Changeset 2621

Show
Ignore:
Timestamp:
02/21/08 09:00:14 (10 months ago)
Author:
pebenito
Message:

xselinux: initial rename/restructure to have a unified template for an x domain's kernel objects and x objects.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/xselinux/policy/modules/apps/mozilla.if

    r2599 r2621  
    192192        userdom_manage_user_tmp_sockets($1,$1_mozilla_t) 
    193193         
    194         xserver_user_client_template($1,$1_mozilla_t,$1_mozilla_tmpfs_t) 
    195         xserver_common_client_template($1,$1_mozilla,$1_mozilla_t) 
     194        xserver_user_x_domain_template($1,$1_mozilla,$1_mozilla_t,$1_mozilla_tmpfs_t) 
    196195        xserver_dontaudit_read_xdm_tmp_files($1_mozilla_t) 
    197196        xserver_dontaudit_getattr_xdm_tmp_sockets($1_mozilla_t) 

  • branches/xselinux/policy/modules/services/xserver.if

    r2618 r2621  
    465465        ') 
    466466 
    467         xserver_common_client_template($1,$1,$2) 
     467        ############################## 
     468        # 
     469        # User X object manager local policy 
     470        # 
     471 
    468472        mls_xwin_read_to_clearance($2) 
     473 
     474        xserver_common_x_domain_template($1,$1,$2) 
    469475 
    470476        tunable_policy(`xserver_object_manager',` 
     
    581587# 
    582588template(`xserver_user_client_template',` 
    583  
     589        refpolicywarn(`$0() has been deprecated, please use xserver_user_x_domain_template instead.') 
    584590        gen_require(` 
    585591                type xdm_t, xdm_tmp_t; 
     
    648654## </param> 
    649655# 
    650 template(`xserver_common_client_template',` 
     656template(`xserver_common_x_domain_template',` 
    651657        gen_require(` 
    652658                type x_rootwindow_t, x_rootcolormap_t, std_xext_t, shmem_xext_t; 
     
    824830') 
    825831 
     832####################################### 
     833## <summary> 
     834##      Interface to provide X object permissions on a given X server to 
     835##      an X client domain.  Provides the minimal set required by a basic 
     836##      X client application. 
     837## </summary> 
     838## <param name="user"> 
     839##      <summary> 
     840##      The prefix of the X server domain (e.g., user 
     841##      is the prefix for user_t). 
     842##      </summary> 
     843## </param> 
     844## <param name="prefix"> 
     845##      <summary> 
     846##      The prefix of the X client domain (e.g., user 
     847##      is the prefix for user_t). 
     848##      </summary> 
     849## </param> 
     850## <param name="domain"> 
     851##      <summary> 
     852##      Client domain allowed access. 
     853##      </summary> 
     854## </param> 
     855## <param name="tmpfs_type"> 
     856##      <summary> 
     857##      The type of the domain SYSV tmpfs files. 
     858##      </summary> 
     859## </param> 
     860# 
     861template(`xserver_user_x_domain_template',` 
     862        gen_require(` 
     863                type xdm_t, xdm_tmp_t; 
     864                type $1_xauth_home_t, $1_iceauth_home_t, $1_xserver_t, $1_xserver_tmpfs_t; 
     865        ') 
     866 
     867        allow $3 self:shm create_shm_perms; 
     868        allow $3 self:unix_dgram_socket create_socket_perms; 
     869        allow $3 self:unix_stream_socket { connectto create_stream_socket_perms }; 
     870 
     871        # Read .Xauthority file 
     872        allow $3 $1_xauth_home_t:file { getattr read }; 
     873        allow $3 $1_iceauth_home_t:file { getattr read }; 
     874 
     875        # for when /tmp/.X11-unix is created by the system 
     876        allow $3 xdm_t:fd use; 
     877        allow $3 xdm_t:fifo_file { getattr read write ioctl }; 
     878        allow $3 xdm_tmp_t:dir search; 
     879        allow $3 xdm_tmp_t:sock_file { read write }; 
     880        dontaudit $3 xdm_t:tcp_socket { read write }; 
     881 
     882        # Allow connections to X server. 
     883        files_search_tmp($3) 
     884 
     885        miscfiles_read_fonts($3) 
     886 
     887        userdom_search_user_home_dirs($1,$3) 
     888        # for .xsession-errors 
     889        userdom_dontaudit_write_user_home_content_files($1,$3) 
     890 
     891        xserver_ro_session_template(xdm,$3,$4) 
     892        xserver_rw_session_template($1,$3,$4) 
     893        xserver_use_user_fonts($1,$3) 
     894 
     895        xserver_read_xdm_tmp_files($3) 
     896 
     897        # X object manager 
     898        xserver_common_x_domain_template($1,$2,$3) 
     899 
     900        # Client write xserver shm 
     901        tunable_policy(`allow_write_xshm',` 
     902                allow $3 $1_xserver_t:shm rw_shm_perms; 
     903                allow $3 $1_xserver_tmpfs_t:file rw_file_perms; 
     904        ') 
     905') 
     906 
    826907######################################## 
    827908## <summary> 

  • branches/xselinux/policy/modules/services/xserver.te

    r2619 r2621  
    128128 
    129129xserver_common_domain_template(xdm) 
    130 xserver_common_client_template(xdm,xdm,xdm_t) 
     130xserver_common_x_domain_template(xdm,xdm,xdm_t) 
    131131init_system_domain(xdm_xserver_t,xserver_exec_t) 
    132132