Imported Upstream version 1.15.1
[deb_xorg-server.git] / Xext / xselinuxint.h
... / ...
CommitLineData
1/************************************************************
2
3Author: Eamon Walsh <ewalsh@tycho.nsa.gov>
4
5Permission to use, copy, modify, distribute, and sell this software and its
6documentation for any purpose is hereby granted without fee, provided that
7this permission notice appear in supporting documentation. This permission
8notice shall be included in all copies or substantial portions of the
9Software.
10
11THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
15AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
16CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
17
18********************************************************/
19
20#ifndef _XSELINUXINT_H
21#define _XSELINUXINT_H
22
23#include <selinux/selinux.h>
24#include <selinux/avc.h>
25
26#include "globals.h"
27#include "dixaccess.h"
28#include "dixstruct.h"
29#include "privates.h"
30#include "resource.h"
31#include "registry.h"
32#include "inputstr.h"
33#include "xselinux.h"
34
35/*
36 * Types
37 */
38
39#define COMMAND_LEN 64
40
41/* subject state (clients and devices only) */
42typedef struct {
43 security_id_t sid;
44 security_id_t dev_create_sid;
45 security_id_t win_create_sid;
46 security_id_t sel_create_sid;
47 security_id_t prp_create_sid;
48 security_id_t sel_use_sid;
49 security_id_t prp_use_sid;
50 struct avc_entry_ref aeref;
51 char command[COMMAND_LEN];
52 int privileged;
53} SELinuxSubjectRec;
54
55/* object state */
56typedef struct {
57 security_id_t sid;
58 int poly;
59} SELinuxObjectRec;
60
61/*
62 * Globals
63 */
64
65extern DevPrivateKeyRec subjectKeyRec;
66
67#define subjectKey (&subjectKeyRec)
68extern DevPrivateKeyRec objectKeyRec;
69
70#define objectKey (&objectKeyRec)
71extern DevPrivateKeyRec dataKeyRec;
72
73#define dataKey (&dataKeyRec)
74
75/*
76 * Label functions
77 */
78
79int
80 SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec ** obj_rtn);
81
82int
83
84SELinuxSelectionToSID(Atom selection, SELinuxSubjectRec * subj,
85 security_id_t * sid_rtn, int *poly_rtn);
86
87int
88
89SELinuxPropertyToSID(Atom property, SELinuxSubjectRec * subj,
90 security_id_t * sid_rtn, int *poly_rtn);
91
92int
93
94SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
95 SELinuxObjectRec * sid_return);
96
97int
98 SELinuxExtensionToSID(const char *name, security_id_t * sid_rtn);
99
100security_class_t SELinuxTypeToClass(RESTYPE type);
101
102security_context_t SELinuxDefaultClientLabel(void);
103
104void
105 SELinuxLabelInit(void);
106
107void
108 SELinuxLabelReset(void);
109
110/*
111 * Security module functions
112 */
113
114void
115 SELinuxFlaskInit(void);
116
117void
118 SELinuxFlaskReset(void);
119
120/*
121 * Private Flask definitions
122 */
123
124/* Security class constants */
125#define SECCLASS_X_DRAWABLE 1
126#define SECCLASS_X_SCREEN 2
127#define SECCLASS_X_GC 3
128#define SECCLASS_X_FONT 4
129#define SECCLASS_X_COLORMAP 5
130#define SECCLASS_X_PROPERTY 6
131#define SECCLASS_X_SELECTION 7
132#define SECCLASS_X_CURSOR 8
133#define SECCLASS_X_CLIENT 9
134#define SECCLASS_X_POINTER 10
135#define SECCLASS_X_KEYBOARD 11
136#define SECCLASS_X_SERVER 12
137#define SECCLASS_X_EXTENSION 13
138#define SECCLASS_X_EVENT 14
139#define SECCLASS_X_FAKEEVENT 15
