#pragma ident "@(#)tsolpolicy.c 1.23 09/01/14 SMI"

#ifdef HAVE_DIX_CONFIG_H

#include <dix-config.h>

#endif

#include <X11/X.h>

#define NEED_REPLIES

#define NEED_EVENTS

#include <stdio.h>

#include <sys/types.h>

#include <unistd.h>

#include "auditwrite.h"

#include <bsm/audit_kevents.h>

#include <bsm/audit_uevents.h>

#include <X11/Xproto.h>

#include "dix.h"

#include "misc.h"

#include "scrnintstr.h"

#include "os.h"

#include "regionstr.h"

#include "validate.h"

#include "windowstr.h"

#include "propertyst.h"

#include "input.h"

#include "inputstr.h"

#include "resource.h"

#include "colormapst.h"

#include "cursorstr.h"

#include "dixstruct.h"

#include "selection.h"

#include "gcstruct.h"

#include "servermd.h"

#include <syslog.h>

#include "extnsionst.h"

#include "registry.h"

#ifdef PANORAMIX

#include "../Xext/panoramiXsrv.h"

#endif

#include "tsol.h"

#include "tsolinfo.h"

#include "tsolpolicy.h"

static priv_set_t *pset_win_mac_read = NULL;

static priv_set_t *pset_win_mac_write = NULL;

static priv_set_t *pset_win_dac_read = NULL;

static priv_set_t *pset_win_dac_write = NULL;

static priv_set_t *pset_win_config = NULL;

static priv_set_t *pset_win_devices = NULL;

static priv_set_t *pset_win_fontpath = NULL;

static priv_set_t *pset_win_colormap = NULL;

static priv_set_t *pset_win_upgrade_sl = NULL;

static priv_set_t *pset_win_downgrade_sl = NULL;

static priv_set_t *pset_win_selection = NULL;

extern char *xsltos(bslabel_t *sl);

extern InputInfo inputInfo;

extern unsigned long tsoldebug; /* from tsolutils.c */

extern Bool priv_win_colormap;

extern Bool priv_win_config;

extern Bool priv_win_devices;

extern Bool priv_win_dga;

extern Bool priv_win_fontpath;

extern int tsolMultiLevel;

#define SAMECLIENT(client, xid) ((client)->index == CLIENT_ID(xid))

static int access_xid(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc,

RESTYPE res_type, priv_set_t *which_priv);

static int check_priv(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc,

priv_set_t *priv);

#ifdef DEBUG

static int xtsol_debug = XTSOL_FAIL; /* set it to 0 if no logging is required */

static void XTsolErr(const char *err_type, uintptr_t protocol,

bslabel_t *osl, uid_t ouid, pid_t opid, const char *opname,

bslabel_t *ssl, uid_t suid, pid_t spid, const char *spname,

const char *method, int isstring, void *xid);

#define XTSOLERR_GEN(err_type, protocol, o, s, method, xid, isstring) \

(void) XTsolErr(err_type, (uintptr_t) (protocol), \

(o)->sl, (o)->uid, (o)->pid, NULL, \

(s)->sl, (s)->uid, (s)->pid, NULL, \

method, isstring, (void *) (xid))

#else /* !DEBUG */

#define XTSOLERR_GEN(err_type, protocol, o, s, method, xid, isstring) /**/

#endif /* DEBUG */

#define XTSOLERR(err_type, protocol, o, s, method, xid) \

XTSOLERR_GEN(err_type, protocol, o, s, method, (uintptr_t) xid, 0);

#define SXTSOLERR(err_type, protocol, o, s, method, xid) \

XTSOLERR_GEN(err_type, protocol, o, s, method, xid, 1);

int object_float(TsolInfoPtr, WindowPtr);

static void

set_audit_flags(TsolInfoPtr tsolinfo)

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

tsolinfo->flags &= ~TSOL_AUDITEVENT;

if (!(tsolinfo->flags & TSOL_DOXAUDIT))

tsolinfo->flags |= TSOL_DOXAUDIT;

}

static void

unset_audit_flags(TsolInfoPtr tsolinfo)

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

tsolinfo->flags &= ~TSOL_AUDITEVENT;

if (tsolinfo->flags & TSOL_DOXAUDIT)

tsolinfo->flags &= ~TSOL_DOXAUDIT;

