[refpolicy] [PATCH 3/3] X Object manager policy revisions to x_contexts.

Eamon Walsh ewalsh at tycho.nsa.gov
Tue Oct 27 21:20:38 CDT 2009


X Object manager policy revisions to x_contexts.

Many of the specific event, extension, and property types have been
removed for the time being.  Polyinstantiation allows selections and
properties to be separated in a different way, and new X server support
for labeling individual extension requests (as opposed to entire extensions)
should make the extension querying problem easier to solve in the future.

Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
---
 config/appconfig-mcs/x_contexts      |  109 +++------------------------------
 config/appconfig-mls/x_contexts      |  109 +++------------------------------
 config/appconfig-standard/x_contexts |  109 +++------------------------------
 3 files changed, 30 insertions(+), 297 deletions(-)

diff --git a/config/appconfig-mcs/x_contexts b/config/appconfig-mcs/x_contexts
index 08da649..0b32044 100644
--- a/config/appconfig-mcs/x_contexts
+++ b/config/appconfig-mcs/x_contexts
@@ -13,7 +13,7 @@
 # The default client rule defines a context to be used for all clients
 # connecting to the server from a remote host.
 #
-client	*				system_u:object_r:remote_xclient_t:s0
+client	*				system_u:object_r:remote_t:s0
 
 
 #
@@ -27,25 +27,10 @@ client	*				system_u:object_r:remote_xclient_t:s0
 # rule indicated by an asterisk should follow all other property rules.
 #
 # Properties that normal clients may only read
-property XFree86_VT			system_u:object_r:info_xproperty_t:s0
-property XFree86_DDC_EDID1_RAWDATA	system_u:object_r:info_xproperty_t:s0
-property RESOURCE_MANAGER		system_u:object_r:info_xproperty_t:s0
-property SCREEN_RESOURCES		system_u:object_r:info_xproperty_t:s0
-property _MIT_PRIORITY_COLORS		system_u:object_r:info_xproperty_t:s0
-property AT_SPI_IOR			system_u:object_r:info_xproperty_t:s0
-property _SELINUX_CLIENT_CONTEXT	system_u:object_r:info_xproperty_t:s0
-property _NET_WORKAREA			system_u:object_r:info_xproperty_t:s0
-property _XKB_RULES_NAMES		system_u:object_r:info_xproperty_t:s0
+property _SELINUX_*			system_u:object_r:seclabel_xproperty_t:s0
 
 # Clipboard and selection properties
-property CUT_BUFFER0			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER1			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER2			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER3			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER4			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER5			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER6			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER7			system_u:object_r:clipboard_xproperty_t:s0
+property CUT_BUFFER?			system_u:object_r:clipboard_xproperty_t:s0
 
 # Default fallback type
 property *	   			system_u:object_r:xproperty_t:s0
@@ -61,57 +46,11 @@ property *	   			system_u:object_r:xproperty_t:s0
 # Extension rules map an extension name to a context.  A default extension
 # rule indicated by an asterisk should follow all other extension rules.
 #
-# Standard extensions
-extension BIG-REQUESTS			system_u:object_r:std_xext_t:s0
-extension SHAPE				system_u:object_r:std_xext_t:s0
-extension SYNC				system_u:object_r:std_xext_t:s0
-extension XC-MISC			system_u:object_r:std_xext_t:s0
-extension XFIXES			system_u:object_r:std_xext_t:s0
-extension XInputExtension		system_u:object_r:std_xext_t:s0
-extension XKEYBOARD			system_u:object_r:std_xext_t:s0
-extension DAMAGE			system_u:object_r:std_xext_t:s0
-extension RENDER			system_u:object_r:std_xext_t:s0
-extension XINERAMA			system_u:object_r:std_xext_t:s0
-
-# Direct hardware access extensions
-extension XFree86-DGA			system_u:object_r:directhw_xext_t:s0
-extension XFree86-VidModeExtension	system_u:object_r:directhw_xext_t:s0
-
-# Screen management and multihead extensions
-extension RANDR				system_u:object_r:output_xext_t:s0
-extension Composite			system_u:object_r:output_xext_t:s0
-
-# Screensaver, power management extensions
-extension DPMS				system_u:object_r:screensaver_xext_t:s0
-extension MIT-SCREEN-SAVER		system_u:object_r:screensaver_xext_t:s0
-
-# Shared memory extensions
-extension MIT-SHM			system_u:object_r:shmem_xext_t:s0
-extension XFree86-Bigfont		system_u:object_r:shmem_xext_t:s0
-
-# Accelerated graphics, OpenGL, direct rendering extensions
-extension GLX				system_u:object_r:accelgraphics_xext_t:s0
-extension NV-CONTROL			system_u:object_r:accelgraphics_xext_t:s0
-extension NV-GLX			system_u:object_r:accelgraphics_xext_t:s0
-extension NVIDIA-GLX			system_u:object_r:accelgraphics_xext_t:s0
-
-# Debugging, testing, and recording extensions
-extension RECORD			system_u:object_r:debug_xext_t:s0
-extension X-Resource			system_u:object_r:debug_xext_t:s0
-extension XTEST				system_u:object_r:debug_xext_t:s0
-
-# Security-related extensions
-extension SECURITY			system_u:object_r:security_xext_t:s0
-extension SELinux			system_u:object_r:security_xext_t:s0
-extension XAccessControlExtension	system_u:object_r:security_xext_t:s0
-extension XC-APPGROUP			system_u:object_r:security_xext_t:s0
-
-# Video extensions
-extension XVideo			system_u:object_r:video_xext_t:s0
-extension XVideo-MotionCompensation	system_u:object_r:video_xext_t:s0
+# Restricted extensions
+extension SELinux			system_u:object_r:security_xextension_t:s0
 