140#define SECCLASS_X_RESOURCE 16
141
142#ifdef _XSELINUX_NEED_FLASK_MAP
143/* Mapping from DixAccess bits to Flask permissions */
144static struct security_class_mapping map[] = {
145 {"x_drawable",
146 {"read", /* DixReadAccess */
147 "write", /* DixWriteAccess */
148 "destroy", /* DixDestroyAccess */
149 "create", /* DixCreateAccess */
150 "getattr", /* DixGetAttrAccess */
151 "setattr", /* DixSetAttrAccess */
152 "list_property", /* DixListPropAccess */
153 "get_property", /* DixGetPropAccess */
154 "set_property", /* DixSetPropAccess */
155 "", /* DixGetFocusAccess */
156 "", /* DixSetFocusAccess */
157 "list_child", /* DixListAccess */
158 "add_child", /* DixAddAccess */
159 "remove_child", /* DixRemoveAccess */
160 "hide", /* DixHideAccess */
161 "show", /* DixShowAccess */
162 "blend", /* DixBlendAccess */
163 "override", /* DixGrabAccess */
164 "", /* DixFreezeAccess */
165 "", /* DixForceAccess */
166 "", /* DixInstallAccess */
167 "", /* DixUninstallAccess */
168 "send", /* DixSendAccess */
169 "receive", /* DixReceiveAccess */
170 "", /* DixUseAccess */
171 "manage", /* DixManageAccess */
172 NULL}},
173 {"x_screen",
174 {"", /* DixReadAccess */
175 "", /* DixWriteAccess */
176 "", /* DixDestroyAccess */
177 "", /* DixCreateAccess */
178 "getattr", /* DixGetAttrAccess */
179 "setattr", /* DixSetAttrAccess */
180 "saver_getattr", /* DixListPropAccess */
181 "saver_setattr", /* DixGetPropAccess */
182 "", /* DixSetPropAccess */
183 "", /* DixGetFocusAccess */
184 "", /* DixSetFocusAccess */
185 "", /* DixListAccess */
186 "", /* DixAddAccess */
187 "", /* DixRemoveAccess */
188 "hide_cursor", /* DixHideAccess */
189 "show_cursor", /* DixShowAccess */
190 "saver_hide", /* DixBlendAccess */
191 "saver_show", /* DixGrabAccess */
192 NULL}},
193 {"x_gc",
194 {"", /* DixReadAccess */
195 "", /* DixWriteAccess */
196 "destroy", /* DixDestroyAccess */
197 "create", /* DixCreateAccess */
198 "getattr", /* DixGetAttrAccess */
199 "setattr", /* DixSetAttrAccess */
200 "", /* DixListPropAccess */
201 "", /* DixGetPropAccess */
202 "", /* DixSetPropAccess */
203 "", /* DixGetFocusAccess */
204 "", /* DixSetFocusAccess */
205 "", /* DixListAccess */
206 "", /* DixAddAccess */
207 "", /* DixRemoveAccess */
208 "", /* DixHideAccess */
209 "", /* DixShowAccess */
210 "", /* DixBlendAccess */
211 "", /* DixGrabAccess */
212 "", /* DixFreezeAccess */
213 "", /* DixForceAccess */
214 "", /* DixInstallAccess */
215 "", /* DixUninstallAccess */
216 "", /* DixSendAccess */
217 "", /* DixReceiveAccess */
218 "use", /* DixUseAccess */
219 NULL}},
220 {"x_font",
221 {"", /* DixReadAccess */
222 "", /* DixWriteAccess */
223 "destroy", /* DixDestroyAccess */
224 "create", /* DixCreateAccess */
225 "getattr", /* DixGetAttrAccess */
226 "", /* DixSetAttrAccess */
227 "", /* DixListPropAccess */
228 "", /* DixGetPropAccess */
229 "", /* DixSetPropAccess */
230 "", /* DixGetFocusAccess */
231 "", /* DixSetFocusAccess */
232 "", /* DixListAccess */
233 "add_glyph", /* DixAddAccess */
234 "remove_glyph", /* DixRemoveAccess */
235 "", /* DixHideAccess */
236 "", /* DixShowAccess */
237 "", /* DixBlendAccess */
238 "", /* DixGrabAccess */
239 "", /* DixFreezeAccess */
240 "", /* DixForceAccess */
241 "", /* DixInstallAccess */
242 "", /* DixUninstallAccess */
