tsolinfo.h revision 639
606N/A/* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
0N/A *
0N/A * Permission is hereby granted, free of charge, to any person obtaining a
0N/A * copy of this software and associated documentation files (the
0N/A * "Software"), to deal in the Software without restriction, including
0N/A * without limitation the rights to use, copy, modify, merge, publish,
0N/A * distribute, and/or sell copies of the Software, and to permit persons
0N/A * to whom the Software is furnished to do so, provided that the above
0N/A * copyright notice(s) and this permission notice appear in all copies of
0N/A * the Software and that both the above copyright notice(s) and this
0N/A * permission notice appear in supporting documentation.
0N/A *
0N/A * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
0N/A * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
0N/A * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
0N/A * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
0N/A * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
0N/A * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
0N/A * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
0N/A * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
0N/A * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
0N/A *
0N/A * Except as contained in this notice, the name of a copyright holder
0N/A * shall not be used in advertising or otherwise to promote the sale, use
0N/A * or other dealings in this Software without prior written authorization
0N/A * of the copyright holder.
606N/A */
0N/A
639N/A#pragma ident "@(#)tsolinfo.h 1.21 09/02/12 SMI"
0N/A
0N/A
0N/A#ifndef _TSOL_INFO_H
0N/A#define _TSOL_INFO_H
0N/A
0N/A#include <sys/types.h>
0N/A
0N/A#include <tsol/label.h>
0N/A#include <sys/tsol/tndb.h>
0N/A#include <bsm/audit.h>
0N/A#include <sys/mkdev.h>
0N/A#include <ucred.h>
0N/A#include "misc.h"
0N/A#include "dixstruct.h"
98N/A#include <X11/keysym.h>
0N/A
0N/A/*********************************
0N/A *
0N/A * DEBUG INFO
0N/A *
0N/A *********************************/
0N/A
639N/A/* Message verbosity levels passed to os/log.c functions
639N/A * Level 0 messages are printed by all servers to stderr.
639N/A * Xorg defaults to logging messages in 0-3 to /var/log/Xorg.<display>.log
639N/A * Ranges of messages to print to stderr can be changed with Xorg -verbose N
639N/A * and Xephyr -verbosity N
639N/A * Ranges of messages to print to log can be changed with Xorg -logverbose N
639N/A * Other servers don't support runtime configuration of log messages yet.
0N/A */
639N/A
639N/A#define TSOL_MSG_ERROR 0 /* Always printed */
639N/A#define TSOL_MSG_UNIMPLEMENTED 5
639N/A#define TSOL_MSG_POLICY_DENIED 6
639N/A#define TSOL_MSG_ACCESS_TRACE 7
0N/A
639N/A#define TSOL_LOG_PREFIX TSOLNAME ": "
639N/Aextern const char *TsolDixAccessModeNameString(Mask access_mode);
639N/Aextern const char *TsolErrorNameString(int req);
639N/Aextern const char *TsolPolicyReturnString(int pr);
639N/Aextern const char *TsolRequestNameString(int req);
639N/Aextern const char *TsolResourceTypeString(RESTYPE resource);
639N/A
639N/A#define MAXNAME 64 /* 63 chars of process name stored */
0N/A
0N/A/*********************************
0N/A *
0N/A * CONSTANTS
0N/A *
0N/A *********************************/
0N/A
0N/A
0N/A/*
0N/A * X audit events start from 9101 in audit_uevents.h. The first 2 events
0N/A * are non-protocol ones viz. ClientConnect, mapped to 9101 and
0N/A * ClientDisconnect, mapped to 9102.
0N/A * The protocol events are mapped from 9103 onwards in the serial order
0N/A * of their respective protocol opcode, for eg, the protocol UngrabPointer
0N/A * which is has a protocol opcode 27 is mapped to 9129 (9102 + 27).
0N/A * All extension protocols are mapped to a single audit event AUE_XExtension
0N/A * as opcodes are assigined dynamically to these protocols. We set the
0N/A * extension protocol opcode to be 128, one more than the last standard opcode.