-# Default fallback type
-extension *	   			system_u:object_r:xext_t:s0
+# Standard extensions
+extension *	   			system_u:object_r:xextension_t:s0
 
 
 #
@@ -124,8 +63,6 @@ extension *	   			system_u:object_r:xext_t:s0
 # rule indicated by an asterisk should follow all other selection rules.
 #
 # Standard selections
-selection XA_PRIMARY			system_u:object_r:clipboard_xselection_t:s0
-selection XA_SECONDARY			system_u:object_r:clipboard_xselection_t:s0
 selection PRIMARY			system_u:object_r:clipboard_xselection_t:s0
 selection CLIPBOARD			system_u:object_r:clipboard_xselection_t:s0
 
@@ -149,7 +86,6 @@ event X11:KeyRelease			system_u:object_r:input_xevent_t:s0
 event X11:ButtonPress			system_u:object_r:input_xevent_t:s0
 event X11:ButtonRelease			system_u:object_r:input_xevent_t:s0
 event X11:MotionNotify			system_u:object_r:input_xevent_t:s0
-event X11:SelectionNotify		system_u:object_r:input_xevent_t:s0
 event XInputExtension:DeviceKeyPress	system_u:object_r:input_xevent_t:s0
 event XInputExtension:DeviceKeyRelease	system_u:object_r:input_xevent_t:s0
 event XInputExtension:DeviceButtonPress	system_u:object_r:input_xevent_t:s0
@@ -159,36 +95,11 @@ event XInputExtension:DeviceValuator	system_u:object_r:input_xevent_t:s0
 event XInputExtension:ProximityIn	system_u:object_r:input_xevent_t:s0
 event XInputExtension:ProximityOut	system_u:object_r:input_xevent_t:s0
 
-# Focus events
-event X11:FocusIn			system_u:object_r:focus_xevent_t:s0
-event X11:FocusOut			system_u:object_r:focus_xevent_t:s0
-event X11:EnterNotify			system_u:object_r:focus_xevent_t:s0
-event X11:LeaveNotify			system_u:object_r:focus_xevent_t:s0
-
-# Property events
-event X11:PropertyNotify		system_u:object_r:property_xevent_t:s0
-
 # Client message events
 event X11:ClientMessage			system_u:object_r:client_xevent_t:s0
-
-# Manager events
-event X11:ConfigureRequest		system_u:object_r:manage_xevent_t:s0
-event X11:ResizeRequest			system_u:object_r:manage_xevent_t:s0
-event X11:MapRequest			system_u:object_r:manage_xevent_t:s0
-event X11:CirculateRequest		system_u:object_r:manage_xevent_t:s0
-event X11:CreateNotify			system_u:object_r:manage_xevent_t:s0
-event X11:DestroyNotify			system_u:object_r:manage_xevent_t:s0
-event X11:MapNotify			system_u:object_r:manage_xevent_t:s0
-event X11:UnmapNotify			system_u:object_r:manage_xevent_t:s0
-event X11:ReparentNotify		system_u:object_r:manage_xevent_t:s0
-event X11:ConfigureNotify		system_u:object_r:manage_xevent_t:s0
-event X11:GravityNotify			system_u:object_r:manage_xevent_t:s0
-event X11:CirculateNotify		system_u:object_r:manage_xevent_t:s0
-event X11:Expose			system_u:object_r:manage_xevent_t:s0
-event X11:VisibilityNotify		system_u:object_r:manage_xevent_t:s0
-
-# Unknown events (that are not registered in the X server's name database)
-event <unknown>				system_u:object_r:unknown_xevent_t:s0
+event X11:SelectionNotify		system_u:object_r:client_xevent_t:s0
+event X11:UnmapNotify			system_u:object_r:client_xevent_t:s0
+event X11:ConfigureNotify		system_u:object_r:client_xevent_t:s0
 
