1379N/A * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. 0N/A * Permission is hereby granted, free of charge, to any person obtaining a 919N/A * copy of this software and associated documentation files (the "Software"), 919N/A * to deal in the Software without restriction, including without limitation 919N/A * the rights to use, copy, modify, merge, publish, distribute, sublicense, 919N/A * and/or sell copies of the Software, and to permit persons to whom the 919N/A * Software is furnished to do so, subject to the following conditions: 919N/A * The above copyright notice and this permission notice (including the next 919N/A * paragraph) shall be included in all copies or substantial portions of the 919N/A * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 919N/A * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 919N/A * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 919N/A * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 919N/A * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 919N/A * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 919N/A * DEALINGS IN THE SOFTWARE. 639N/A/* Unless NO_TSOL_DEBUG_MESSAGES is defined, admins will be able to enable 639N/A debugging messages at runtime via Xorg -logverbose */ 639N/A#
endif /* NO_TSOL_DEBUG_MESSAGES */ 799N/A /* Check for Trusted Path (TP) */ 799N/A /* Check for Mandatory Access Control (MAC) */ 799N/A /* Check for Discretionary Access Control (DAC) */ 799N/A /* ((tsolres->uid == OwnerUID || tsolres->uid == DEF_UID) && */ 799N/A "tsol_check_policy(%s, %s, %d, pid=%d, %s, %d, %s) = %s\n",
0N/A * Converts SL to string 639N/A#
endif /* !NO_TSOL_DEBUG_MESSAGES */ 36N/A * Allocate a single privilege set 36N/A * Initialize all string window privileges to the binary equivalent. 36N/A * Binary privilege testing is much faster than the string testing 1379N/A /* Ignore unlabeled resources */ 799N/A * Image operations are allowed here for lookup reasons. 799N/A * The actual policy enforcement is in the protocol handler. 799N/A * Allow pointer grab on root window, as long as 799N/A * pointer is currently in a window owned by 799N/A /* Newly created drawable. Initialize it. */ 799N/A /* Event access, actual policy is implemented in the hook */ 799N/A "policy not implemented for TsolCheckWindowAccess, " 799N/A "rtype=0x%x (%s), mode=0x%x (%s)\n",
799N/A "TsolCheckDrawableAccess(%s, %s, 0x%x, %s, %s) = %s\n",
799N/A#
endif /* !NO_TSOL_DEBUG_MESSAGES */ 799N/A /* Anyone can create an object */ 799N/A /* DAC check is based on client isolation */ 799N/A "policy not implemented for TsolCheckXIDAccess, " 799N/A "rtype=0x%x (%s), mode=0x%x (%s)\n",
799N/A "TsolCheckXIDAccess(%s, %s, 0x%x, %s, %s) = %s\n",
799N/A#
endif /* !NO_TSOL_DEBUG_MESSAGES */ 799N/A /* rec->status = Success; return; */ 799N/A /* Allow get/read attributes, grab is enforced in protocol handler */ 799N/A "policy not implemented for TsolCheckServerAccess, " 799N/A "TsolCheckServerAccess(%s, %s, %s) = %s\n",
799N/A#
endif /* !NO_TSOL_DEBUG_MESSAGES */ 799N/A "policy not implemented for TsolCheckClientAccess, " 799N/A "TsolCheckClientAccess(%s, %s, %s) = %s\n",
799N/A#
endif /* !NO_TSOL_DEBUG_MESSAGES */ 1209N/A /* Allow all device access to the server itself */ 799N/A "policy not implemented for TsolCheckDeviceAccess, %s, %s\n",
799N/A "TsolCheckDeviceAccess(%s, %s, %s) = %s\n",
799N/A#
endif /* !NO_TSOL_DEBUG_MESSAGES */