0N/A */
0N/A#define XAUDIT_Q_SIZE 1024 /* audit queue size for x server */
0N/A#define XAUDIT_OFFSET 9102
0N/A#define XAUDIT_EXTENSION 128
633N/A
0N/A#define MAX_CLIENT 16
0N/A#define MAX_SLS 16 /* used in atom */
0N/A#define MAX_POLYPROPS 128 /* used in property */
0N/A#define DEF_UID (uid_t)0 /* uid used for default objects */
0N/A#define INVALID_UID (uid_t)0xFFFF /* invalid uid */
0N/A/*
0N/A * Various flags for TsolInfoRec, TsolResRec
0N/A */
0N/A#define TSOL_IIL 0x0000001 /* iil changed for window */
0N/A#define TSOL_DOXAUDIT 0x0000002 /* write X audit rec if set */
0N/A#define TSOL_AUDITEVENT 0x0000004 /* this event mask selected for audit */
0N/A#define CONFIG_AUDITED 0x0000008 /* this priv has been asserted for */
0N/A#define DAC_READ_AUDITED 0x0000010 /* the same object before */
0N/A#define DAC_WRITE_AUDITED 0x0000020
0N/A#define MAC_READ_AUDITED 0x0000040
0N/A#define MAC_WRITE_AUDITED 0x0000080
0N/A#define TRUSTED_MASK 0x0000100 /* Window has Trusted Path */
0N/A
0N/A/*
0N/A * Polyinstantiated property/selections
0N/A */
0N/A#define POLY_SIZE 16 /* increase the list 16 at a time */
0N/A#define CONFIG_PRIV_FILE "config.privs"
0N/A#define CONFIG_EXTENSION_FILE "config.extensions"
0N/A
0N/A#define PROCVECTORSIZE (256)
0N/A
0N/Aenum tsolconfig_types {
0N/A TSOL_ATOM = 0,
0N/A TSOL_PROPERTY,
0N/A TSOL_SELECTION,
0N/A TSOL_EXTENSION,
0N/A TSOL_PRIVILEGE
0N/A};
0N/A
0N/Atypedef enum tsolconfig_types tsolconfig_t;
0N/A
0N/A/*
0N/A * Masks corresponding various types
0N/A */
0N/A#define TSOLM_ATOM 1
0N/A#define TSOLM_PROPERTY (1 << 1)
0N/A#define TSOLM_SELECTION (1 << 2)
0N/A
0N/A#define SL_SIZE blabel_size()
0N/A
0N/A/*********************************
0N/A *
0N/A * MACROS
0N/A *
0N/A *********************************/
0N/A
0N/A
0N/A#define WindowIsRoot(pWin) (pWin && (pWin->parent == NullWindow))
0N/A#define DrawableIsRoot(pDraw)\
0N/A (pDraw && (pDraw->id == WindowTable[pDraw->pScreen->myNum]->drawable.id))
0N/A
0N/A/*
0N/A * True if client is part of TrustedPath
0N/A */
0N/A#define HasTrustedPath(tsolinfo)\
0N/A (tsolinfo->trusted_path ||\
0N/A (tsolinfo->forced_trust == 1))
0N/A
606N/A#define XTSOLTrusted(pWin) \
606N/A ((TsolWindowPriv(pWin))->flags & TRUSTED_MASK)
0N/A
0N/A
0N/A/*********************************
0N/A *
0N/A * DATA STRUCTURES
0N/A *
0N/A *********************************/
0N/Aenum client_types {
0N/A CLIENT_LOCAL,
0N/A CLIENT_REMOTE
0N/A};
0N/A
0N/Atypedef enum client_types client_type_t;
0N/A
0N/A/*
0N/A * Extended attributes for each client.