 # Default fallback type
 event *					system_u:object_r:xevent_t:s0
diff --git a/config/appconfig-mls/x_contexts b/config/appconfig-mls/x_contexts
index 08da649..0b32044 100644
--- a/config/appconfig-mls/x_contexts
+++ b/config/appconfig-mls/x_contexts
@@ -13,7 +13,7 @@
 # The default client rule defines a context to be used for all clients
 # connecting to the server from a remote host.
 #
-client	*				system_u:object_r:remote_xclient_t:s0
+client	*				system_u:object_r:remote_t:s0
 
 
 #
@@ -27,25 +27,10 @@ client	*				system_u:object_r:remote_xclient_t:s0
 # rule indicated by an asterisk should follow all other property rules.
 #
 # Properties that normal clients may only read
-property XFree86_VT			system_u:object_r:info_xproperty_t:s0
-property XFree86_DDC_EDID1_RAWDATA	system_u:object_r:info_xproperty_t:s0
-property RESOURCE_MANAGER		system_u:object_r:info_xproperty_t:s0
-property SCREEN_RESOURCES		system_u:object_r:info_xproperty_t:s0
-property _MIT_PRIORITY_COLORS		system_u:object_r:info_xproperty_t:s0
-property AT_SPI_IOR			system_u:object_r:info_xproperty_t:s0
-property _SELINUX_CLIENT_CONTEXT	system_u:object_r:info_xproperty_t:s0
-property _NET_WORKAREA			system_u:object_r:info_xproperty_t:s0
-property _XKB_RULES_NAMES		system_u:object_r:info_xproperty_t:s0
+property _SELINUX_*			system_u:object_r:seclabel_xproperty_t:s0
 
 # Clipboard and selection properties
-property CUT_BUFFER0			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER1			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER2			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER3			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER4			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER5			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER6			system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER7			system_u:object_r:clipboard_xproperty_t:s0
+property CUT_BUFFER?			system_u:object_r:clipboard_xproperty_t:s0
 
 # Default fallback type
 property *	   			system_u:object_r:xproperty_t:s0
@@ -61,57 +46,11 @@ property *	   			system_u:object_r:xproperty_t:s0
 # Extension rules map an extension name to a context.  A default extension
 # rule indicated by an asterisk should follow all other extension rules.
 #
-# Standard extensions
-extension BIG-REQUESTS			system_u:object_r:std_xext_t:s0
-extension SHAPE				system_u:object_r:std_xext_t:s0
-extension SYNC				system_u:object_r:std_xext_t:s0
-extension XC-MISC			system_u:object_r:std_xext_t:s0
-extension XFIXES			system_u:object_r:std_xext_t:s0
-extension XInputExtension		system_u:object_r:std_xext_t:s0
-extension XKEYBOARD			system_u:object_r:std_xext_t:s0
-extension DAMAGE			system_u:object_r:std_xext_t:s0
-extension RENDER			system_u:object_r:std_xext_t:s0
-extension XINERAMA			system_u:object_r:std_xext_t:s0
-
-# Direct hardware access extensions
-extension XFree86-DGA			system_u:object_r:directhw_xext_t:s0
-extension XFree86-VidModeExtension	system_u:object_r:directhw_xext_t:s0
-
-# Screen management and multihead extensions
-extension RANDR				system_u:object_r:output_xext_t:s0
-extension Composite			system_u:object_r:output_xext_t:s0
-
-# Screensaver, power management extensions
-extension DPMS				system_u:object_r:screensaver_xext_t:s0
-extension MIT-SCREEN-SAVER		system_u:object_r:screensaver_xext_t:s0
-
-# Shared memory extensions
-extension MIT-SHM			system_u:object_r:shmem_xext_t:s0
-extension XFree86-Bigfont		system_u:object_r:shmem_xext_t:s0
-
-# Accelerated graphics, OpenGL, direct rendering extensions
-extension GLX				system_u:object_r:accelgraphics_xext_t:s0
-extension NV-CONTROL			system_u:object_r:accelgraphics_xext_t:s0
-extension NV-GLX			system_u:object_r:accelgraphics_xext_t:s0
-extension NVIDIA-GLX			system_u:object_r:accelgraphics_xext_t:s0
-
-# Debugging, testing, and recording extensions
-extension RECORD			system_u:object_r:debug_xext_t:s0
-extension X-Resource			system_u:object_r:debug_xext_t:s0
-extension XTEST				system_u:object_r:debug_xext_t:s0
-
-# Security-related extensions
-extension SECURITY			system_u:object_r:security_xext_t:s0
-extension SELinux			system_u:object_r:security_xext_t:s0
-extension XAccessControlExtension	system_u:object_r:security_xext_t:s0
-extension XC-APPGROUP			system_u:object_r:security_xext_t:s0
-
-# Video extensions
-extension XVideo			system_u:object_r:video_xext_t:s0
-extension XVideo-MotionCompensation	system_u:object_r:video_xext_t:s0
+# Restricted extensions
+extension SELinux			system_u:object_r:security_xextension_t:s0
 
