[Xquartz-changes] xserver: Branch 'server-1.6-apple' - 10 commits
Jeremy Huddleston
jeremyhu at freedesktop.org
Wed Nov 4 12:27:44 PST 2009
Xext/xselinux.c | 25 +++++++++----------------
Xext/xselinux.h | 13 +++++++------
Xi/queryst.c | 14 +++++++++-----
dix/devices.c | 5 ++++-
dix/events.c | 19 +++++++++++++------
hw/xquartz/X11Application.m | 6 ++++++
hw/xquartz/X11Controller.h | 1 +
hw/xquartz/quartzKeyboard.c | 23 +++++++++++++++++++++++
include/dix.h | 4 ++--
xkb/xkb.c | 2 +-
10 files changed, 75 insertions(+), 37 deletions(-)
New commits:
commit ddf4ddcb18566530e72b8633c8a6514584bab576
Merge: ee7ea40... 2dbcb06...
Author: Jeremy Huddleston <jeremyhu at freedesktop.org>
Date: Wed Nov 4 12:26:04 2009 -0800
Merge commit 'origin/server-1.6-branch' into server-1.6-apple
commit ee7ea40aa8b996671e5550532f3a74971208b1ec
Author: Jeremy Huddleston <jeremyhu at freedesktop.org>
Date: Tue Oct 27 18:00:48 2009 -0700
dix: Properly detect if the other device is frozen
Signed-off-by: Jeremy Huddleston <jeremyhu at freedesktop.org>
(cherry picked from commit 7897b6c2d41bccb72c19418674c3526ecce29515)
diff --git a/dix/events.c b/dix/events.c
index f9448ba..fda6002 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -1653,7 +1653,7 @@ AllowSome(ClientPtr client,
thisGrabbed = grabinfo->grab && SameClient(grabinfo->grab, client);
thisSynced = FALSE;
otherGrabbed = FALSE;
- othersFrozen = TRUE;
+ othersFrozen = FALSE;
grabTime = grabinfo->grabTime;
for (dev = inputInfo.devices; dev; dev = dev->next)
{
@@ -1669,11 +1669,9 @@ AllowSome(ClientPtr client,
otherGrabbed = TRUE;
if (grabinfo->sync.other == devgrabinfo->grab)
thisSynced = TRUE;
- if (devgrabinfo->sync.state < FROZEN)
- othersFrozen = FALSE;
+ if (devgrabinfo->sync.state >= FROZEN)
+ othersFrozen = TRUE;
}
- else if (!devgrabinfo->sync.other || !SameClient(devgrabinfo->sync.other, client))
- othersFrozen = FALSE;
}
if (!((thisGrabbed && grabinfo->sync.state >= FROZEN) || thisSynced))
return;
commit 474a3bd547e0f303558baa9c7faae021eca1e474
Author: Jeremy Huddleston <jeremyhu at freedesktop.org>
Date: Tue Nov 3 16:35:27 2009 -0800
XQuartz: Run xmodmap after programatically updating the keymap.
Signed-off-by: Jeremy Huddleston <jeremyhu at freedesktop.org>
Signed-off-by: Martin Otte <otte at duke.edu>
(cherry picked from commit 5e79976c13c5b94b12392b493846ca26be11750b)
diff --git a/hw/xquartz/X11Application.m b/hw/xquartz/X11Application.m
index f4fbb1a..2c95485 100644
--- a/hw/xquartz/X11Application.m
+++ b/hw/xquartz/X11Application.m
@@ -961,6 +961,12 @@ void X11ApplicationMain (int argc, char **argv, char **envp) {
/* not reached */
}
+void launch_client(const char *cmd) {
+ NSString *string = [[NSString alloc] initWithUTF8String:cmd];
+ [[X11App controller] launch_client:string];
+ [string release];
+}
+
@implementation X11Application (Private)
#ifdef NX_DEVICELCMDKEYMASK
diff --git a/hw/xquartz/X11Controller.h b/hw/xquartz/X11Controller.h
index a86b20f..3d8e007 100644
--- a/hw/xquartz/X11Controller.h
+++ b/hw/xquartz/X11Controller.h
@@ -144,5 +144,6 @@ typedef unsigned int NSUInteger;
#endif /* __OBJC__ */
void X11ControllerMain(int argc, char **argv, char **envp);
+void launch_client(const char *cmd);
#endif /* X11CONTROLLER_H */
diff --git a/hw/xquartz/quartzKeyboard.c b/hw/xquartz/quartzKeyboard.c
index e4909aa..c2aeb82 100644
--- a/hw/xquartz/quartzKeyboard.c
+++ b/hw/xquartz/quartzKeyboard.c
@@ -52,6 +52,8 @@
#include "quartzKeyboard.h"
#include "quartzAudio.h"