0N/A * Most of the information comes from getpeerucred()
0N/A */
0N/Atypedef struct _TsolInfo {
0N/A uid_t uid; /* real user id */
0N/A uid_t euid; /* effective user id */
0N/A gid_t gid; /* real group id */
0N/A gid_t egid; /* effective group id */
0N/A pid_t pid; /* process id */
0N/A zoneid_t zid; /* zone id */
0N/A priv_set_t *privs; /* privileges */
0N/A bslabel_t *sl; /* sensitivity label */
0N/A u_long iaddr; /* internet addr */
0N/A Bool trusted_path; /* has trusted path */
0N/A Bool priv_debug; /* do privilege debugging */
0N/A u_long flags; /* various flags */
0N/A int forced_trust; /* client masked as trusted */
0N/A au_id_t auid; /* audit id */
36N/A au_mask_t amask; /* audit mask */
36N/A au_asid_t asid; /* audit session id */
0N/A client_type_t client_type; /* Local or Remote client */
36N/A int asaverd;
36N/A struct sockaddr_storage saddr; /* socket information */
639N/A char pname[MAXNAME]; /* process name for debug messages */
0N/A} TsolInfoRec, *TsolInfoPtr;
0N/A
0N/A/*
0N/A * per resource info
0N/A */
0N/Atypedef struct _TsolRes {
0N/A bslabel_t *sl; /* sensitivity label */
0N/A uid_t uid; /* user id */
0N/A u_long flags; /* various flags */
0N/A pid_t pid; /* who created it */
0N/A} TsolResRec, *TsolResPtr;
0N/A
0N/A/*
0N/A * per property info. useful for polyprops
0N/A */
0N/Atypedef struct _TsolProp {
0N/A bslabel_t *sl; /* sensitivity label */
0N/A uid_t uid; /* user id */
0N/A long size; /* size of data in (format/8) bytes */
0N/A unsigned char *data; /* value */
0N/A struct _TsolProp *next; /* points to next struct */
0N/A struct _TsolProp *head; /* head of poly'd prop list */
0N/A pid_t pid; /* who created it */
168N/A int serverOwned; /* internally created by the Server */
0N/A} TsolPropRec, *TsolPropPtr;
0N/A
0N/A/*
0N/A * per selection info. useful for polyinstantiated selns
0N/A */
0N/Atypedef struct _TsolSeln {
0N/A bslabel_t *sl; /* sensitivity label */
0N/A uid_t uid; /* user id */
0N/A TimeStamp lastTimeChanged;
0N/A Window window; /* owner of seln */
0N/A WindowPtr pWin; /* corresponds to the owner win */
0N/A ClientPtr client; /* client that owns the window */
0N/A struct _TsolSeln *next; /* points to next struct */
0N/A pid_t pid; /* who created it */
0N/A} TsolSelnRec, *TsolSelnPtr;
0N/A
606N/A/*
606N/A * information stored in devPrivates
606N/A */
606N/Atypedef union {
606N/A TsolInfoRec clientPriv;
606N/A TsolResRec windowPriv;
606N/A TsolResRec pixmapPriv;
606N/A TsolPropPtr propertyPriv;
606N/A TsolSelnPtr selectionPriv;
606N/A} TsolPrivRec, *TsolPrivPtr;
606N/A
606N/Aextern DevPrivateKey tsolPrivKey;
606N/A
606N/A#define TsolClientPriv(pClient) \
606N/A ((TsolInfoPtr) dixLookupPrivate(&(pClient)->devPrivates, tsolPrivKey))
606N/A
606N/A#define TsolWindowPriv(pWin) \
606N/A ((TsolResPtr) dixLookupPrivate(&(pWin)->devPrivates, tsolPrivKey))
606N/A
606N/A#define TsolPixmapPriv(pPix) \
606N/A ((TsolResPtr) dixLookupPrivate(&(pPix)->devPrivates, tsolPrivKey))
606N/A
606N/A#define TsolPropertyPriv(pProp) \
606N/A ((TsolPropPtr *) dixLookupPrivate(&(pProp)->devPrivates, tsolPrivKey))
606N/A
606N/A#define TsolSelectionPriv(pSel) \
606N/A ((TsolSelnPtr *) dixLookupPrivate(&(pSel)->devPrivates, tsolPrivKey))
606N/A
0N/A#if 0
606N/A/*
0N/A * NodeRec struct defined here is used instead of the
0N/A * one defined in atom.c. This is used in policy functions
0N/A */
0N/Atypedef struct _Node {
0N/A struct _Node *left, *right;
0N/A Atom a;
0N/A unsigned int fingerPrint;
0N/A char *string;
0N/A#ifdef TSOL
0N/A int slsize; /* size of the sl array below */
0N/A int clientCount; /* actual no. of clients */
0N/A int IsSpecial; /* special atoms for polyprops */
0N/A bslabel_t **sl; /* an array of sl's. */
0N/A#endif /* TSOL */
0N/A} NodeRec, *NodePtr;
0N/A
0N/A#endif
0N/A
