/*
 * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a
 * copy of this software and associated documentation files (the "Software"),
 * to deal in the Software without restriction, including without limitation
 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
 * and/or sell copies of the Software, and to permit persons to whom the
 * Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice (including the next
 * paragraph) shall be included in all copies or substantial portions of the
 * Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 *
 */

Unix domain rendezvous created under /var/tsol/doors/ for Trusted
Extensions. This directory is loopback mounted into all labeled
zones from the global zone. A link is created from /tmp/.X11-unix
to the above loopback mounted dir.
(See LSARC/2008/506)

diff --git a/Xtranssock.c b/Xtranssock.c
index 8c11b9d..8428314 100644
--- a/Xtranssock.c
+++ b/Xtranssock.c
@@ -95,6 +95,9 @@ from the copyright holders.
 #include <sys/stat.h>
 #endif
 
+#if defined(X11_t)
+#include <tsol/label.h>
+#endif /* X11_t */
 
 #ifndef NO_TCP_H
 #if defined(linux) || defined(__GLIBC__)
@@ -213,6 +216,7 @@ static int TRANS(SocketINETClose) (XtransConnInfo ciptr);
 #if defined(X11_t)
 #define UNIX_PATH "/tmp/.X11-unix/X"
 #define UNIX_DIR "/tmp/.X11-unix"
+#define TSOL_UNIX_DIR  "/var/tsol/doors/.X11-unix"
 #endif /* X11_t */
 #if defined(XIM_t)
 #define UNIX_PATH "/tmp/.XIM-unix/XIM"
@@ -1086,6 +1090,29 @@ TRANS(SocketUNIXCreateListener) (XtransConnInfo ciptr, char *port,
 #else
     mode = 0777;
 #endif
+
+#ifdef X11_t
+    if (is_system_labeled()) {
+	struct stat sbuf;
+
+        if (!abstract && trans_mkdir(TSOL_UNIX_DIR, mode) == -1) {
+	    prmsg (1, "SocketUNIXCreateListener: mkdir(%s) failed, errno = %d\n",
+	       TSOL_UNIX_DIR, errno);
+	    (void) umask (oldUmask);
+	    return TRANS_CREATE_LISTENER_FAILED;
+        }
+
+        /* Create a symlink for UNIX_DIR to TSOL_UNIX_DIR */
+        if (stat(UNIX_DIR, &sbuf) != 0 && symlink(TSOL_UNIX_DIR, UNIX_DIR) != 0) {
+		prmsg (1, 
+		    "SocketUNIXCreateListener: symlink to %s failed, errno = %d\n",
+	       	    TSOL_UNIX_DIR, errno);
+	    (void) umask (oldUmask);
+	    return TRANS_CREATE_LISTENER_FAILED;
+        }
+
+    } else 
+#endif /* X11_t */
     if (!abstract && trans_mkdir(UNIX_DIR, mode) == -1) {
 	prmsg (1, "SocketUNIXCreateListener: mkdir(%s) failed, errno = %d\n",
 	       UNIX_DIR, errno);
@@ -1967,6 +1994,24 @@ TRANS(SocketUNIXConnect) (XtransConnInfo ciptr, char *host, char *port)
 	return TRANS_CONNECT_FAILED;
     }
 
+#if defined(X11_t) 
+    /* 
+     * Create a symlink for UNIX_DIR to TSOL_UNIX_DIR
+     * This link is created in the labeled (non-global) zones.
+     * The rendezvous created by the X server resides in the global zone
+     * and is mounted read-only to other zones.
+     */
+    if (is_system_labeled()) {
+	struct stat sbuf;
+
+        if (stat(UNIX_DIR, &sbuf) != 0 && symlink(TSOL_UNIX_DIR, UNIX_DIR) != 0) {
+	    prmsg (1, "SocketUNIXConnect:: symlink to %s failed, errno = %d\n",
+		TSOL_UNIX_DIR, errno);
+	    return TRANS_CONNECT_FAILED;
+         }
+     }
+#endif /* X11_t */
+
     /*
      * Build the socket name.
      */