static void SecuritySend(CallbackListPtr *pcbl, pointer unused, pointer calldata) { XaceSendAccessRec *rec = calldata; SecurityStateRec *subj, *obj; if (rec->client) { int i; subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); obj = dixLookupPrivate(&wClient(rec->pWin)->devPrivates, stateKey); if (SecurityDoCheck(subj, obj, DixSendAccess, 0) == Success) return; for (i = 0; i < rec->count; i++) if (rec->events[i].u.u.type != UnmapNotify && rec->events[i].u.u.type != ConfigureRequest && rec->events[i].u.u.type != ClientMessage) { SecurityAudit("Security: denied client %d from sending event " "of type %s to window 0x%x of client %d\n", rec->client->index, LookupEventName(rec->events[i].u.u.type), rec->pWin->drawable.id, wClient(rec->pWin)->index); rec->status = BadAccess; return; } } }
/* * Looks up the SID corresponding to the given event type */ int SELinuxEventToSID(unsigned type, security_id_t sid_of_window, SELinuxObjectRec * sid_return) { const char *name = LookupEventName(type); security_id_t sid; security_context_t ctx; type &= 127; sid = SELinuxArrayGet(&arr_events, type); if (!sid) { /* Look in the mappings of event names to contexts */ if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EVENT) < 0) { ErrorF("SELinux: an event label lookup failed!\n"); return BadValue; } /* Get a SID for context */ if (avc_context_to_sid_raw(ctx, &sid) < 0) { ErrorF("SELinux: a context_to_SID_raw call failed!\n"); freecon(ctx); return BadAlloc; } freecon(ctx); /* Cache the SID value */ if (!SELinuxArraySet(&arr_events, type, sid)) return BadAlloc; } /* Perform a transition to obtain the final SID */ if (avc_compute_create(sid_of_window, sid, SECCLASS_X_EVENT, &sid_return->sid) < 0) { ErrorF("SELinux: a compute_create call failed!\n"); return BadValue; } return Success; }