243 "", /* DixSendAccess */
244 "", /* DixReceiveAccess */
245 "use", /* DixUseAccess */
246 NULL}},
247 {"x_colormap",
248 {"read", /* DixReadAccess */
249 "write", /* DixWriteAccess */
250 "destroy", /* DixDestroyAccess */
251 "create", /* DixCreateAccess */
252 "getattr", /* DixGetAttrAccess */
253 "", /* DixSetAttrAccess */
254 "", /* DixListPropAccess */
255 "", /* DixGetPropAccess */
256 "", /* DixSetPropAccess */
257 "", /* DixGetFocusAccess */
258 "", /* DixSetFocusAccess */
259 "", /* DixListAccess */
260 "add_color", /* DixAddAccess */
261 "remove_color", /* DixRemoveAccess */
262 "", /* DixHideAccess */
263 "", /* DixShowAccess */
264 "", /* DixBlendAccess */
265 "", /* DixGrabAccess */
266 "", /* DixFreezeAccess */
267 "", /* DixForceAccess */
268 "install", /* DixInstallAccess */
269 "uninstall", /* DixUninstallAccess */
270 "", /* DixSendAccess */
271 "", /* DixReceiveAccess */
272 "use", /* DixUseAccess */
273 NULL}},
274 {"x_property",
275 {"read", /* DixReadAccess */
276 "write", /* DixWriteAccess */
277 "destroy", /* DixDestroyAccess */
278 "create", /* DixCreateAccess */
279 "getattr", /* DixGetAttrAccess */
280 "setattr", /* DixSetAttrAccess */
281 "", /* DixListPropAccess */
282 "", /* DixGetPropAccess */
283 "", /* DixSetPropAccess */
284 "", /* DixGetFocusAccess */
285 "", /* DixSetFocusAccess */
286 "", /* DixListAccess */
287 "", /* DixAddAccess */
288 "", /* DixRemoveAccess */
289 "", /* DixHideAccess */
290 "", /* DixShowAccess */
291 "write", /* DixBlendAccess */
292 NULL}},
293 {"x_selection",
294 {"read", /* DixReadAccess */
295 "", /* DixWriteAccess */
296 "", /* DixDestroyAccess */
297 "setattr", /* DixCreateAccess */
298 "getattr", /* DixGetAttrAccess */
299 "setattr", /* DixSetAttrAccess */
300 NULL}},
301 {"x_cursor",
302 {"read", /* DixReadAccess */
303 "write", /* DixWriteAccess */
304 "destroy", /* DixDestroyAccess */
305 "create", /* DixCreateAccess */
306 "getattr", /* DixGetAttrAccess */
307 "setattr", /* DixSetAttrAccess */
308 "", /* DixListPropAccess */
309 "", /* DixGetPropAccess */
310 "", /* DixSetPropAccess */
311 "", /* DixGetFocusAccess */
312 "", /* DixSetFocusAccess */
313 "", /* DixListAccess */
314 "", /* DixAddAccess */
315 "", /* DixRemoveAccess */
316 "", /* DixHideAccess */
317 "", /* DixShowAccess */
318 "", /* DixBlendAccess */
319 "", /* DixGrabAccess */
320 "", /* DixFreezeAccess */
321 "", /* DixForceAccess */
322 "", /* DixInstallAccess */
323 "", /* DixUninstallAccess */
324 "", /* DixSendAccess */
325 "", /* DixReceiveAccess */
326 "use", /* DixUseAccess */
327 NULL}},
328 {"x_client",
329 {"", /* DixReadAccess */
330 "", /* DixWriteAccess */
331 "destroy", /* DixDestroyAccess */
332 "", /* DixCreateAccess */
333 "getattr", /* DixGetAttrAccess */
334 "setattr", /* DixSetAttrAccess */
335 "", /* DixListPropAccess */
336 "", /* DixGetPropAccess */
337 "", /* DixSetPropAccess */
338 "", /* DixGetFocusAccess */
339 "", /* DixSetFocusAccess */
340 "", /* DixListAccess */
341 "", /* DixAddAccess */
342 "", /* DixRemoveAccess */
343 "", /* DixHideAccess */
344 "", /* DixShowAccess */
345 "", /* DixBlendAccess */
346 "", /* DixGrabAccess */
347 "", /* DixFreezeAccess */
348 "", /* DixForceAccess */
349 "", /* DixInstallAccess */
350 "", /* DixUninstallAccess */
351 "", /* DixSendAccess */
