaskReset(void);
118
119 /*
120 * Private Flask definitions
121 */
122
123 /* Security class constants */
124 #define SECCLASS_X_DRAWABLE 1
125 #define SECCLASS_X_SCREEN 2
126 #define SECCLASS_X_GC 3
127 #define SECCLASS_X_FONT 4
128 #define SECCLASS_X_COLORMAP 5
129 #define SECCLASS_X_PROPERTY 6
130 #define SECCLASS_X_SELECTION 7
131 #define SECCLASS_X_CURSOR 8
132 #define SECCLASS_X_CLIENT 9
133 #define SECCLASS_X_POINTER 10
134 #define SECCLASS_X_KEYBOARD 11
135 #define SECCLASS_X_SERVER 12
136 #define SECCLASS_X_EXTENSION 13
137 #define SECCLASS_X_EVENT 14
138 #define SECCLASS_X_FAKEEVENT 15
139 #define SECCLASS_X_RESOURCE 16
140
141 #ifdef _XSELINUX_NEED_FLASK_MAP
142 /* Mapping from DixAccess bits to Flask permissions */
143 static struct security_class_mapping map[] = {
144 {"x_drawable",
145 {"read", /* DixReadAccess */
146 "write", /* DixWriteAccess */
147 "destroy", /* DixDestroyAccess */
148 "create", /* DixCreateAccess */
149 "getattr", /* DixGetAttrAccess */
150 "setattr", /* DixSetAttrAccess */
151 "list_property", /* DixListPropAccess */
152 "get_property", /* DixGetPropAccess */
153 "set_property", /* DixSetPropAccess */
154 "", /* DixGetFocusAccess */
155 "", /* DixSetFocusAccess */
156 "list_child", /* DixListAccess */
157 "add_child", /* DixAddAccess */
158 "remove_child", /* DixRemoveAccess */
159 "hide", /* DixHideAccess */
160 "show", /* DixShowAccess */
161 "blend", /* DixBlendAccess */
162 "override", /* DixGrabAccess */
163 "", /* DixFreezeAccess */
164 "", /* DixForceAccess */
165 "", /* DixInstallAccess */
166 "", /* DixUninstallAccess */
167 "send", /* DixSendAccess */
168 "receive", /* DixReceiveAccess */
169 "", /* DixUseAccess */
170 "manage", /* DixManageAccess */
171 NULL}},
172 {"x_screen",
173 {"", /* DixReadAccess */
174 "", /* DixWriteAccess */
175 "", /* DixDestroyAccess */
176 "", /* DixCreateAccess */
177 "getattr", /* DixGetAttrAccess */
178 "setattr", /* DixSetAttrAccess */
179 "saver_getattr", /* DixListPropAccess */
180 "saver_setattr", /* DixGetPropAccess */
181 "", /* DixSetPropAccess */
182 "", /* DixGetFocusAccess */
183 "", /* DixSetFocusAccess */
184 "", /* DixListAccess */
185 "", /* DixAddAccess */
186 "", /* DixRemoveAccess */
187 "hide_cursor", /* DixHideAccess */
188 "show_cursor", /* DixShowAccess */
189 "saver_hide", /* DixBlendAccess */
190 "saver_show", /* DixGrabAccess */
191 NULL}},
192 {"x_gc",
193 {"", /* DixReadAccess */
194 "", /* DixWriteAccess */
195 "destroy", /* DixDestroyAccess */
196 "create", /* DixCreateAccess */
197 "getattr", /* DixGetAttrAccess */
198 "setattr", /* DixSetAttrAccess */
199 "", /* DixListPropAccess */
200 "", /* DixGetPropAccess */
201 "", /* DixSetPropAccess */
202 "", /* DixGetFocusAccess */
203 "", /* DixSetFocusAccess */
204 "", /* DixListAccess */
205 "", /* DixAddAccess */
206 "", /* DixRemoveAccess */
207 "", /* DixHideAccess */
208 "", /* DixShowAccess */
209 "", /* DixBlendAccess */
210 "", /* DixGrabAccess */
211 "", /* DixFreezeAccess */
212 "", /* DixForceAccess */
213 "", /* DixInstallAccess */
214 "", /* DixUninstallAccess */
215 "", /* DixSendAccess */
216 "", /* DixReceiveAccess */
217 "use", /* DixUseAccess */
218 NULL}},
219 {"x_font",
220 {"", /* DixReadAccess */
221 "", /* DixWriteAccess */
222 "destroy", /* DixDestroyAccess */
223 "create", /* DixCreateAccess */
224 "getattr", /* DixGetAttrAccess */
225 "", /* DixSetAttrAccess */
226 "", /* DixListPropAccess */
227 "", /* DixGetPropAccess */
