Navigation

← Previous Changeset
Next Changeset →

Changeset 2640

Timestamp:

03/17/08 11:59:29 (8 months ago)

Author:

pebenito

Message:

xselinux: some renaming to be more consistent with naming of fallback types. work through some denials from testing.

Files:

branches/xselinux/config/appconfig-mcs/x_contexts (modified) (4 diffs)
branches/xselinux/config/appconfig-mls/x_contexts (modified) (4 diffs)
branches/xselinux/config/appconfig-standard/x_contexts (modified) (4 diffs)
branches/xselinux/policy/modules/services/xserver.if (modified) (7 diffs)
branches/xselinux/policy/modules/services/xserver.te (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/xselinux/config/appconfig-mcs/x_contexts

r2636	r2640
49	49
50	50	# Default fallback type
51		property * system_u:object_r:~~default_~~xproperty_t:s0
	51	property * system_u:object_r:xproperty_t:s0
52	52
53	53
…	…
112	112
113	113	# Default fallback type
114		extension * system_u:object_r:~~unknown_~~xext_t:s0
	114	extension * system_u:object_r:xext_t:s0
115	115
116	116
…	…
130	130
131	131	# Default fallback type
132		selection * system_u:object_r:~~default_~~xselection_t:s0
	132	selection * system_u:object_r:xselection_t:s0
133	133
134	134
…	…
191	191
192	192	# Default fallback type
193		event * system_u:object_r:~~default_~~xevent_t:s0
	193	event * system_u:object_r:xevent_t:s0

branches/xselinux/config/appconfig-mls/x_contexts

r2636	r2640
49	49
50	50	# Default fallback type
51		property * system_u:object_r:~~default_~~xproperty_t:s0
	51	property * system_u:object_r:xproperty_t:s0
52	52
53	53
…	…
112	112
113	113	# Default fallback type
114		extension * system_u:object_r:~~unknown_~~xext_t:s0
	114	extension * system_u:object_r:xext_t:s0
115	115
116	116
…	…
130	130
131	131	# Default fallback type
132		selection * system_u:object_r:~~default_~~xselection_t:s0
	132	selection * system_u:object_r:xselection_t:s0
133	133
134	134
…	…
191	191
192	192	# Default fallback type
193		event * system_u:object_r:~~default_~~xevent_t:s0
	193	event * system_u:object_r:xevent_t:s0

branches/xselinux/config/appconfig-standard/x_contexts

r2636	r2640
49	49
50	50	# Default fallback type
51		property * system_u:object_r:~~default_~~xproperty_t
	51	property * system_u:object_r:xproperty_t
52	52
53	53
…	…
112	112
113	113	# Default fallback type
114		extension * system_u:object_r:~~unknown_~~xext_t
	114	extension * system_u:object_r:xext_t
115	115
116	116
…	…
130	130
131	131	# Default fallback type
132		selection * system_u:object_r:~~default_~~xselection_t
	132	selection * system_u:object_r:xselection_t
133	133
134	134
…	…
191	191
192	192	# Default fallback type
193		event * system_u:object_r:~~default_~~xevent_t
	193	event * system_u:object_r:xevent_t

