From 9e0eb0615ca66512a8648cc600ec11bbcd499828 Mon Sep 17 00:00:00 2001
From: Eamon Walsh <ewalsh@tycho.nsa.gov>
Date: Thu, 7 Feb 2008 17:01:01 -0500
Subject: [PATCH] XACE: Add generic support for property polyinstantiation.

---
 Xext/security.c |  2 +-
 Xext/xace.c     |  4 ++--
 Xext/xace.h     |  2 +-
 Xext/xacestr.h  |  2 +-
 Xext/xselinux.c | 19 ++++++-------------
 dix/property.c  |  6 +++---
 6 files changed, 14 insertions(+), 21 deletions(-)

diff --git a/Xext/security.c b/Xext/security.c
index 069655964..4febda3de 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -887,7 +887,7 @@ SecurityProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 {    
     XacePropertyAccessRec *rec = calldata;
     SecurityStateRec *subj, *obj;
-    ATOM name = rec->pProp->propertyName;
+    ATOM name = (*rec->ppProp)->propertyName;
     Mask requested = rec->access_mode;
     Mask allowed = SecurityAllowedMask | DixReadAccess;
 
diff --git a/Xext/xace.c b/Xext/xace.c
index b2c7e4ab4..12be1bf7b 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -56,9 +56,9 @@ int XaceHookDispatch(ClientPtr client, int major)
 }
 
 int XaceHookPropertyAccess(ClientPtr client, WindowPtr pWin,
-			   PropertyPtr pProp, Mask access_mode)
+			   PropertyPtr *ppProp, Mask access_mode)
 {
-    XacePropertyAccessRec rec = { client, pWin, pProp, access_mode, Success };
+    XacePropertyAccessRec rec = { client, pWin, ppProp, access_mode, Success };
     CallCallbacks(&XaceHooks[XACE_PROPERTY_ACCESS], &rec);
     return rec.status;
 }
diff --git a/Xext/xace.h b/Xext/xace.h
index 6f1f267ad..502170c42 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -68,7 +68,7 @@ extern int XaceHook(
  */
 extern int XaceHookDispatch(ClientPtr ptr, int major);
 extern int XaceHookPropertyAccess(ClientPtr ptr, WindowPtr pWin,
-				  PropertyPtr pProp, Mask access_mode);
+				  PropertyPtr *ppProp, Mask access_mode);
 extern void XaceHookAuditEnd(ClientPtr ptr, int result);
 
 /* Register a callback for a given hook.
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index e31d4246a..2b2de94fc 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -59,7 +59,7 @@ typedef struct {
 typedef struct {
     ClientPtr client;
     WindowPtr pWin;
-    PropertyPtr pProp;
+    PropertyPtr *ppProp;
     Mask access_mode;
     int status;
 } XacePropertyAccessRec;
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 9acc93c61..c24c5a843 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -678,14 +678,15 @@ SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
     SELinuxSubjectRec *subj;
     SELinuxObjectRec *obj;
     SELinuxAuditRec auditdata = { .client = rec->client };
+    PropertyPtr pProp = *rec->ppProp;
     int rc;
 
     subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
-    obj = dixLookupPrivate(&rec->pProp->devPrivates, objectKey);
+    obj = dixLookupPrivate(&pProp->devPrivates, objectKey);
 
     /* If this is a new object that needs labeling, do it now */
     if (rec->access_mode & DixCreateAccess) {
-	const char *name = NameForAtom(rec->pProp->propertyName);
+	const char *name = NameForAtom(pProp->propertyName);
 	security_context_t con;
 	security_id_t sid;
 
@@ -716,7 +717,7 @@ SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
     }
 
     /* Perform the security check */
-    auditdata.property = rec->pProp->propertyName;
+    auditdata.property = pProp->propertyName;
     rc = SELinuxDoCheck(subj, obj, SECCLASS_X_PROPERTY, rec->access_mode,
 			&auditdata);
     if (rc != Success)
@@ -1226,16 +1227,8 @@ ProcSELinuxGetPropertyContext(ClientPtr client)
     if (rc != Success)
 	return rc;
 
-    pProp = wUserProps(pWin);
-    while (pProp) {
-	if (pProp->propertyName == stuff->property)
-	    break;
-	pProp = pProp->next;
-    }
-    if (!pProp)
-	return BadValue;
-
-    rc = XaceHookPropertyAccess(client, pWin, pProp, DixGetAttrAccess);
+    rc = dixLookupProperty(&pProp, pWin, stuff->property, client,
+			   DixGetAttrAccess);
     if (rc != Success)
 	return rc;
 
diff --git a/dix/property.c b/dix/property.c
index e74becfa2..be68f077f 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -103,7 +103,7 @@ dixLookupProperty(PropertyPtr *result, WindowPtr pWin, Atom propertyName,
 	    break;
 
     if (pProp)
-	rc = XaceHookPropertyAccess(client, pWin, pProp, access_mode);
+	rc = XaceHookPropertyAccess(client, pWin, &pProp, access_mode);
     *result = pProp;
     return rc;
 }
@@ -284,7 +284,7 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
 	    memmove((char *)data, (char *)value, totalSize);
 	pProp->size = len;
 	pProp->devPrivates = NULL;
-	rc = XaceHookPropertyAccess(pClient, pWin, pProp,
+	rc = XaceHookPropertyAccess(pClient, pWin, &pProp,
 				    DixCreateAccess|DixWriteAccess);
 	if (rc != Success) {
 	    xfree(data);
@@ -588,7 +588,7 @@ ProcListProperties(ClientPtr client)
     temppAtoms = pAtoms;
     for (pProp = wUserProps(pWin); pProp; pProp = pProp->next) {
 	realProp = pProp;
-	rc = XaceHookPropertyAccess(client, pWin, pProp, DixGetAttrAccess);
+	rc = XaceHookPropertyAccess(client, pWin, &realProp, DixGetAttrAccess);
 	if (rc == Success && realProp == pProp) {
 	    *temppAtoms++ = pProp->propertyName;
 	    numProps++;