352 "", /* DixReceiveAccess */
353 "", /* DixUseAccess */
354 "manage", /* DixManageAccess */
355 NULL}},
356 {"x_pointer",
357 {"read", /* DixReadAccess */
358 "write", /* DixWriteAccess */
359 "destroy", /* DixDestroyAccess */
360 "create", /* DixCreateAccess */
361 "getattr", /* DixGetAttrAccess */
362 "setattr", /* DixSetAttrAccess */
363 "list_property", /* DixListPropAccess */
364 "get_property", /* DixGetPropAccess */
365 "set_property", /* DixSetPropAccess */
366 "getfocus", /* DixGetFocusAccess */
367 "setfocus", /* DixSetFocusAccess */
368 "", /* DixListAccess */
369 "add", /* DixAddAccess */
370 "remove", /* DixRemoveAccess */
371 "", /* DixHideAccess */
372 "", /* DixShowAccess */
373 "", /* DixBlendAccess */
374 "grab", /* DixGrabAccess */
375 "freeze", /* DixFreezeAccess */
376 "force_cursor", /* DixForceAccess */
377 "", /* DixInstallAccess */
378 "", /* DixUninstallAccess */
379 "", /* DixSendAccess */
380 "", /* DixReceiveAccess */
381 "use", /* DixUseAccess */
382 "manage", /* DixManageAccess */
383 "", /* DixDebugAccess */
384 "bell", /* DixBellAccess */
385 NULL}},
386 {"x_keyboard",
387 {"read", /* DixReadAccess */
388 "write", /* DixWriteAccess */
389 "destroy", /* DixDestroyAccess */
390 "create", /* DixCreateAccess */
391 "getattr", /* DixGetAttrAccess */
392 "setattr", /* DixSetAttrAccess */
393 "list_property", /* DixListPropAccess */
394 "get_property", /* DixGetPropAccess */
395 "set_property", /* DixSetPropAccess */
396 "getfocus", /* DixGetFocusAccess */
397 "setfocus", /* DixSetFocusAccess */
398 "", /* DixListAccess */
399 "add", /* DixAddAccess */
400 "remove", /* DixRemoveAccess */
401 "", /* DixHideAccess */
402 "", /* DixShowAccess */
403 "", /* DixBlendAccess */
404 "grab", /* DixGrabAccess */
405 "freeze", /* DixFreezeAccess */
406 "force_cursor", /* DixForceAccess */
407 "", /* DixInstallAccess */
408 "", /* DixUninstallAccess */
409 "", /* DixSendAccess */
410 "", /* DixReceiveAccess */
411 "use", /* DixUseAccess */
412 "manage", /* DixManageAccess */
413 "", /* DixDebugAccess */
414 "bell", /* DixBellAccess */
415 NULL}},
416 {"x_server",
417 {"record", /* DixReadAccess */
418 "", /* DixWriteAccess */
419 "", /* DixDestroyAccess */
420 "", /* DixCreateAccess */
421 "getattr", /* DixGetAttrAccess */
422 "setattr", /* DixSetAttrAccess */
423 "", /* DixListPropAccess */
424 "", /* DixGetPropAccess */
425 "", /* DixSetPropAccess */
426 "", /* DixGetFocusAccess */
427 "", /* DixSetFocusAccess */
428 "", /* DixListAccess */
429 "", /* DixAddAccess */
430 "", /* DixRemoveAccess */
431 "", /* DixHideAccess */
432 "", /* DixShowAccess */
433 "", /* DixBlendAccess */
434 "grab", /* DixGrabAccess */
435 "", /* DixFreezeAccess */
436 "", /* DixForceAccess */
437 "", /* DixInstallAccess */
438 "", /* DixUninstallAccess */
439 "", /* DixSendAccess */
440 "", /* DixReceiveAccess */
441 "", /* DixUseAccess */
442 "manage", /* DixManageAccess */
443 "debug", /* DixDebugAccess */
444 NULL}},
445 {"x_extension",
446 {"", /* DixReadAccess */
447 "", /* DixWriteAccess */
448 "", /* DixDestroyAccess */
449 "", /* DixCreateAccess */
450 "query", /* DixGetAttrAccess */
451 "", /* DixSetAttrAccess */
452 "", /* DixListPropAccess */
453 "", /* DixGetPropAccess */
454 "", /* DixSetPropAccess */
455 "", /* DixGetFocusAccess */
456 "", /* DixSetFocusAccess */