branches/xselinux/policy/modules/services/xserver.if

r2637	r2640
189	189	selinux_compute_create_context($1_xserver_t)
190	190
	191	# read x_contexts
	192	seutil_read_default_contexts($1_xserver_t)
	193
191	194	logging_send_audit_msgs($1_xserver_t)
192	195	',`
…	…
474	477	allow $1_xserver_t { x_rootwindow_t $1_x_domain }:x_drawable send;
475	478
	479	# manage: xhost X11:ChangeHosts
	480	# freeze: metacity X11:GrabKey
	481	allow $2 $1_xserver_t:x_device { manage freeze };
	482
	483	# gnome-settings-daemon XKEYBOARD:SetControls
	484	allow $2 $1_xserver_t:x_server manage;
	485
	486	allow $2 x_rootcolormap_t:x_colormap { install uninstall };
	487
	488	# read: gnome-settings-daemon RANDR:GetScreenSizeRange
	489	# write: gnome-settings-daemon RANDR:SelectInput
	490	# setattr: gnome-settings-daemon X11:GrabKey
	491	# manage: metacity X11:ChangeWindowAttributes
	492	allow $2 x_rootwindow_t:x_drawable { read write manage setattr };
	493
	494	# setattr: metacity X11:InstallColormap
	495	allow $2 x_rootscreen_t:x_screen { saver_setattr saver_getattr setattr };
	496
	497	# xrdb X11:ChangeProperty prop=RESOURCE_MANAGER
	498	allow $2 info_xproperty_t:x_property { create write };
	499
476	500	mls_xwin_read_to_clearance($1_xserver_t)
477	501
…	…
653	677	gen_require(`
654	678	type x_rootwindow_t, x_rootcolormap_t, std_xext_t, shmem_xext_t;
655		type ~~default_~~xproperty_t, info_xproperty_t, clipboard_xproperty_t;
	679	type xproperty_t, info_xproperty_t, clipboard_xproperty_t;
656	680	type input_xevent_t, focus_xevent_t, property_xevent_t, manage_xevent_t;
657		type ~~default_~~xevent_t, client_xevent_t;
658		type clipboard_xselection_t, ~~default_~~xselection_t;
	681	type xevent_t, client_xevent_t;
	682	type clipboard_xselection_t, xselection_t;
659	683
660	684	attribute x_server_domain, x_domain;
…	…
689	713
690	714	# Types for properties
691		type $2_default_xproperty_t, xproperty_type;
	715	type $2_xproperty_t alias $2_default_xproperty_t, xproperty_type;
692	716
693	717	# Types for events
…	…
734	758	# X Properties
735	759	# can read and write client properties
736		allow $3 $2_~~default_~~xproperty_t:x_property { create destroy read write };
737		type_transition $3 ~~default_xproperty_t:x_property $2_default~~_xproperty_t;
	760	allow $3 $2_xproperty_t:x_property { create destroy read write };
	761	type_transition $3 xproperty_t:x_property $2_xproperty_t;
738	762	# can read and write cut buffers
739	763	allow $3 clipboard_xproperty_t:x_property { create read write };
…	…
768	792	type_transition $3 focus_xevent_t:x_event $2_focus_xevent_t;
769	793	type_transition $3 manage_xevent_t:x_event $2_manage_xevent_t;
770		~~type_transition $3 default_xevent_t:x_event $2_default_xevent_t;~~
771	794	type_transition $3 client_xevent_t:x_event $2_client_xevent_t;
	795	type_transition $3 xevent_t:x_event $2_default_xevent_t;
772	796	# can receive certain root window events
773	797	allow $3 focus_xevent_t:x_event receive;
…	…
785	809	allow $3 clipboard_xselection_t:x_selection { getattr setattr read };
786	810	# can query all other selections
787		allow $3 ~~default_~~xselection_t:x_selection { getattr read };
	811	allow $3 xselection_t:x_selection { getattr read };
788	812
789	813	# Other X Objects

branches/xselinux/policy/modules/services/xserver.te

r2624	r2640
50	50	type clipboard_xselection_t, xselection_type;
51	51	type debug_xext_t, xextension_type;
52		~~type default_xevent_t, xevent_type;~~
53		~~type default_xproperty_t, xproperty_type;~~
54		~~type default_xselection_t, xselection_type;~~
55	52	type disallowed_xext_t, xextension_type;
56	53	type focus_xevent_t, xevent_type;
…	…
71	68	type video_xext_t, xextension_type;
72	69	type unknown_xevent_t, xevent_type;
73		~~type unknown_xext_t, xextension_type;~~
74	70	type x_rootcolormap_t;
75	71	type x_rootscreen_t;
76	72	type x_rootwindow_t;
	73	type xevent_t alias default_xevent_t, xevent_type;
	74	type xext_t alias unknown_xext_t, xextension_type;
	75	type xproperty_t alias default_xproperty_t, xproperty_type;
	76	type xselection_t alias default_xselection_t, xselection_type;
77	77
78	78	type xauth_exec_t;

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.