From 0731394b205f003143ceec1bde04b6c6726f9c10 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@redhat.com>
Date: Mon, 2 Mar 2009 18:45:27 -0500
Subject: [PATCH] selinux netlink socket hack

---
 Xext/xselinux.c         |   29 +++++++++++++++++++++++++++++
 configure.ac            |    4 ++++
 include/dix-config.h.in |    2 ++
 3 files changed, 35 insertions(+), 0 deletions(-)

diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 6085983..419c0ae 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1887,6 +1887,22 @@ SProcSELinuxDispatch(ClientPtr client)
     }
 }
 
+#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
+static int netlink_fd;
+
+static void
+SELinuxBlockHandler(void *data, struct timeval **tv, void *read_mask)
+{
+}
+
+static void
+SELinuxWakeupHandler(void *data, int err, void *read_mask)
+{
+    if (FD_ISSET(netlink_fd, (fd_set *)read_mask))
+        avc_netlink_check_nb();
+}
+#endif
+
 
 /*
  * Extension Setup / Teardown
@@ -1917,6 +1933,12 @@ SELinuxResetProc(ExtensionEntry *extEntry)
     label_hnd = NULL;
 
     audit_close(audit_fd);
+#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
+    avc_netlink_release_fd();
+    RemoveBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
+                                 NULL);
+    RemoveGeneralSocket(netlink_fd);
+#endif
 
     avc_destroy();
     avc_active = 0;
@@ -2013,6 +2035,13 @@ SELinuxExtensionInit(INITARGS)
     if (atom_client_ctx == BAD_RESOURCE)
 	FatalError("SELinux: Failed to create atom\n");
 
+#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
+    netlink_fd = avc_netlink_acquire_fd();
+    AddGeneralSocket(netlink_fd);
+    RegisterBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
+                                   NULL);
+#endif
+
     /* Register callbacks */
     ret &= dixRegisterPrivateInitFunc(subjectKey, SELinuxSubjectInit, NULL);
     ret &= dixRegisterPrivateDeleteFunc(subjectKey, SELinuxSubjectFree, NULL);
diff --git a/configure.ac b/configure.ac
index 72ae67e..55a880e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -920,6 +920,10 @@ if test "x$XSELINUX" = xyes; then
 	AC_CHECK_LIB(selinux, avc_init, [], AC_MSG_ERROR([SELinux library not found])) 
 	AC_CHECK_HEADERS([libaudit.h], [], AC_MSG_ERROR([SELinux extension requires audit system headers]))
 	AC_CHECK_LIB(audit, audit_open, [], AC_MSG_ERROR([SELinux extension requires audit system library]))
+        AC_CHECK_DECL(avc_netlink_acquire_fd,
+                      [AC_DEFINE(HAVE_AVC_NETLINK_ACQUIRE_FD, 1, "Have avc_netlink_acquire_fd")],
+                      [],
+                      [#include <selinux/avc.h>])
 	AC_DEFINE(XSELINUX, 1, [Build SELinux extension])
 	SELINUX_LIB="-lselinux -laudit"
 fi
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index 3da193f..66c3008 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -442,4 +442,6 @@
 #include "dix-config-apple-verbatim.h"
 #endif
 
+#undef HAVE_AVC_NETLINK_ACQUIRE_FD
+
 #endif /* _DIX_CONFIG_H_ */
-- 
1.6.1.3