}

static int

xpriv_policy(priv_set_t *set, priv_set_t *priv, xresource_t res,

xmethod_t method, void *subject, Bool do_audit)

{

static int logopened = FALSE;

int status = 0;

int audit_status = 0;

ClientPtr client = subject;

TsolInfoPtr tsolinfo = GetClientTsolInfo(client);

if (priv_issubset(priv, set))

{

status = 1;

audit_status = 1;

}

else

{

audit_status = 0;

if (!logopened)

{

/* LOG_USER doesn't work */

openlog("xsun", 0, LOG_LOCAL0);

logopened = TRUE;

}

/* if priv debugging is on, allow this priv to succeed */

if (tsolinfo->priv_debug)

{

#ifdef DEBUG

ErrorF("pid %ld: Allowed priv %ld\n",

(long) tsolinfo->pid, (long) priv);

#endif /* DEBUG */

syslog(LOG_DEBUG|LOG_LOCAL0,

"DEBUG: %s pid %ld lacking privilege %d to %d %d",

"xclient", tsolinfo->pid, priv, method, res);

status = 1;

audit_status = 1;

}

}

if (do_audit)

auditwrite(AW_USEOFPRIV, audit_status, priv, AW_APPEND, AW_END);

return (status);

} /* xpriv_policy */

read_window(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

int ret_stat = PASSED;

Bool do_audit = FALSE;

int err_code = BadWindow;

WindowPtr pWin = resource;

ClientPtr client = subject;

ClientPtr ownerclient;

TsolInfoPtr tsolinfo = GetClientTsolInfo(client);

TsolInfoPtr tsolownerinfo; /*client who owns the window */

TsolResPtr tsolres = TsolWindowPriv(pWin);

ownerclient = clients[CLIENT_ID(pWin->drawable.id)];

tsolownerinfo = GetClientTsolInfo(ownerclient);

/*

if (WindowIsRoot(pWin))

{

return (PASSED);

}

/* optimization based on client id */

if (SAMECLIENT(client, pWin->drawable.id))

{

return PASSED;

}

/*

if (policy_flags & TSOL_MAC)

{

if (!(blequal(tsolinfo->sl, tsolres->sl)))

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_mac_read,

res, method, client, do_audit) ||

(tsolownerinfo && HasWinSelection(tsolownerinfo)))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc, tsolres, tsolinfo,

"read window", pWin->drawable.id);

ret_stat = err_code;

}

}

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)

{

/* uid == DEF_UID means public window, shared read */

if (!(XTSOLTrusted(pWin) ||

tsolres->uid == DEF_UID ||

tsolinfo->uid == tsolres->uid))

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_dac_read,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("dac", misc, tsolres, tsolinfo,

"read window", pWin->drawable.id);

ret_stat = err_code;

}

}

}

if (do_audit)

{

set_audit_flags(tsolinfo);

auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,

AW_APPEND, AW_END);

}

return (ret_stat);

} /* read_window */

modify_window(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

int ret_stat = PASSED;

Bool do_audit = FALSE;

int err_code = BadWindow;

WindowPtr pWin = resource;

ClientPtr client = subject;

TsolInfoPtr tsolinfo = GetClientTsolInfo(client);

TsolResPtr tsolres = TsolWindowPriv(pWin);

/* optimization based on client id */

if (SAMECLIENT(client, pWin->drawable.id))

{

return PASSED;

}

/*

if (XTSOLTrusted(pWin) && !HasTrustedPath(tsolinfo))

{

XTSOLERR("tp", misc, tsolres, tsolinfo,

"modify window", pWin->drawable.id);

ret_stat = err_code;

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_MAC)

{

if (!blequal(tsolinfo->sl, tsolres->sl))

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc, tsolres, tsolinfo,

"modify window", pWin->drawable.id);

ret_stat = err_code;

}

}

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)

{

if (tsolinfo->uid != tsolres->uid)

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("dac", misc, tsolres, tsolinfo,

"modify window", pWin->drawable.id);

ret_stat = err_code;

}

}

}

if (do_audit)

{

set_audit_flags(tsolinfo);

auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,

AW_APPEND, AW_END);

}

return (ret_stat);

} /* modify_window */

create_window(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

int ret_stat = PASSED;

Bool do_audit = FALSE;

int err_code = BadWindow;

WindowPtr pWin = resource; /* parent window */

ClientPtr client = subject;

TsolInfoPtr tsolinfo = GetClientTsolInfo(client);