228 "", /* DixSetPropAccess */
229 "", /* DixGetFocusAccess */
230 "", /* DixSetFocusAccess */
231 "", /* DixListAccess */
232 "add_glyph", /* DixAddAccess */
233 "remove_glyph", /* DixRemoveAccess */
234 "", /* DixHideAccess */
235 "", /* DixShowAccess */
236 "", /* DixBlendAccess */
237 "", /* DixGrabAccess */
238 "", /* DixFreezeAccess */
239 "", /* DixForceAccess */
240 "", /* DixInstallAccess */
241 "", /* DixUninstallAccess */
242 "", /* DixSendAccess */
243 "", /* DixReceiveAccess */
244 "use", /* DixUseAccess */
245 NULL}},
246 {"x_colormap",
247 {"read", /* DixReadAccess */
248 "write", /* DixWriteAccess */
249 "destroy", /* DixDestroyAccess */
250 "create", /* DixCreateAccess */
251 "getattr", /* DixGetAttrAccess */
252 "", /* DixSetAttrAccess */
253 "", /* DixListPropAccess */
254 "", /* DixGetPropAccess */
255 "", /* DixSetPropAccess */
256 "", /* DixGetFocusAccess */
257 "", /* DixSetFocusAccess */
258 "", /* DixListAccess */
259 "add_color", /* DixAddAccess */
260 "remove_color", /* DixRemoveAccess */
261 "", /* DixHideAccess */
262 "", /* DixShowAccess */
263 "", /* DixBlendAccess */
264 "", /* DixGrabAccess */
265 "", /* DixFreezeAccess */
266 "", /* DixForceAccess */
267 "install", /* DixInstallAccess */
268 "uninstall", /* DixUninstallAccess */
269 "", /* DixSendAccess */
270 "", /* DixReceiveAccess */
271 "use", /* DixUseAccess */
272 NULL}},
273 {"x_property",
274 {"read", /* DixReadAccess */
275 "write", /* DixWriteAccess */
276 "destroy", /* DixDestroyAccess */
277 "create", /* DixCreateAccess */
278 "getattr", /* DixGetAttrAccess */
279 "setattr", /* DixSetAttrAccess */
280 "", /* DixListPropAccess */
281 "", /* DixGetPropAccess */
282 "", /* DixSetPropAccess */
283 "", /* DixGetFocusAccess */
284 "", /* DixSetFocusAccess */
285 "", /* DixListAccess */
286 "", /* DixAddAccess */
287 "", /* DixRemoveAccess */
288 "", /* DixHideAccess */
289 "", /* DixShowAccess */
290 "write", /* DixBlendAccess */
291 NULL}},
292 {"x_selection",
293 {"read", /* DixReadAccess */
294 "", /* DixWriteAccess */
295 "", /* DixDestroyAccess */
296 "setattr", /* DixCreateAccess */
297 "getattr", /* DixGetAttrAccess */
298 "setattr", /* DixSetAttrAccess */
299 NULL}},
300 {"x_cursor",
301 {"read", /* DixReadAccess */
302 "write", /* DixWriteAccess */
303 "destroy", /* DixDestroyAccess */
304 "create", /* DixCreateAccess */
305 "getattr", /* DixGetAttrAccess */
306 "setattr", /* DixSetAttrAccess */
307 "", /* DixListPropAccess */
308 "", /* DixGetPropAccess */
309 "", /* DixSetPropAccess */
310 "", /* DixGetFocusAccess */
311 "", /* DixSetFocusAccess */
312 "", /* DixListAccess */
313 "", /* DixAddAccess */
314 "", /* DixRemoveAccess */
315 "", /* DixHideAccess */
316 "", /* DixShowAccess */
317 "", /* DixBlendAccess */
318 "", /* DixGrabAccess */
319 "", /* DixFreezeAccess */
320 "", /* DixForceAccess */
321 "", /* DixInstallAccess */
322 "", /* DixUninstallAccess */
323 "", /* DixSendAccess */
324 "", /* DixReceiveAccess */
325 "use", /* DixUseAccess */
326 NULL}},
327 {"x_client",
328 {"", /* DixReadAccess */
329 "", /* DixWriteAccess */
330 "destroy", /* DixDestroyAccess */
331 "", /* DixCreateAccess */
332 "getattr", /* DixGetAttrAccess */
333 "setattr", /* DixSetAttrAccess */
334 "", /* DixListPropAccess */
335 "", /* DixGetPropAccess */
336 "", /* DixSetPropAccess */
337 "", /* DixGetFocusAccess */
338 "", /* DixSetFocusAccess */
339 "", /* DixListAccess */
340 "", /* DixAddAccess */
341 "", /* DixRemoveAccess */
