static void
SecuritySend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
{
XaceSendAccessRec *rec = calldata;
SecurityStateRec *subj, *obj;
if (rec->client) {
int i;
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
obj = dixLookupPrivate(&wClient(rec->pWin)->devPrivates, stateKey);
if (SecurityDoCheck(subj, obj, DixSendAccess, 0) == Success)
return;
for (i = 0; i < rec->count; i++)
if (rec->events[i].u.u.type != UnmapNotify &&
rec->events[i].u.u.type != ConfigureRequest &&
rec->events[i].u.u.type != ClientMessage) {
SecurityAudit("Security: denied client %d from sending event "
"of type %s to window 0x%x of client %d\n",
rec->client->index,
LookupEventName(rec->events[i].u.u.type),
rec->pWin->drawable.id,
wClient(rec->pWin)->index);
rec->status = BadAccess;
return;
}
}
}
/*
* Looks up the SID corresponding to the given event type
*/
int
SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
SELinuxObjectRec * sid_return)
{
const char *name = LookupEventName(type);
security_id_t sid;
security_context_t ctx;
type &= 127;
sid = SELinuxArrayGet(&arr_events, type);
if (!sid) {
/* Look in the mappings of event names to contexts */
if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EVENT) < 0) {
ErrorF("SELinux: an event label lookup failed!\n");
return BadValue;
}
/* Get a SID for context */
if (avc_context_to_sid_raw(ctx, &sid) < 0) {
ErrorF("SELinux: a context_to_SID_raw call failed!\n");
freecon(ctx);
return BadAlloc;
}
freecon(ctx);
/* Cache the SID value */
if (!SELinuxArraySet(&arr_events, type, sid))
return BadAlloc;
}
/* Perform a transition to obtain the final SID */
if (avc_compute_create(sid_of_window, sid, SECCLASS_X_EVENT,
&sid_return->sid) < 0) {
ErrorF("SELinux: a compute_create call failed!\n");
return BadValue;
}
return Success;
}