-# Default fallback type
-extension *	   			system_u:object_r:xext_t:s0
+# Standard extensions
+extension *	   			system_u:object_r:xextension_t:s0
 
 
 #
@@ -124,8 +63,6 @@ extension *	   			system_u:object_r:xext_t:s0
 # rule indicated by an asterisk should follow all other selection rules.
 #
 # Standard selections
-selection XA_PRIMARY			system_u:object_r:clipboard_xselection_t:s0
-selection XA_SECONDARY			system_u:object_r:clipboard_xselection_t:s0
 selection PRIMARY			system_u:object_r:clipboard_xselection_t:s0
 selection CLIPBOARD			system_u:object_r:clipboard_xselection_t:s0
 
@@ -149,7 +86,6 @@ event X11:KeyRelease			system_u:object_r:input_xevent_t:s0
 event X11:ButtonPress			system_u:object_r:input_xevent_t:s0
 event X11:ButtonRelease			system_u:object_r:input_xevent_t:s0
 event X11:MotionNotify			system_u:object_r:input_xevent_t:s0
-event X11:SelectionNotify		system_u:object_r:input_xevent_t:s0
 event XInputExtension:DeviceKeyPress	system_u:object_r:input_xevent_t:s0
 event XInputExtension:DeviceKeyRelease	system_u:object_r:input_xevent_t:s0
 event XInputExtension:DeviceButtonPress	system_u:object_r:input_xevent_t:s0
@@ -159,36 +95,11 @@ event XInputExtension:DeviceValuator	system_u:object_r:input_xevent_t:s0
 event XInputExtension:ProximityIn	system_u:object_r:input_xevent_t:s0
 event XInputExtension:ProximityOut	system_u:object_r:input_xevent_t:s0
 
-# Focus events
-event X11:FocusIn			system_u:object_r:focus_xevent_t:s0
-event X11:FocusOut			system_u:object_r:focus_xevent_t:s0
-event X11:EnterNotify			system_u:object_r:focus_xevent_t:s0
-event X11:LeaveNotify			system_u:object_r:focus_xevent_t:s0
-
-# Property events
-event X11:PropertyNotify		system_u:object_r:property_xevent_t:s0
-
 # Client message events
 event X11:ClientMessage			system_u:object_r:client_xevent_t:s0
-
-# Manager events
-event X11:ConfigureRequest		system_u:object_r:manage_xevent_t:s0
-event X11:ResizeRequest			system_u:object_r:manage_xevent_t:s0
-event X11:MapRequest			system_u:object_r:manage_xevent_t:s0
-event X11:CirculateRequest		system_u:object_r:manage_xevent_t:s0
-event X11:CreateNotify			system_u:object_r:manage_xevent_t:s0
-event X11:DestroyNotify			system_u:object_r:manage_xevent_t:s0
-event X11:MapNotify			system_u:object_r:manage_xevent_t:s0
-event X11:UnmapNotify			system_u:object_r:manage_xevent_t:s0
-event X11:ReparentNotify		system_u:object_r:manage_xevent_t:s0
-event X11:ConfigureNotify		system_u:object_r:manage_xevent_t:s0
-event X11:GravityNotify			system_u:object_r:manage_xevent_t:s0
-event X11:CirculateNotify		system_u:object_r:manage_xevent_t:s0
-event X11:Expose			system_u:object_r:manage_xevent_t:s0
-event X11:VisibilityNotify		system_u:object_r:manage_xevent_t:s0
-
-# Unknown events (that are not registered in the X server's name database)
-event <unknown>				system_u:object_r:unknown_xevent_t:s0
+event X11:SelectionNotify		system_u:object_r:client_xevent_t:s0
+event X11:UnmapNotify			system_u:object_r:client_xevent_t:s0
+event X11:ConfigureNotify		system_u:object_r:client_xevent_t:s0
 