457 "", /* DixListAccess */
458 "", /* DixAddAccess */
459 "", /* DixRemoveAccess */
460 "", /* DixHideAccess */
461 "", /* DixShowAccess */
462 "", /* DixBlendAccess */
463 "", /* DixGrabAccess */
464 "", /* DixFreezeAccess */
465 "", /* DixForceAccess */
466 "", /* DixInstallAccess */
467 "", /* DixUninstallAccess */
468 "", /* DixSendAccess */
469 "", /* DixReceiveAccess */
470 "use", /* DixUseAccess */
471 NULL}},
472 {"x_event",
473 {"", /* DixReadAccess */
474 "", /* DixWriteAccess */
475 "", /* DixDestroyAccess */
476 "", /* DixCreateAccess */
477 "", /* DixGetAttrAccess */
478 "", /* DixSetAttrAccess */
479 "", /* DixListPropAccess */
480 "", /* DixGetPropAccess */
481 "", /* DixSetPropAccess */
482 "", /* DixGetFocusAccess */
483 "", /* DixSetFocusAccess */
484 "", /* DixListAccess */
485 "", /* DixAddAccess */
486 "", /* DixRemoveAccess */
487 "", /* DixHideAccess */
488 "", /* DixShowAccess */
489 "", /* DixBlendAccess */
490 "", /* DixGrabAccess */
491 "", /* DixFreezeAccess */
492 "", /* DixForceAccess */
493 "", /* DixInstallAccess */
494 "", /* DixUninstallAccess */
495 "send", /* DixSendAccess */
496 "receive", /* DixReceiveAccess */
497 NULL}},
498 {"x_synthetic_event",
499 {"", /* DixReadAccess */
500 "", /* DixWriteAccess */
501 "", /* DixDestroyAccess */
502 "", /* DixCreateAccess */
503 "", /* DixGetAttrAccess */
504 "", /* DixSetAttrAccess */
505 "", /* DixListPropAccess */
506 "", /* DixGetPropAccess */
507 "", /* DixSetPropAccess */
508 "", /* DixGetFocusAccess */
509 "", /* DixSetFocusAccess */
510 "", /* DixListAccess */
511 "", /* DixAddAccess */
512 "", /* DixRemoveAccess */
513 "", /* DixHideAccess */
514 "", /* DixShowAccess */
515 "", /* DixBlendAccess */
516 "", /* DixGrabAccess */
517 "", /* DixFreezeAccess */
518 "", /* DixForceAccess */
519 "", /* DixInstallAccess */
520 "", /* DixUninstallAccess */
521 "send", /* DixSendAccess */
522 "receive", /* DixReceiveAccess */
523 NULL}},
524 {"x_resource",
525 {"read", /* DixReadAccess */
526 "write", /* DixWriteAccess */
527 "write", /* DixDestroyAccess */
528 "write", /* DixCreateAccess */
529 "read", /* DixGetAttrAccess */
530 "write", /* DixSetAttrAccess */
531 "read", /* DixListPropAccess */
532 "read", /* DixGetPropAccess */
533 "write", /* DixSetPropAccess */
534 "read", /* DixGetFocusAccess */
535 "write", /* DixSetFocusAccess */
536 "read", /* DixListAccess */
537 "write", /* DixAddAccess */
538 "write", /* DixRemoveAccess */
539 "write", /* DixHideAccess */
540 "read", /* DixShowAccess */
541 "read", /* DixBlendAccess */
542 "write", /* DixGrabAccess */
543 "write", /* DixFreezeAccess */
544 "write", /* DixForceAccess */
545 "write", /* DixInstallAccess */
546 "write", /* DixUninstallAccess */
547 "write", /* DixSendAccess */
548 "read", /* DixReceiveAccess */
549 "read", /* DixUseAccess */
550 "write", /* DixManageAccess */
551 "read", /* DixDebugAccess */
552 "write", /* DixBellAccess */
553 NULL}},
554 {NULL}
555};
556
557/* x_resource "read" bits from the list above */
558#define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \
559 DixGetPropAccess|DixGetFocusAccess|DixListAccess| \
560 DixShowAccess|DixBlendAccess|DixReceiveAccess| \
561 DixUseAccess|DixDebugAccess)
562
563#endif /* _XSELINUX_NEED_FLASK_MAP */
564#endif /* _XSELINUXINT_H */