TsolResPtr tsolres = TsolWindowPriv(pWin);

/*

if (WindowIsRoot(pWin))

{

return (PASSED);

}

/*

if (XTSOLTrusted(pWin))

{

if (!HasTrustedPath(tsolinfo))

{

/* XTSOLERR("tp", misc, tsolres, tsolinfo,

return (err_code);

}

}

/*

if (policy_flags & TSOL_MAC)

{

if (!blequal(tsolinfo->sl, tsolres->sl))

{

if (!SAMECLIENT(client, pWin->parent->drawable.id) &&

(tsolinfo->flags & TSOL_AUDITEVENT))

{

do_audit = TRUE;

}

if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc, tsolres, tsolinfo,

"create window", pWin->drawable.id);

ret_stat = err_code;

}

}

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)

{

if (tsolinfo->uid != tsolres->uid)

{

if (!SAMECLIENT(client, pWin->parent->drawable.id) &&

(tsolinfo->flags & TSOL_AUDITEVENT))

{

do_audit = TRUE;

}

if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("dac", misc, tsolres, tsolinfo,

"create window", pWin->drawable.id);

ret_stat = err_code;

}

}

}

if (do_audit)

{

set_audit_flags(tsolinfo);

auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,

AW_SLABEL, tsolres->sl,

AW_APPEND, AW_END);

}

return (ret_stat);

} /* create_window */

destroy_window(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

int ret_stat = PASSED;

Bool do_audit = FALSE;

int err_code = BadWindow;

WindowPtr pWin = resource;

ClientPtr client = subject;

TsolInfoPtr tsolinfo = GetClientTsolInfo(client);

TsolResPtr tsolres = TsolWindowPriv(pWin);

/*

if (XTSOLTrusted(pWin))

{

if (!HasTrustedPath(tsolinfo))

{

XTSOLERR("tp", misc, tsolres, tsolinfo,

"destroy window", pWin->drawable.id);

return (err_code);

}

}

/*

if (policy_flags & TSOL_MAC)

{

if (!blequal(tsolinfo->sl, tsolres->sl))

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc, tsolres, tsolinfo,

"destroy window", pWin->drawable.id);

ret_stat = err_code;

}

}

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)

{

if (tsolinfo->uid != tsolres->uid ||

!same_client(client, pWin->drawable.id))

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("dac", misc, tsolres, tsolinfo,

"destroy window", pWin->drawable.id);

ret_stat = err_code;

}

}

}

if (do_audit)

{

set_audit_flags(tsolinfo);

auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,

AW_APPEND, AW_END);

}

return (ret_stat);

} /* destroy_window */

read_pixel(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

int ret_stat = PASSED;

Bool do_audit = FALSE;

int err_code = BadDrawable;

int obj_code = 0;

XID obj_id = (XID)NULL;

DrawablePtr pDraw = resource;

ClientPtr client = subject;

PixmapPtr pMap = NullPixmap;

WindowPtr pWin = NullWindow;

TsolInfoPtr tsolinfo = GetClientTsolInfo(client);

TsolResPtr tsolres;

/*

if (pDraw->type == DRAWABLE_WINDOW)

{

pWin = (WindowPtr)LookupWindow(pDraw->id, client);

if (pWin == NULL)

return (PASSED); /* server will handle bad params */

tsolres = TsolWindowPriv(pWin);

obj_code = AW_XWINDOW;

obj_id = pWin->drawable.id;

}

else if (pDraw->type == DRAWABLE_PIXMAP)

{

pMap = (PixmapPtr)LookupIDByType(pDraw->id, RT_PIXMAP);

if (pMap == NULL)

return (PASSED); /* server will handle bad params */

tsolres = TsolPixmapPriv(pMap);

obj_code = AW_XPIXMAP;

obj_id = pMap->drawable.id;

}

else

return (PASSED); /* UNDRAWABLE_WINDOW */

/* based on client id bypass MAC/DAC */

if (!SAMECLIENT(client, pDraw->id))

{

/*

if (tsolMultiLevel && DrawableIsRoot(pDraw) &&

!HasTrustedPath(tsolinfo))

return (err_code);

/*

if (policy_flags & TSOL_MAC)

{

if (!bldominates(tsolinfo->sl, tsolres->sl))

{

if (!(tsolinfo->flags & MAC_READ_AUDITED) &&

(tsolinfo->flags & TSOL_AUDITEVENT))

