Re: X avcs

[Eamon Walsh <ewalsh@tycho.nsa.gov>]

Glenn Faden wrote:
> Ted X Toth wrote:
>   
>> I'll look at implementing a dixPropertyLookup function. Do any other 
>> XACE hooks have value-return parameters, would it just be va_arg(ap, 
>> PropertyPtr*)?
>> What about the idea of an exception list of single-instance 
>> root-window properties?
>>
>>     
> We have already implemented the equivalent of a dixPropertyLookup 
> function called PolyProperty. The following URL is an OpenSolaris source 
> browser query to find the implementation and uses of that function in Xorg.
>
> http://src.opensolaris.org/source/search?q=&defs=&refs=PolyProperty&path=&hist=&project=%2Ffox
>
> --Glenn
>   

OK, I worked on this today.  The property polyinstantiation itself is 
easy enough, but I've run into a problem with the PropertyNotify events 
that occur when a polyinstantiated property is changed or deleted - 
everyone can see them!  Some major changes to the event delivery model 
are probably going to be necessary to make this work.

I can't immediately see how it's done in Trusted Extensions.  In 
TsolDeleteProperty there is just a regular DeliverEvents call to send 
the event.

I think there will have to be a way to pass some private data down with 
all events, and then have another hook call further down that gives a 
yes/no answer for each client.


-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.