This patch was created using xorg-server-1.12.2 source.
Call XACE to verify if grab access is allowed.
Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
---
dix/events.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/dix/events.c b/dix/events.c
index 86336fe..0ce2140 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -3807,7 +3807,11 @@ CheckPassiveGrab(DeviceIntPtr device, GrabPtr grab, InternalEvent *event,
return FALSE;
}
- return TRUE;
+ /* Finally check whether grab allowed by security provider */
+ if (XaceHook(XACE_DEVICE_ACCESS, rClient(grab), device, DixGrabAccess) == 0)
+ return TRUE;
+ else
+ return FALSE;
}
/**
--
1.7.10.4
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