{

do_audit = TRUE;

tsolinfo->flags |= MAC_READ_AUDITED;

}

/* PRIV override? */

if (xpriv_policy(tsolinfo->privs, pset_win_mac_read,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc,

tsolres, tsolinfo,

"read pixel", pDraw->id);

ret_stat = err_code;

}

}

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)

{

if (tsolinfo->uid != tsolres->uid)

{

if (!(tsolinfo->flags & DAC_READ_AUDITED) &&

(tsolinfo->flags & TSOL_AUDITEVENT))

{

do_audit = TRUE;

tsolinfo->flags |= DAC_READ_AUDITED;

}

if (xpriv_policy(tsolinfo->privs, pset_win_dac_read,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc,

tsolres, tsolinfo,

"read pixel", pDraw->id);

ret_stat = err_code;

}

}

}

} /* end if !SAMECLIENT */

if (do_audit)

{

set_audit_flags(tsolinfo);

auditwrite(obj_code, obj_id, tsolres->uid, AW_APPEND, AW_END);

}

return (ret_stat);

} /* read_pixel */

modify_pixel(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

int ret_stat = PASSED;

Bool do_audit = FALSE;

int err_code = BadDrawable;

int obj_code = 0;

XID obj_id = (XID)NULL;

DrawablePtr pDraw = resource;

ClientPtr client = subject;

PixmapPtr pMap = NullPixmap;

WindowPtr pWin = NullWindow;

TsolInfoPtr tsolinfo;

TsolResPtr tsolres;

#if defined(PANORAMIX)

PanoramiXRes *panres = NULL;

#endif

/*

tsolinfo = GetClientTsolInfo(client);

if (pDraw->type == DRAWABLE_WINDOW)

{

#if defined(PANORAMIX)

if (!noPanoramiXExtension)

{

panres = (PanoramiXRes *)LookupIDByType(pDraw->id, XRT_WINDOW);

if (panres)

pWin = (WindowPtr)LookupWindow(panres->info[0].id, client);

} else

#endif

pWin = (WindowPtr)LookupWindow(pDraw->id, client);

if (pWin == NULL)

return (PASSED);

tsolres = TsolWindowPriv(pWin);

obj_code = AW_XWINDOW;

obj_id = pWin->drawable.id;

}

else if (pDraw->type == DRAWABLE_PIXMAP)

{

#if defined(PANORAMIX)

if (!noPanoramiXExtension)

{

panres = (PanoramiXRes *)LookupIDByType(pDraw->id, XRT_PIXMAP);

if (panres)

pMap = (PixmapPtr)LookupIDByType(panres->info[0].id, RT_PIXMAP);

} else

#endif

pMap = (PixmapPtr)LookupIDByType(pDraw->id, RT_PIXMAP);

if (pMap == NULL)

return (PASSED);

tsolres = TsolPixmapPriv(pMap);

obj_code = AW_XPIXMAP;

obj_id = pMap->drawable.id;

}

else

return (PASSED); /* UNDRAWABLE_WINDOW */

/* optimization based on client id */

if (!SAMECLIENT(client, pDraw->id))

{

/*

if ((pDraw->type == DRAWABLE_WINDOW) &&

XTSOLTrusted(pWin) &&

!HasTrustedPath(tsolinfo))

{

XTSOLERR("tp", misc, tsolres, tsolinfo,

"modify pixel", pWin->drawable.id);

return (err_code);

}

/*

if (!priv_win_config && (pWin && WindowIsRoot(pWin)))

{

if (!(tsolinfo->flags & CONFIG_AUDITED) &&

(tsolinfo->flags & TSOL_AUDITEVENT))

{

do_audit = TRUE;

tsolinfo->flags |= CONFIG_AUDITED;

}

if (xpriv_policy(tsolinfo->privs, pset_win_config,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc, tsolres, tsolinfo,

"modify pixel", pDraw->id);

ret_stat = err_code;

}

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_MAC)

{

if (!blequal(tsolinfo->sl, tsolres->sl))

{

if (!(tsolinfo->flags & MAC_WRITE_AUDITED) &&

(tsolinfo->flags & TSOL_AUDITEVENT))

{

do_audit = TRUE;

tsolinfo->flags |= MAC_WRITE_AUDITED;