+#include "X11Application.h"
+
#include "threadSafety.h"
#ifdef NDEBUG
@@ -375,6 +377,10 @@ void DarwinKeyboardReloadHandler(void) {
CFIndex initialKeyRepeatValue, keyRepeatValue;
BOOL ok;
DeviceIntPtr pDev = darwinKeyboard;
+ const char *xmodmap = PROJECTROOT "/bin/xmodmap";
+ const char *sysmodmap = PROJECTROOT "/lib/X11/xinit/.Xmodmap";
+ const char *homedir = getenv("HOME");
+ char usermodmap[PATH_MAX], cmd[PATH_MAX];
DEBUG_LOG("DarwinKeyboardReloadHandler\n");
@@ -418,6 +424,23 @@ void DarwinKeyboardReloadHandler(void) {
}
XkbUpdateCoreDescription(darwinKeyboard, 0);
} pthread_mutex_unlock(&keyInfo_mutex);
+
+ /* Check for system .Xmodmap */
+ if (access(xmodmap, F_OK) == 0) {
+ if (access(sysmodmap, F_OK) == 0) {
+ snprintf (cmd, sizeof(cmd), "%s %s", xmodmap, sysmodmap);
+ launch_client(cmd);
+ }
+ }
+
+ /* Check for user's local .Xmodmap */
+ if (homedir != NULL) {
+ snprintf (usermodmap, sizeof(usermodmap), "%s/.Xmodmap", homedir);
+ if (access(usermodmap, F_OK) == 0) {
+ snprintf (cmd, sizeof(cmd), "%s %s", xmodmap, usermodmap);
+ launch_client(cmd);
+ }
+ }
}
//-----------------------------------------------------------------------------
commit 2dbcb06a5d95af87b0c5257fd08342e61b88bf25
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Mon Oct 26 19:17:37 2009 -0400
xselinux: Use a more informative message when disabled by boolean.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index c9b0ad3..b117091 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1982,7 +1982,7 @@ SELinuxExtensionInit(INITARGS)
/* Don't init unless there's something to do */
if (!security_get_boolean_active("xserver_object_manager")) {
- LogMessage(X_INFO, "SELinux: Disabled by boolean\n");
+ LogMessage(X_INFO, "SELinux: xserver_object_manager boolean not set, disabling\n");
return;
}
commit 2e0319df678155929c35117ef9ca25b99ebfd8eb
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Oct 15 17:32:21 2009 -0400
xselinux: Allow SetWindowCreateContext to be used for pixmaps as well.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 808ec37..c9b0ad3 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -574,7 +574,7 @@ SELinuxLabelResource(XaceResourceAccessRec *rec, SELinuxSubjectRec *subj,
security_id_t tsid;
/* Check for a create context */
- if (rec->rtype == RT_WINDOW && subj->win_create_sid) {
+ if (rec->rtype & RC_DRAWABLE && subj->win_create_sid) {
sidget(obj->sid = subj->win_create_sid);
return Success;
}
commit bec7c23e428c5d9d90aad998a4119eb8416af7da
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Oct 15 13:51:34 2009 -0400
xselinux: Note something in the log if disabled by boolean.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index c073f8a..808ec37 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1981,8 +1981,10 @@ SELinuxExtensionInit(INITARGS)
}
/* Don't init unless there's something to do */
- if (!security_get_boolean_active("xserver_object_manager"))
+ if (!security_get_boolean_active("xserver_object_manager")) {
+ LogMessage(X_INFO, "SELinux: Disabled by boolean\n");
return;
+ }
/* Check SELinux mode in configuration file */
switch(selinuxEnforcingState) {
commit e84432f92655468be7943fb9582cb39ff22bc723
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Wed Oct 14 21:17:46 2009 -0400
xselinux: switch from x_device to separate x_pointer and x_keyboard classes.
This will allow separate controls over pointer and keyboard without having
to relabel the devices to separate types.
