Security Hooks

As the XACE framework matures through use in the X community, the set of security hooks it provides will likely change to meet the needs of new and existing X server extensions and drivers, as well as other projects which may find it useful. For example, it is possible that the Solaris Trusted Extensions for X may make use of XACE to assist in an upstreaming to X.org [2]. XACE hooks that were introduced to support the legacy extensions Security and Appgroup may be removed, and others may be moved out of XACE and made a part of other X server mechanisms, such as the commonly used client state callback [1].

As discussed in Section 2.3, the devPrivates state storage mechanism must be extended to additional server structures to support full labeling of server objects and resources. Another problem with devPrivates is that the mechanism is not consistent from object type to object type. For example, the devPrivates support for the colormap object includes an initialization callback function, while other objects do not. Work is necessary to unify and extend this important supporting interface.