}

if (xpriv_policy(tsolinfo->privs,

pset_win_mac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc,

tsolres, tsolinfo,

"modify pixel", pDraw->id);

ret_stat = err_code;

}

}

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)

{

if (tsolinfo->uid != tsolres->uid)

{

if (!(tsolinfo->flags & DAC_WRITE_AUDITED) &&

(tsolinfo->flags & TSOL_AUDITEVENT))

{

do_audit = TRUE;

tsolinfo->flags |= DAC_WRITE_AUDITED;

}

if (xpriv_policy(tsolinfo->privs,

pset_win_dac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("dac", misc,

tsolres, tsolinfo,

"modify pixel", pDraw->id);

ret_stat = err_code;

}

}

}

} /* end if SAMECLIENT */

if (do_audit)

{

set_audit_flags(tsolinfo);

auditwrite(obj_code, obj_id, tsolres->uid, AW_APPEND, AW_END);

}

return (ret_stat);

} /* modify_pixel */

read_pixmap(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

int ret_stat = PASSED;

Bool do_audit = FALSE;

int err_code = BadPixmap;

PixmapPtr pMap = resource;

ClientPtr client = subject;

TsolInfoPtr tsolinfo = GetClientTsolInfo(client);

TsolResPtr tsolres = TsolPixmapPriv(pMap);

/*

if (policy_flags & TSOL_MAC)

{

if (!bldominates(tsolinfo->sl, tsolres->sl))

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_mac_read,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc, tsolres, tsolinfo,

"read pixmap", pMap->drawable.id);

ret_stat = err_code;

}

}

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)

{

if (tsolinfo->uid != tsolres->uid)

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_dac_read,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("dac", misc, tsolres, tsolinfo,

"read pixmap", pMap->drawable.id);

ret_stat = err_code;

}

}

}

if (do_audit)

{

set_audit_flags(tsolinfo);

auditwrite(AW_XPIXMAP, pMap->drawable.id, tsolres->uid,

AW_APPEND, AW_END);

}

return (ret_stat);

} /* read_pixmap */

modify_pixmap(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

int ret_stat = PASSED;

Bool do_audit = FALSE;

int err_code = BadPixmap;

PixmapPtr pMap = resource;

ClientPtr client = subject;

TsolInfoPtr tsolinfo = GetClientTsolInfo(client);

TsolResPtr tsolres = TsolPixmapPriv(pMap);

/*

if (policy_flags & TSOL_MAC)

{

if (!blequal(tsolinfo->sl, tsolres->sl))

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc, tsolres, tsolinfo,

"modify pixmap", pMap->drawable.id);

ret_stat = err_code;

}

}

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)

{

if (tsolinfo->uid != tsolres->uid)

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("dac", misc, tsolres, tsolinfo,

"modify pixmap", pMap->drawable.id);

ret_stat = err_code;

}

}

}

if (do_audit)

{

set_audit_flags(tsolinfo);

auditwrite(AW_XPIXMAP, pMap->drawable.id, tsolres->uid,

AW_APPEND, AW_END);

}

return (ret_stat);

} /* modify_pixmap */

destroy_pixmap(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

int ret_stat = PASSED;

Bool do_audit = FALSE;

int err_code = BadPixmap;

PixmapPtr pMap = resource;

ClientPtr client = subject;

TsolInfoPtr tsolinfo = GetClientTsolInfo(client);

TsolResPtr tsolres = TsolPixmapPriv(pMap);

/*

if (policy_flags & TSOL_MAC)

{

if (!blequal(tsolinfo->sl, tsolres->sl))

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc, tsolres, tsolinfo,

"destroy pixmap", pMap->drawable.id);

ret_stat = err_code;

}

}

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)

{

if (tsolinfo->uid != tsolres->uid)

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("dac", misc, tsolres, tsolinfo,

"destroy pixmap", pMap->drawable.id);

ret_stat = err_code;

}

}

}

if (do_audit)

{

set_audit_flags(tsolinfo);

auditwrite(AW_XPIXMAP, pMap->drawable.id, tsolres->uid,

AW_APPEND, AW_END);

}

return (ret_stat);

} /* destroy_pixmap */

read_client(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

int ret_stat = PASSED;

ClientPtr res_client;

int err_code = BadAccess;

Bool do_audit = FALSE;

ClientPtr client = subject;

TsolInfoPtr res_tsolinfo;