[Backport to 1.6]
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 238bdb5..c073f8a 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -147,7 +147,8 @@ static struct security_class_mapping map[] = {
{ "x_selection", { "read", "", "", "setattr", "getattr", "setattr", NULL }},
{ "x_cursor", { "read", "write", "destroy", "create", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
{ "x_client", { "", "", "destroy", "", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "manage", NULL }},
- { "x_device", { "read", "write", "", "", "getattr", "setattr", "", "", "", "getfocus", "setfocus", "", "", "", "", "", "", "grab", "freeze", "force_cursor", "", "", "", "", "use", "manage", "", "bell", NULL }},
+ { "x_pointer", { "read", "write", "", "", "getattr", "setattr", "", "", "", "getfocus", "setfocus", "", "", "", "", "", "", "grab", "freeze", "force_cursor", "", "", "", "", "use", "manage", "", "bell", NULL }},
+ { "x_keyboard", { "read", "write", "", "", "getattr", "setattr", "", "", "", "getfocus", "setfocus", "", "", "", "", "", "", "grab", "freeze", "force_cursor", "", "", "", "", "use", "manage", "", "bell", NULL }},
{ "x_server", { "record", "", "", "", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "grab", "", "", "", "", "", "", "", "manage", "debug", NULL }},
{ "x_extension", { "", "", "", "", "query", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
{ "x_event", { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "send", "receive", NULL }},
@@ -690,6 +691,7 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
SELinuxSubjectRec *subj;
SELinuxObjectRec *obj;
SELinuxAuditRec auditdata = { .client = rec->client, .dev = rec->dev };
+ security_class_t cls;
int rc;
subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
@@ -714,8 +716,8 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
}
}
- rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode,
- &auditdata);
+ cls = IsPointerDevice(rec->dev) ? SECCLASS_X_POINTER : SECCLASS_X_KEYBOARD;
+ rc = SELinuxDoCheck(subj, obj, cls, rec->access_mode, &auditdata);
if (rc != Success)
rec->status = rc;
}
diff --git a/Xext/xselinux.h b/Xext/xselinux.h
index 7c3ffdc..a9f39ff 100644
--- a/Xext/xselinux.h
+++ b/Xext/xselinux.h
@@ -149,11 +149,12 @@ typedef struct {
#define SECCLASS_X_SELECTION 7
#define SECCLASS_X_CURSOR 8
#define SECCLASS_X_CLIENT 9
-#define SECCLASS_X_DEVICE 10
-#define SECCLASS_X_SERVER 11
-#define SECCLASS_X_EXTENSION 12
-#define SECCLASS_X_EVENT 13
-#define SECCLASS_X_FAKEEVENT 14
-#define SECCLASS_X_RESOURCE 15
+#define SECCLASS_X_POINTER 10
+#define SECCLASS_X_KEYBOARD 11
+#define SECCLASS_X_SERVER 12
+#define SECCLASS_X_EXTENSION 13
+#define SECCLASS_X_EVENT 14
+#define SECCLASS_X_FAKEEVENT 15
+#define SECCLASS_X_RESOURCE 16
#endif /* _XSELINUX_H */
diff --git a/include/dix.h b/include/dix.h
index 9c2c73f..ede225c 100644
--- a/include/dix.h
+++ b/include/dix.h
@@ -602,8 +602,8 @@ typedef struct {
extern int XItoCoreType(int xi_type);
extern Bool DevHasCursor(DeviceIntPtr pDev);
-extern Bool IsPointerDevice( DeviceIntPtr dev);
-extern Bool IsKeyboardDevice(DeviceIntPtr dev);
+extern _X_EXPORT Bool IsPointerDevice( DeviceIntPtr dev);
+extern _X_EXPORT Bool IsKeyboardDevice(DeviceIntPtr dev);
extern Bool IsPointerEvent(xEvent* xE);
/*
commit 250ce150b229bc384584b310e79658a41486321e
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Sep 22 13:13:03 2009 -0700
xace: Relax permissions on XkbGetState from Read to Getattr.
This request is used to get the current keyboard group and is called from
GTK. It does not return an actual keymap (aside from modifiers) so it
should be safe to relax the permission on it. However it does return
button state information which should be controlled through a separate
pointer Read check.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
(cherry picked from commit c4ffce4dc84a0a9d134a59b7e7765c99ed767e53)
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/xkb/xkb.c b/xkb/xkb.c
index 4ff2d5f..a62db7b 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -553,7 +553,7 @@ ProcXkbGetState(ClientPtr client)
if (!(client->xkbClientFlags&_XkbClientInitialized))
return BadAccess;
- CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixReadAccess);
+ CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixGetAttrAccess);
xkb= &dev->key->xkbInfo->state;
bzero(&rep,sizeof(xkbGetStateReply));
commit f9e6ee70f32b6d86fb272e2824deb7309b7ea7ce
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Sep 15 19:41:04 2009 -0400
xselinux: Stop special-casing QueryPointer access checks.
XACE has been changed to not return BadAccess on device read failures.
Thus, no need for this workaround code.