 # Default fallback type
 event *					system_u:object_r:xevent_t:s0
diff --git a/config/appconfig-standard/x_contexts b/config/appconfig-standard/x_contexts
index f9cefb9..5b752f8 100644
--- a/config/appconfig-standard/x_contexts
+++ b/config/appconfig-standard/x_contexts
@@ -13,7 +13,7 @@
 # The default client rule defines a context to be used for all clients
 # connecting to the server from a remote host.
 #
-client	*				system_u:object_r:remote_xclient_t
+client	*				system_u:object_r:remote_t
 
 
 #
@@ -27,25 +27,10 @@ client	*				system_u:object_r:remote_xclient_t
 # rule indicated by an asterisk should follow all other property rules.
 #
 # Properties that normal clients may only read
-property XFree86_VT			system_u:object_r:info_xproperty_t
-property XFree86_DDC_EDID1_RAWDATA	system_u:object_r:info_xproperty_t
-property RESOURCE_MANAGER		system_u:object_r:info_xproperty_t
-property SCREEN_RESOURCES		system_u:object_r:info_xproperty_t
-property _MIT_PRIORITY_COLORS		system_u:object_r:info_xproperty_t
-property AT_SPI_IOR			system_u:object_r:info_xproperty_t
-property _SELINUX_CLIENT_CONTEXT	system_u:object_r:info_xproperty_t
-property _NET_WORKAREA			system_u:object_r:info_xproperty_t
-property _XKB_RULES_NAMES		system_u:object_r:info_xproperty_t
+property _SELINUX_*			system_u:object_r:seclabel_xproperty_t
 
 # Clipboard and selection properties
-property CUT_BUFFER0			system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER1			system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER2			system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER3			system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER4			system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER5			system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER6			system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER7			system_u:object_r:clipboard_xproperty_t
+property CUT_BUFFER?			system_u:object_r:clipboard_xproperty_t
 
 # Default fallback type
 property *	   			system_u:object_r:xproperty_t
@@ -61,57 +46,11 @@ property *	   			system_u:object_r:xproperty_t
 # Extension rules map an extension name to a context.  A default extension
 # rule indicated by an asterisk should follow all other extension rules.
 #
-# Standard extensions
-extension BIG-REQUESTS			system_u:object_r:std_xext_t
-extension SHAPE				system_u:object_r:std_xext_t
-extension SYNC				system_u:object_r:std_xext_t
-extension XC-MISC			system_u:object_r:std_xext_t
-extension XFIXES			system_u:object_r:std_xext_t
-extension XInputExtension		system_u:object_r:std_xext_t
-extension XKEYBOARD			system_u:object_r:std_xext_t
-extension DAMAGE			system_u:object_r:std_xext_t
-extension RENDER			system_u:object_r:std_xext_t
-extension XINERAMA			system_u:object_r:std_xext_t
-
-# Direct hardware access extensions
-extension XFree86-DGA			system_u:object_r:directhw_xext_t
-extension XFree86-VidModeExtension	system_u:object_r:directhw_xext_t
-
-# Screen management and multihead extensions
-extension RANDR				system_u:object_r:output_xext_t
-extension Composite			system_u:object_r:output_xext_t
-
-# Screensaver, power management extensions
-extension DPMS				system_u:object_r:screensaver_xext_t
-extension MIT-SCREEN-SAVER		system_u:object_r:screensaver_xext_t
-
-# Shared memory extensions
-extension MIT-SHM			system_u:object_r:shmem_xext_t
-extension XFree86-Bigfont		system_u:object_r:shmem_xext_t
-
-# Accelerated graphics, OpenGL, direct rendering extensions
-extension GLX				system_u:object_r:accelgraphics_xext_t
-extension NV-CONTROL			system_u:object_r:accelgraphics_xext_t
-extension NV-GLX			system_u:object_r:accelgraphics_xext_t
-extension NVIDIA-GLX			system_u:object_r:accelgraphics_xext_t
-
-# Debugging, testing, and recording extensions
-extension RECORD			system_u:object_r:debug_xext_t
-extension X-Resource			system_u:object_r:debug_xext_t
-extension XTEST				system_u:object_r:debug_xext_t
-
-# Security-related extensions
-extension SECURITY			system_u:object_r:security_xext_t
-extension SELinux			system_u:object_r:security_xext_t
-extension XAccessControlExtension	system_u:object_r:security_xext_t
-extension XC-APPGROUP			system_u:object_r:security_xext_t
-
-# Video extensions
-extension XVideo			system_u:object_r:video_xext_t
-extension XVideo-MotionCompensation	system_u:object_r:video_xext_t
+# Restricted extensions
+extension SELinux			system_u:object_r:security_xextension_t
 
