[refpolicy] [PATCH 5/6] X Object Manager policy revisions to xserver.if.

Eamon Walsh ewalsh at tycho.nsa.gov
Tue Oct 13 20:31:00 CDT 2009


X Object Manager policy revisions to xserver.if.

This commit consists of two parts:

1. Revisions to xserver_object_types_template and
    xserver_common_x_domain_template.  This reflects the dropping
    of many of the specific event, extension, and property types.

2. New interfaces:
    xserver_manage_core_devices: Gives control over core mouse/keyboard.
    xserver_unprotected: Allows all clients to access a domain's X objects.
    Modified interfaces:
    xserver_unconfined: Added x_domain typeattribute statement.

Signed-off-by: Eamon Walsh<ewalsh at tycho.nsa.gov>
---
  policy/modules/services/xserver.if |  105 +++++++++++++++++++++--------------
  1 files changed, 63 insertions(+), 42 deletions(-)

diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 99bddec..8d1e240 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -324,18 +324,13 @@ interface(`xserver_user_client',`
  #
  template(`xserver_common_x_domain_template',`
  	gen_require(`
-		type $1_xproperty_t, $1_input_xevent_t, $1_property_xevent_t;
-		type $1_focus_xevent_t, $1_manage_xevent_t, $1_default_xevent_t;
-		type $1_client_xevent_t;
-
-		type rootwindow_t, xproperty_t;
-		type input_xevent_t, focus_xevent_t, property_xevent_t, manage_xevent_t;
+		type root_xdrawable_t;
+		type xproperty_t, $1_xproperty_t;
  		type xevent_t, client_xevent_t;
+		type input_xevent_t, $1_input_xevent_t;

  		attribute x_domain;
-		attribute xproperty_type;
-		attribute xevent_type;
-		attribute input_xevent_type;
+		attribute xdrawable_type, xcolormap_type;

  		class x_drawable all_x_drawable_perms;
  		class x_property all_x_property_perms;
@@ -350,32 +345,28 @@ template(`xserver_common_x_domain_template',`

  	# Type attributes
  	typeattribute $2 x_domain;
+	typeattribute $2 xdrawable_type, xcolormap_type;

  	# X Properties
-	# can read and write client properties
-	allow $2 $1_xproperty_t:x_property { create destroy read write append };
-	type_transition $2 xproperty_t:x_property $1_xproperty_t;
+	# disable property transitions for the time being.
+#	type_transition $2 xproperty_t:x_property $1_xproperty_t;

  	# X Windows
  	# new windows have the domain type
-	type_transition $2 rootwindow_t:x_drawable $2;
+	type_transition $2 root_xdrawable_t:x_drawable $2;

  	# X Input
+	# distinguish input events
+	type_transition $2 input_xevent_t:x_event $1_input_xevent_t;
+	# can send own events
+	allow $2 $1_input_xevent_t:{ x_event x_synthetic_event } send;
  	# can receive own events
  	allow $2 $1_input_xevent_t:{ x_event x_synthetic_event } receive;
-	allow $2 $1_property_xevent_t:{ x_event x_synthetic_event } receive;
-	allow $2 $1_focus_xevent_t:{ x_event x_synthetic_event } receive;
-	allow $2 $1_manage_xevent_t:{ x_event x_synthetic_event } receive;
-	allow $2 $1_default_xevent_t:{ x_event x_synthetic_event } receive;
-	allow $2 $1_client_xevent_t:{ x_event x_synthetic_event } receive;
-	type_transition $2 input_xevent_t:x_event $1_input_xevent_t;
-	type_transition $2 property_xevent_t:x_event $1_property_xevent_t;
-	type_transition $2 focus_xevent_t:x_event $1_focus_xevent_t;
-	type_transition $2 manage_xevent_t:x_event $1_manage_xevent_t;
-	type_transition $2 client_xevent_t:x_event $1_client_xevent_t;
-	type_transition $2 xevent_t:x_event $1_default_xevent_t;
-	# can send ICCCM events to myself
-	allow $2 $1_manage_xevent_t:x_synthetic_event send;
+	# can receive default events
+	allow $2 client_xevent_t:{ x_event x_synthetic_event } receive;
+	allow $2 xevent_t:{ x_event x_synthetic_event } receive;
+	# don't audit send failures
+	dontaudit $2 input_xevent_type:x_event send;
  ')

  #######################################
@@ -401,27 +392,12 @@ template(`xserver_object_types_template',`
  	#

  	# Types for properties
-	type $1_xproperty_t alias $1_default_xproperty_t, xproperty_type;
+	type $1_xproperty_t, xproperty_type;
  	ubac_constrained($1_xproperty_t)

  	# Types for events
  	type $1_input_xevent_t, input_xevent_type, xevent_type;
  	ubac_constrained($1_input_xevent_t)
-
-	type $1_property_xevent_t, xevent_type;
-	ubac_constrained($1_property_xevent_t)
-
-	type $1_focus_xevent_t, xevent_type;
-	ubac_constrained($1_focus_xevent_t)
-
-	type $1_manage_xevent_t, xevent_type;
-	ubac_constrained($1_manage_xevent_t)
-
-	type $1_default_xevent_t, xevent_type;
-	ubac_constrained($1_default_xevent_t)
-
-	type $1_client_xevent_t, xevent_type;
-	ubac_constrained($1_client_xevent_t)
  ')

  #######################################
@@ -1214,6 +1190,49 @@ interface(`xserver_read_tmp_files',`
  ########################################
  ##<summary>
  ##	Interface to provide X object permissions on a given X server to
+##	an X client domain.  Gives the domain permission to read the
+##      virtual core keyboard and virtual core pointer devices.
+##</summary>
+##<param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+##</param>
+#
+interface(`xserver_manage_core_devices',`
+	gen_require(`
+		type xserver_t;
+		class x_device all_x_device_perms;
+		class x_pointer all_x_pointer_perms;
+		class x_keyboard all_x_keyboard_perms;
+	')
+
+	allow $1 xserver_t:{ x_device x_pointer x_keyboard } *;
+')
+
+########################################
+##<summary>
+##	Interface to remove protections on an X client domain.
+##	Gives other X client domains full permissions over the target
+##	domain's X objects.
+##</summary>
+##<param name="domain">
+##	<summary>
+##	Domain to be unprotected.
+##	</summary>
+##</param>
+#
+interface(`xserver_unprotected',`
+	gen_require(`
+		attribute xserver_unprotected_type;
+	')
+
+	typeattribute $1 xserver_unprotected_type;
+')
+
+########################################
+##<summary>
+##	Interface to provide X object permissions on a given X server to
  ##	an X client domain.  Gives the domain complete control over the
  ##	display.
  ##</summary>
@@ -1225,8 +1244,10 @@ interface(`xserver_read_tmp_files',`
  #
  interface(`xserver_unconfined',`
  	gen_require(`
+		attribute x_domain;
  		attribute xserver_unconfined_type;
  	')

+	typeattribute $1 x_domain;
  	typeattribute $1 xserver_unconfined_type;
  ')
-- 
1.6.5.rc2




More information about the refpolicy mailing list