[PATCH 3/3] Xext: Enable client ID tracking in extensions (SELinux).

Rami Ylimäki Mon, 30 Aug 2010 06:31:05 -0700

Make SELinux use the public interface for querying client command
string. SELinux could be optimized further by removing its own copy of
the command string. However, that optimization has been left out for
simplicity.


Signed-off-by: Rami Ylimäki <[email protected]>
---
I haven't tested SELinux extension with this patch. I've only checked
that similar changes in a different context are working correctly.

 Xext/xselinux_hooks.c |   37 ++++++++-----------------------------
 1 files changed, 8 insertions(+), 29 deletions(-)

diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
index 560e1e9..baca533 100644
--- a/Xext/xselinux_hooks.c
+++ b/Xext/xselinux_hooks.c
@@ -33,6 +33,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 
THE SOFTWARE.
 #include <libaudit.h>
 
 #include <X11/Xatom.h>
+#include "client.h"
 #include "selection.h"
 #include "inputstr.h"
 #include "scrnintstr.h"
@@ -129,26 +130,12 @@ SELinuxLabelClient(ClientPtr client)
 
     /* For local clients, try and determine the executable name */
     if (XaceIsLocal(client)) {
-       struct ucred creds;
-       socklen_t len = sizeof(creds);
-       char path[PATH_MAX + 1];
-       size_t bytes;
+       const char *cmd = GetClientCmd(client);
 
-       memset(&creds, 0, sizeof(creds));
-       if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0)
+       if (!cmd)
            goto finish;
 
-       snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid);
-       fd = open(path, O_RDONLY);
-       if (fd < 0)
-           goto finish;
-
-       bytes = read(fd, path, PATH_MAX + 1);
-       close(fd);
-       if (bytes <= 0)
-           goto finish;
-
-       strncpy(subj->command, path, COMMAND_LEN - 1);
+       strncpy(subj->command, cmd, COMMAND_LEN - 1);
     }
 
 finish:
@@ -741,16 +728,8 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, 
pointer calldata)
 static void
 SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 {
-    NewClientInfoRec *pci = calldata;
-
-    switch (pci->client->clientState) {
-    case ClientStateInitial:
-       SELinuxLabelClient(pci->client);
-       break;
-
-    default:
-       break;
-    }
+    ClientPtr client = calldata;
+    SELinuxLabelClient(client);
 }
 
 static void
@@ -819,7 +798,7 @@ void
 SELinuxFlaskReset(void)
 {
     /* Unregister callbacks */
-    DeleteCallback(&ClientStateCallback, SELinuxClientState, NULL);
+    DeleteCallback(GetClientIdsReservedCbs(), SELinuxClientState, NULL);
     DeleteCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
 
     XaceDeleteCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL);
@@ -912,7 +891,7 @@ SELinuxFlaskInit(void)
                                    NULL);
 
     /* Register callbacks */
-    ret &= AddCallback(&ClientStateCallback, SELinuxClientState, NULL);
+    ret &= AddCallback(GetClientIdsReservedCbs(), SELinuxClientState, NULL);
     ret &= AddCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
 
     ret &= XaceRegisterCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL);
-- 
1.6.3.3

_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel

[PATCH 3/3] Xext: Enable client ID tracking in extensions (SELinux).

Reply via email to