342 "", /* DixHideAccess */
343 "", /* DixShowAccess */
344 "", /* DixBlendAccess */
345 "", /* DixGrabAccess */
346 "", /* DixFreezeAccess */
347 "", /* DixForceAccess */
348 "", /* DixInstallAccess */
349 "", /* DixUninstallAccess */
350 "", /* DixSendAccess */
351 "", /* DixReceiveAccess */
352 "", /* DixUseAccess */
353 "manage", /* DixManageAccess */
354 NULL}},
355 {"x_pointer",
356 {"read", /* DixReadAccess */
357 "write", /* DixWriteAccess */
358 "destroy", /* DixDestroyAccess */
359 "create", /* DixCreateAccess */
360 "getattr", /* DixGetAttrAccess */
361 "setattr", /* DixSetAttrAccess */
362 "list_property", /* DixListPropAccess */
363 "get_property", /* DixGetPropAccess */
364 "set_property", /* DixSetPropAccess */
365 "getfocus", /* DixGetFocusAccess */
366 "setfocus", /* DixSetFocusAccess */
367 "", /* DixListAccess */
368 "add", /* DixAddAccess */
369 "remove", /* DixRemoveAccess */
370 "", /* DixHideAccess */
371 "", /* DixShowAccess */
372 "", /* DixBlendAccess */
373 "grab", /* DixGrabAccess */
374 "freeze", /* DixFreezeAccess */
375 "force_cursor", /* DixForceAccess */
376 "", /* DixInstallAccess */
377 "", /* DixUninstallAccess */
378 "", /* DixSendAccess */
379 "", /* DixReceiveAccess */
380 "use", /* DixUseAccess */
381 "manage", /* DixManageAccess */
382 "", /* DixDebugAccess */
383 "bell", /* DixBellAccess */
384 NULL}},
385 {"x_keyboard",
386 {"read", /* DixReadAccess */
387 "write", /* DixWriteAccess */
388 "destroy", /* DixDestroyAccess */
389 "create", /* DixCreateAccess */
390 "getattr", /* DixGetAttrAccess */
391 "setattr", /* DixSetAttrAccess */
392 "list_property", /* DixListPropAccess */
393 "get_property", /* DixGetPropAccess */
394 "set_property", /* DixSetPropAccess */
395 "getfocus", /* DixGetFocusAccess */
396 "setfocus", /* DixSetFocusAccess */
397 "", /* DixListAccess */
398 "add", /* DixAddAccess */
399 "remove", /* DixRemoveAccess */
400 "", /* DixHideAccess */
401 "", /* DixShowAccess */
402 "", /* DixBlendAccess */
403 "grab", /* DixGrabAccess */
404 "freeze", /* DixFreezeAccess */
405 "force_cursor", /* DixForceAccess */
406 "", /* DixInstallAccess */
407 "", /* DixUninstallAccess */
408 "", /* DixSendAccess */
409 "", /* DixReceiveAccess */
410 "use", /* DixUseAccess */
411 "manage", /* DixManageAccess */
412 "", /* DixDebugAccess */
413 "bell", /* DixBellAccess */
414 NULL}},
415 {"x_server",
416 {"record", /* DixReadAccess */
417 "", /* DixWriteAccess */
418 "", /* DixDestroyAccess */
419 "", /* DixCreateAccess */
420 "getattr", /* DixGetAttrAccess */
421 "setattr", /* DixSetAttrAccess */
422 "", /* DixListPropAccess */
423 "", /* DixGetPropAccess */
424 "", /* DixSetPropAccess */
425 "", /* DixGetFocusAccess */
426 "", /* DixSetFocusAccess */
427 "", /* DixListAccess */
428 "", /* DixAddAccess */
429 "", /* DixRemoveAccess */
430 "", /* DixHideAccess */
431 "", /* DixShowAccess */
432 "", /* DixBlendAccess */
433 "grab", /* DixGrabAccess */
434 "", /* DixFreezeAccess */
435 "", /* DixForceAccess */
436 "", /* DixInstallAccess */
437 "", /* DixUninstallAccess */
438 "", /* DixSendAccess */
439 "", /* DixReceiveAccess */
440 "", /* DixUseAccess */
441 "manage", /* DixManageAccess */
442 "debug", /* DixDebugAccess */
443 NULL}},
444 {"x_extension",
445 {"", /* DixReadAccess */
446 "", /* DixWriteAccess */
447 "", /* DixDestroyAccess */
448 "", /* DixCreateAccess */
449 "query", /* DixGetAttrAccess */
450 "", /* DixSetAttrAccess */
451 "", /* DixListPropAccess */
