tsolpolicy.c revision 799
606N/A/* Copyright 2009 Sun Microsystems, Inc. All rights reserved. 0N/A * Permission is hereby granted, free of charge, to any person obtaining a 0N/A * copy of this software and associated documentation files (the 0N/A * "Software"), to deal in the Software without restriction, including 0N/A * without limitation the rights to use, copy, modify, merge, publish, 0N/A * distribute, and/or sell copies of the Software, and to permit persons 0N/A * to whom the Software is furnished to do so, provided that the above 0N/A * copyright notice(s) and this permission notice appear in all copies of 0N/A * the Software and that both the above copyright notice(s) and this 0N/A * permission notice appear in supporting documentation. 0N/A * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 0N/A * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 0N/A * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT 0N/A * OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR 0N/A * HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL 0N/A * INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING 0N/A * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, 0N/A * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION 0N/A * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 0N/A * Except as contained in this notice, the name of a copyright holder 0N/A * shall not be used in advertising or otherwise to promote the sale, use 0N/A * or other dealings in this Software without prior written authorization 0N/A * of the copyright holder. 639N/A/* Unless NO_TSOL_DEBUG_MESSAGES is defined, admins will be able to enable 639N/A debugging messages at runtime via Xorg -logverbose */ 639N/A#
endif /* NO_TSOL_DEBUG_MESSAGES */ 799N/A /* Check for Trusted Path (TP) */ 799N/A /* Check for Mandatory Access Control (MAC) */ 799N/A /* Check for Discretionary Access Control (DAC) */ 799N/A /* ((tsolres->uid == OwnerUID || tsolres->uid == DEF_UID) && */ 799N/A "tsol_check_policy(%s, %s, %d, pid=%d, %s, %d, %s) = %s\n",
0N/A * Converts SL to string 639N/A#
endif /* !NO_TSOL_DEBUG_MESSAGES */ 36N/A * Allocate a single privilege set 36N/A * Initialize all string window privileges to the binary equivalent. 36N/A * Binary privilege testing is much faster than the string testing 799N/A * Image operations are allowed here for lookup reasons. 799N/A * The actual policy enforcement is in the protocol handler. 799N/A * Allow pointer grab on root window, as long as 799N/A * pointer is currently in a window owned by 799N/A /* Newly created drawable. Initialize it. */ 799N/A /* Event access, actual policy is implemented in the hook */ 799N/A "policy not implemented for TsolCheckWindowAccess, " 799N/A "rtype=0x%x (%s), mode=0x%x (%s)\n",
799N/A "TsolCheckDrawableAccess(%s, %s, 0x%x, %s, %s) = %s\n",
799N/A#
endif /* !NO_TSOL_DEBUG_MESSAGES */ 799N/A /* Anyone can create an object */ 799N/A /* DAC check is based on client isolation */ 799N/A "policy not implemented for TsolCheckXIDAccess, " 799N/A "rtype=0x%x (%s), mode=0x%x (%s)\n",
799N/A "TsolCheckXIDAccess(%s, %s, 0x%x, %s, %s) = %s\n",
799N/A#
endif /* !NO_TSOL_DEBUG_MESSAGES */ 799N/A /* rec->status = Success; return; */ 799N/A /* Allow get/read attributes, grab is enforced in protocol handler */ 799N/A "policy not implemented for TsolCheckServerAccess, " 799N/A "TsolCheckServerAccess(%s, %s, %s) = %s\n",
799N/A#
endif /* !NO_TSOL_DEBUG_MESSAGES */ 799N/A "policy not implemented for TsolCheckClientAccess, " 799N/A "TsolCheckClientAccess(%s, %s, %s) = %s\n",
799N/A#
endif /* !NO_TSOL_DEBUG_MESSAGES */ 799N/A "policy not implemented for TsolCheckDeviceAccess, %s, %s\n",
799N/A "TsolCheckDeviceAccess(%s, %s, %s) = %s\n",
799N/A#
endif /* !NO_TSOL_DEBUG_MESSAGES */