The XACE (X Access Control Extension) is a set of generic "hooks" that can be used by other X extensions to perform access checks. The goal of XACE is to prevent clutter in the core dix/os code by providing a common mechanism for doing these sorts of checks. The concept is identical to the Linux Security Module (LSM) in the Linux Kernel.
XACE is a generalization of the "Security" extension, which provides a simple on/off trust model, with untrusted windows being restricted in certain areas. Most of XACE consists simply of replacing the Security-specific checks in the dix/os layer with generic callback lists. However, the framework is flexible enough to allow for hooks to be added or deprecated in the future.
XACE has at least four potential users:
XACE provides an abstraction layer for adding security extensions. So anyone else who may come along with a new idea for securing X should also find XACE useful.
The complete patch, with inline annotation, can be viewed here.
Two functions are added to the dix ABI, to support attaching devPrivates to ExtensionEntry structures.
The ClientRec and ExtensionEntry structures are changed to remove the structure fields that were specific to the Security extension. Instead, security state is stored using devPrivates, the preferred way for attaching extension-specific data to dix structures. This may affect binaries that were compiled with Security enabled and expect the ClientRec structure to be a certain size. The security fields are located near the end of the structure, so this change is not viewed as significant. However, if it is in fact unacceptable, the security fields could simply be kept, but be completely unused.
The Security & Appgroup extensions are not widely used (ssh -Y is the best known example). Test cases are being written and can be downloaded and run from here.
Some tests were run by TCS and posted to the xorg list: http://lists.freedesktop.org/archives/xorg/2005-March/006806.html
Eamon Walsh will serve as maintainer and contact point for XACE.