Changeset 2635

Show
Ignore:
Timestamp:
03/12/08 14:12:29 (8 months ago)
Author:
pebenito
Message:

xselinux: fix per-role tmpl, the user xserver is sending the xevents and drawables

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/xselinux/policy/modules/services/xserver.if

    r2624 r2635  
    469469 
    470470        # Device rules 
    471         allow $1_x_domain $2:x_device { read getattr setattr setfocus grab bell }; 
    472  
    473         allow $2 { input_xevent_t $1_input_xevent_type }:x_event send; 
    474         allow $2 { x_rootwindow_t $1_x_domain }:x_drawable send; 
    475  
    476         mls_xwin_read_to_clearance($2
     471        allow $1_x_domain $1_xserver_t:x_device { read getattr setattr setfocus grab bell }; 
     472 
     473        allow $1_xserver_t { input_xevent_t $1_input_xevent_type }:x_event send; 
     474        allow $1_xserver_t { x_rootwindow_t $1_x_domain }:x_drawable send; 
     475 
     476        mls_xwin_read_to_clearance($1_xserver_t
    477477 
    478478        xserver_common_x_domain_template($1,$1,$2)