-# Default fallback type
-extension *	   			system_u:object_r:xext_t
+# Standard extensions
+extension *	   			system_u:object_r:xextension_t
 
 
 #
@@ -124,8 +63,6 @@ extension *	   			system_u:object_r:xext_t
 # rule indicated by an asterisk should follow all other selection rules.
 #
 # Standard selections
-selection XA_PRIMARY			system_u:object_r:clipboard_xselection_t
-selection XA_SECONDARY			system_u:object_r:clipboard_xselection_t
 selection PRIMARY			system_u:object_r:clipboard_xselection_t
 selection CLIPBOARD			system_u:object_r:clipboard_xselection_t
 
@@ -149,7 +86,6 @@ event X11:KeyRelease			system_u:object_r:input_xevent_t
 event X11:ButtonPress			system_u:object_r:input_xevent_t
 event X11:ButtonRelease			system_u:object_r:input_xevent_t
 event X11:MotionNotify			system_u:object_r:input_xevent_t
-event X11:SelectionNotify		system_u:object_r:input_xevent_t
 event XInputExtension:DeviceKeyPress	system_u:object_r:input_xevent_t
 event XInputExtension:DeviceKeyRelease	system_u:object_r:input_xevent_t
 event XInputExtension:DeviceButtonPress	system_u:object_r:input_xevent_t
@@ -159,36 +95,11 @@ event XInputExtension:DeviceValuator	system_u:object_r:input_xevent_t
 event XInputExtension:ProximityIn	system_u:object_r:input_xevent_t
 event XInputExtension:ProximityOut	system_u:object_r:input_xevent_t
 
-# Focus events
-event X11:FocusIn			system_u:object_r:focus_xevent_t
-event X11:FocusOut			system_u:object_r:focus_xevent_t
-event X11:EnterNotify			system_u:object_r:focus_xevent_t
-event X11:LeaveNotify			system_u:object_r:focus_xevent_t
-
-# Property events
-event X11:PropertyNotify		system_u:object_r:property_xevent_t
-
 # Client message events
 event X11:ClientMessage			system_u:object_r:client_xevent_t
-
-# Manager events
-event X11:ConfigureRequest		system_u:object_r:manage_xevent_t
-event X11:ResizeRequest			system_u:object_r:manage_xevent_t
-event X11:MapRequest			system_u:object_r:manage_xevent_t
-event X11:CirculateRequest		system_u:object_r:manage_xevent_t
-event X11:CreateNotify			system_u:object_r:manage_xevent_t
-event X11:DestroyNotify			system_u:object_r:manage_xevent_t
-event X11:MapNotify			system_u:object_r:manage_xevent_t
-event X11:UnmapNotify			system_u:object_r:manage_xevent_t
-event X11:ReparentNotify		system_u:object_r:manage_xevent_t
-event X11:ConfigureNotify		system_u:object_r:manage_xevent_t
-event X11:GravityNotify			system_u:object_r:manage_xevent_t
-event X11:CirculateNotify		system_u:object_r:manage_xevent_t
-event X11:Expose			system_u:object_r:manage_xevent_t
-event X11:VisibilityNotify		system_u:object_r:manage_xevent_t
-
-# Unknown events (that are not registered in the X server's name database)
-event <unknown>				system_u:object_r:unknown_xevent_t
+event X11:SelectionNotify		system_u:object_r:client_xevent_t
+event X11:UnmapNotify			system_u:object_r:client_xevent_t
+event X11:ConfigureNotify		system_u:object_r:client_xevent_t
 
 # Default fallback type
 event *					system_u:object_r:xevent_t
-- 
1.6.5.rc2



-- 

Eamon Walsh 
National Security Agency



More information about the refpolicy mailing list