[Backport to 1.6]
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 3124eb9..238bdb5 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -714,17 +714,6 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
}
}
- /* XXX only check read permission on XQueryKeymap */
- /* This is to allow the numerous apps that call XQueryPointer to work */
- if (rec->access_mode & DixReadAccess) {
- ClientPtr client = rec->client;
- REQUEST(xReq);
- if (stuff && stuff->reqType != X_QueryKeymap) {
- rec->access_mode &= ~DixReadAccess;
- rec->access_mode |= DixGetAttrAccess;
- }
- }
-
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode,
&auditdata);
if (rc != Success)
commit c1c7feec90be7494a23f97e5a1dda0e140abeac2
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Sep 15 19:29:34 2009 -0400
xace: Fake return values on denials in input polling requests.
Instead of returning BadAccess when "read" permission is denied
on a device, falsify the device state (buttons down, keys pressed).
This is nicer to applications, but may still have undesired side
effects. The long-term solution is not to use these requests in
event-driven code!
Requests affected: QueryPointer, QueryKeymap, XiQueryDevice.
[Backport to 1.6]
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/Xi/queryst.c b/Xi/queryst.c
index 21de843..2d54020 100644
--- a/Xi/queryst.c
+++ b/Xi/queryst.c
@@ -96,7 +96,7 @@ ProcXQueryDeviceState(ClientPtr client)
rep.sequenceNumber = client->sequence;
rc = dixLookupDevice(&dev, stuff->deviceid, client, DixReadAccess);
- if (rc != Success)
+ if (rc != Success && rc != BadAccess)
return rc;
v = dev->valuator;
@@ -129,8 +129,9 @@ ProcXQueryDeviceState(ClientPtr client)
tk->class = KeyClass;
tk->length = sizeof(xKeyState);
tk->num_keys = k->curKeySyms.maxKeyCode - k->curKeySyms.minKeyCode + 1;
- for (i = 0; i < 32; i++)
- tk->keys[i] = k->down[i];
+ if (rc != BadAccess)
+ for (i = 0; i < 32; i++)
+ tk->keys[i] = k->down[i];
buf += sizeof(xKeyState);
}
@@ -139,7 +140,8 @@ ProcXQueryDeviceState(ClientPtr client)
tb->class = ButtonClass;
tb->length = sizeof(xButtonState);
tb->num_buttons = b->numButtons;
- memcpy(tb->buttons, b->down, sizeof(b->down));
+ if (rc != BadAccess)
+ memcpy(tb->buttons, b->down, sizeof(b->down));
buf += sizeof(xButtonState);
}
@@ -151,7 +153,9 @@ ProcXQueryDeviceState(ClientPtr client)
tv->mode = v->mode;
buf += sizeof(xValuatorState);
for (i = 0, values = v->axisVal; i < v->numAxes; i++) {
- *((int *)buf) = *values++;
+ if (rc != BadAccess)
+ *((int *)buf) = *values;
+ values++;
if (client->swapped) {
swapl((int *)buf, n); /* macro - braces needed */
}
diff --git a/dix/devices.c b/dix/devices.c
index 3b8d544..9e3542d 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -2477,12 +2477,15 @@ ProcQueryKeymap(ClientPtr client)
rep.length = 2;
rc = XaceHook(XACE_DEVICE_ACCESS, client, keybd, DixReadAccess);
- if (rc != Success)
+ if (rc != Success && rc != BadAccess)
return rc;
for (i = 0; i<32; i++)
rep.map[i] = down[i];
+ if (rc == BadAccess)
+ memset(rep.map, 0, 32);
+
WriteReplyToClient(client, sizeof(xQueryKeymapReply), &rep);
return Success;
diff --git a/dix/events.c b/dix/events.c
index f9448ba..9b0ff55 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -4771,7 +4771,7 @@ ProcQueryPointer(ClientPtr client)
if (rc != Success)
return rc;
rc = XaceHook(XACE_DEVICE_ACCESS, client, mouse, DixReadAccess);
- if (rc != Success)
+ if (rc != Success && rc != BadAccess)
return rc;
pSprite = mouse->spriteInfo->sprite;
@@ -4815,6 +4815,15 @@ ProcQueryPointer(ClientPtr client)
}
#endif
+ if (rc == BadAccess) {
+ rep.mask = 0;
+ rep.child = None;
+ rep.rootX = 0;
+ rep.rootY = 0;
+ rep.winX = 0;
+ rep.winY = 0;
+ }
+
WriteReplyToClient(client, sizeof(xQueryPointerReply), &rep);
return(Success);
More information about the Xquartz-changes
mailing list