452 "", /* DixGetPropAccess */
453 "", /* DixSetPropAccess */
454 "", /* DixGetFocusAccess */
455 "", /* DixSetFocusAccess */
456 "", /* DixListAccess */
457 "", /* DixAddAccess */
458 "", /* DixRemoveAccess */
459 "", /* DixHideAccess */
460 "", /* DixShowAccess */
461 "", /* DixBlendAccess */
462 "", /* DixGrabAccess */
463 "", /* DixFreezeAccess */
464 "", /* DixForceAccess */
465 "", /* DixInstallAccess */
466 "", /* DixUninstallAccess */
467 "", /* DixSendAccess */
468 "", /* DixReceiveAccess */
469 "use", /* DixUseAccess */
470 NULL}},
471 {"x_event",
472 {"", /* DixReadAccess */
473 "", /* DixWriteAccess */
474 "", /* DixDestroyAccess */
475 "", /* DixCreateAccess */
476 "", /* DixGetAttrAccess */
477 "", /* DixSetAttrAccess */
478 "", /* DixListPropAccess */
479 "", /* DixGetPropAccess */
480 "", /* DixSetPropAccess */
481 "", /* DixGetFocusAccess */
482 "", /* DixSetFocusAccess */
483 "", /* DixListAccess */
484 "", /* DixAddAccess */
485 "", /* DixRemoveAccess */
486 "", /* DixHideAccess */
487 "", /* DixShowAccess */
488 "", /* DixBlendAccess */
489 "", /* DixGrabAccess */
490 "", /* DixFreezeAccess */
491 "", /* DixForceAccess */
492 "", /* DixInstallAccess */
493 "", /* DixUninstallAccess */
494 "send", /* DixSendAccess */
495 "receive", /* DixReceiveAccess */
496 NULL}},
497 {"x_synthetic_event",
498 {"", /* DixReadAccess */
499 "", /* DixWriteAccess */
500 "", /* DixDestroyAccess */
501 "", /* DixCreateAccess */
502 "", /* DixGetAttrAccess */
503 "", /* DixSetAttrAccess */
504 "", /* DixListPropAccess */
505 "", /* DixGetPropAccess */
506 "", /* DixSetPropAccess */
507 "", /* DixGetFocusAccess */
508 "", /* DixSetFocusAccess */
509 "", /* DixListAccess */
510 "", /* DixAddAccess */
511 "", /* DixRemoveAccess */
512 "", /* DixHideAccess */
513 "", /* DixShowAccess */
514 "", /* DixBlendAccess */
515 "", /* DixGrabAccess */
516 "", /* DixFreezeAccess */
517 "", /* DixForceAccess */
518 "", /* DixInstallAccess */
519 "", /* DixUninstallAccess */
520 "send", /* DixSendAccess */
521 "receive", /* DixReceiveAccess */
522 NULL}},
523 {"x_resource",
524 {"read", /* DixReadAccess */
525 "write", /* DixWriteAccess */
526 "write", /* DixDestroyAccess */
527 "write", /* DixCreateAccess */
528 "read", /* DixGetAttrAccess */
529 "write", /* DixSetAttrAccess */
530 "read", /* DixListPropAccess */
531 "read", /* DixGetPropAccess */
532 "write", /* DixSetPropAccess */
533 "read", /* DixGetFocusAccess */
534 "write", /* DixSetFocusAccess */
535 "read", /* DixListAccess */
536 "write", /* DixAddAccess */
537 "write", /* DixRemoveAccess */
538 "write", /* DixHideAccess */
539 "read", /* DixShowAccess */
540 "read", /* DixBlendAccess */
541 "write", /* DixGrabAccess */
542 "write", /* DixFreezeAccess */
543 "write", /* DixForceAccess */
544 "write", /* DixInstallAccess */
545 "write", /* DixUninstallAccess */
546 "write", /* DixSendAccess */
547 "read", /* DixReceiveAccess */
548 "read", /* DixUseAccess */
549 "write", /* DixManageAccess */
550 "read", /* DixDebugAccess */
551 "write", /* DixBellAccess */
552 NULL}},
553 {NULL}
554 };
555
556 /* x_resource "read" bits from the list above */
557 #define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \
558 DixGetPropAccess|DixGetFocusAccess|DixListAccess| \
559 DixShowAccess|DixBlendAccess|DixReceiveAccess| \
560 DixUseAccess|DixDebugAccess)
561
562 #endif /* _XSELINUX_NEED_FLASK_MAP */
563 #endif /* _XSELINUXINT_H */
Mirror of freedesktop X server git repo