0N/A#define NODE_SLSIZE 16 /* increase sl array by this amount */
0N/Atypedef struct _TsolNodeRec {
0N/A unsigned int flags;
0N/A int slcount; /* no. of SLs referenced */
0N/A int slsize; /* size of the sl array */
0N/A int IsSpecial;
0N/A bslabel_t **sl;
0N/A
0N/A} TsolNodeRec, *TsolNodePtr;
0N/A
0N/A/*
0N/A * if polyinst true, the name list is polyinstantiated
0N/A * if false, the everything except the list is polyinstantiated
0N/A * NOTE: Default for seln: polyinstantiate the list
0N/A * Default for prop: polyinstantiate everything except the list
0N/A */
0N/Atypedef struct _TsolPolyAtom {
0N/A int polyinst;
0N/A int size; /* max size of the list */
0N/A int count; /* how many are actually valid */
0N/A char **name;
0N/A} TsolPolyAtomRec, *TsolPolyAtomPtr;
0N/A
0N/A/*
0N/A * PolyInstInfo represents if a get request will match the
0N/A * client's sl,uid for this or it will use the polyinstinfo
0N/A * information to retrieve values for prop/selection
0N/A */
0N/Atypedef struct _TsolPolyInstInfo {
0N/A int enabled; /* if true use following sl, uid */
0N/A uid_t uid;
0N/A bslabel_t *sl;
0N/A} TsolPolyInstInfoRec, *TsolPolyInstInfoPtr;
0N/A
0N/A
0N/A/*
0N/A * Disable flags for extensions
0N/A */
0N/Atypedef struct _extensionFlag {
606N/A Bool disableACCESSX;
0N/A Bool disableDPS;
0N/A Bool disableDBE;
0N/A Bool disableDPMS;
0N/A Bool disableEVI;
0N/A Bool disableFBPM;
0N/A Bool disableLBX;
606N/A Bool disableSCREENSAVER;
0N/A Bool disableMITSHM;
0N/A Bool disableMITMISC;
0N/A Bool disableMULTIBUFFER;
0N/A Bool disableSECURITY;
0N/A Bool disableSHAPE;
0N/A Bool disableALLPLANES;
0N/A Bool disableDGA;
0N/A Bool disableOVL;
0N/A Bool disableRECORD;
0N/A Bool disableSYNC;
0N/A Bool disableIA;
0N/A Bool disableCUP;
0N/A Bool disableAPPGROUP;
0N/A Bool disableXCMISC;
606N/A Bool disableXIE;
0N/A Bool disableXINPUT;
0N/A Bool disableXINERAMA;
0N/A Bool disableXTEST;
0N/A} ExtensionFlag;
0N/A
0N/A
0N/A/*
0N/A * Hot Key structure
0N/A * caches keycode/mask for
0N/A * a primary & alternate
0N/A * Hot Keys
0N/A */
0N/Atypedef struct _HotKeyRec {
0N/A int initialized;
0N/A KeyCode key; /* Primary key */
0N/A unsigned shift; /* Primary modifier/shift */
0N/A KeyCode altkey; /* Alternate key */
0N/A unsigned altshift; /* Alternate modifier/shift */
0N/A} HotKeyRec, *HotKeyPtr;
0N/A
0N/A/*********************************
0N/A *
0N/A * EXTERNS
0N/A *
0N/A *********************************/
0N/A
0N/A
0N/Aextern WindowPtr *WindowTable;
0N/Aextern int PolyProperty(Atom atom, WindowPtr pWin);
0N/Aextern int PolySelection(Atom atom);
0N/Aextern TsolPolyInstInfoRec tsolpolyinstinfo;
0N/Aextern uid_t OwnerUID; /* Workstation owner uid */
36N/Aextern Bool system_audit_on;
0N/A
0N/A/*********************************
0N/A *
0N/A * FUNCTION PROTOTYPES
0N/A *
0N/A *********************************/
0N/A
0N/A
0N/Avoid TsolReadPolyAtoms(char *filename, TsolPolyAtomPtr polyatomptr);
0N/Aextern WindowPtr TopClientWin(WindowPtr pWin);
0N/Aextern WindowPtr RootWin(WindowPtr pWin);
0N/Aextern Window RootOf(WindowPtr pWin);
0N/Aextern Window RootOfClient(WindowPtr pWin);
606N/Aextern int TsolDisabledExtension(const char *extname);
633N/Aextern int MatchTsolConfig(const char *name, int len);
36N/Aextern int HasWinSelection(TsolInfoPtr tsolinfo);
36N/Aextern int same_client (ClientPtr client, XID xid);
36N/Aextern int client_private (ClientPtr client, XID xid);
606N/Aextern TsolPropPtr AllocTsolProp(void);
606N/Aextern TsolPropPtr AllocServerTsolProp(void);
606N/Aextern bslabel_t *lookupSL_low(void);
36N/Aextern bslabel_t *lookupSL(bslabel_t *slptr);
36N/Aextern BoxPtr WindowExtents(WindowPtr pWin, BoxPtr pBox);
36N/Aextern Bool ShapeOverlap(WindowPtr pWin, BoxPtr pWinBox,
36N/A WindowPtr pSib, BoxPtr pSibBox);
0N/A
0N/A#endif /* _TSOL_INFO_H */