TsolInfoPtr tsolinfo = GetClientTsolInfo(client);

if (!(res_client = clients[CLIENT_ID((XID)resource)]))

{

return (BadValue);

}

res_tsolinfo = GetClientTsolInfo(res_client);

/* TrustedPath is needed to get serverClient attributes */

if (res_client == serverClient || res_tsolinfo == NULL)

{

if (client == serverClient || HasTrustedPath(tsolinfo))

return (PASSED);

else

return (BadValue);

}

/*

if (policy_flags & TSOL_MAC)

{

if (!blequal(tsolinfo->sl, res_tsolinfo->sl))

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_mac_read,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc, res_tsolinfo,

tsolinfo, "read client", resource);

ret_stat = err_code;

}

}

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)

{

if (tsolinfo->uid != res_tsolinfo->uid)

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_dac_read,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("dac", misc, res_tsolinfo,

tsolinfo, "read client", resource);

ret_stat = ret_stat;

}

}

}

/*

if ((ret_stat == PASSED) && HasTrustedPath(res_tsolinfo))

{

if (!HasTrustedPath(tsolinfo))

{

XTSOLERR("tp", misc, res_tsolinfo,

tsolinfo, "read client", resource);

ret_stat = err_code;

}

}

if (do_audit)

{

set_audit_flags(tsolinfo);

auditwrite(AW_XCLIENT, res_client->index, AW_APPEND, AW_END);

}

return (ret_stat);

} /* read client */

modify_client(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

int ret_stat = PASSED;

int err_code = BadValue;

Bool do_audit = FALSE;

ClientPtr client = subject;

TsolInfoPtr tsolinfo = GetClientTsolInfo(client);

if (priv_win_config)

return (PASSED);

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

/*

if (xpriv_policy(tsolinfo->privs, pset_win_config,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

ret_stat = err_code;

}

if (do_audit)

{

set_audit_flags(tsolinfo);

auditwrite(AW_XCLIENT, client->index, AW_APPEND, AW_END);

}

return (ret_stat);

} /* modify_client */

destroy_client(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

int ret_stat = PASSED;

ClientPtr res_client;

int err_code = BadValue;

Bool do_audit = FALSE;

ClientPtr client = subject;

TsolInfoPtr res_tsolinfo;

TsolInfoPtr tsolinfo = GetClientTsolInfo(client);

if (!(res_client = clients[CLIENT_ID((XID)resource)]))

{

return (BadValue);

}

res_tsolinfo = GetClientTsolInfo(res_client);

/* Server a special client */

if (res_client == serverClient || res_tsolinfo == NULL)

{

if (client != serverClient)

return (BadValue);

else

return (PASSED); /* internal request */

}

/*

if (policy_flags & TSOL_MAC)

{

if (!blequal(tsolinfo->sl, res_tsolinfo->sl))

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("mac", misc, res_tsolinfo,

tsolinfo, "destroy client", resource);

ret_stat = ret_stat;

}

}

}

/*

if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)

{

if (tsolinfo->uid != res_tsolinfo->uid)

{

if (tsolinfo->flags & TSOL_AUDITEVENT)

do_audit = TRUE;

if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,

res, method, client, do_audit))

{

ret_stat = PASSED;

}

else

{

XTSOLERR("dac", misc, res_tsolinfo,

tsolinfo, "destroy client", resource);

ret_stat = err_code;

}

}

}

/*

if ((ret_stat == PASSED) && HasTrustedPath(res_tsolinfo))

{

if (!HasTrustedPath(tsolinfo))

{

XTSOLERR("tp", misc, res_tsolinfo,

tsolinfo, "destroy client", resource);

ret_stat = err_code;

}

}

if (do_audit)

{

set_audit_flags(tsolinfo);

auditwrite(AW_XCLIENT, res_client->index, AW_APPEND, AW_END);

}

return (ret_stat);

} /* destroy_client */

read_gc(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

return (access_xid(res, method, resource, subject, policy_flags,

misc, RT_GC, pset_win_dac_read));

}

modify_gc(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

return (access_xid(res, method, resource, subject, policy_flags,

misc, RT_GC, pset_win_dac_write));

}

read_font(xresource_t res, xmethod_t method, void *resource,

void *subject, xpolicy_t policy_flags, void *misc)

{

return (access_xid(res, method, resource, subject, policy_flags,

misc, RT_FONT, pset_win_dac_read));

}