Changeset 2655
- Timestamp:
- 04/01/08 15:23:23 (8 months ago)
- Files:
-
- trunk/Changelog (modified) (1 diff)
- trunk/Makefile (modified) (1 diff)
- trunk/config/appconfig-mcs/x_contexts (added)
- trunk/config/appconfig-mls/x_contexts (added)
- trunk/config/appconfig-standard/x_contexts (added)
- trunk/policy/flask/access_vectors (modified) (2 diffs)
- trunk/policy/flask/security_classes (modified) (2 diffs)
- trunk/policy/mls (modified) (7 diffs)
- trunk/policy/modules/apps/ethereal.if (modified) (1 diff)
- trunk/policy/modules/apps/ethereal.te (modified) (1 diff)
- trunk/policy/modules/apps/evolution.if (modified) (4 diffs)
- trunk/policy/modules/apps/evolution.te (modified) (1 diff)
- trunk/policy/modules/apps/games.if (modified) (1 diff)
- trunk/policy/modules/apps/games.te (modified) (1 diff)
- trunk/policy/modules/apps/gift.if (modified) (1 diff)
- trunk/policy/modules/apps/gift.te (modified) (1 diff)
- trunk/policy/modules/apps/java.if (modified) (1 diff)
- trunk/policy/modules/apps/java.te (modified) (1 diff)
- trunk/policy/modules/apps/mozilla.if (modified) (1 diff)
- trunk/policy/modules/apps/mozilla.te (modified) (1 diff)
- trunk/policy/modules/apps/mplayer.if (modified) (1 diff)
- trunk/policy/modules/apps/mplayer.te (modified) (1 diff)
- trunk/policy/modules/apps/thunderbird.if (modified) (1 diff)
- trunk/policy/modules/apps/thunderbird.te (modified) (1 diff)
- trunk/policy/modules/apps/tvtime.if (modified) (1 diff)
- trunk/policy/modules/apps/tvtime.te (modified) (1 diff)
- trunk/policy/modules/apps/vmware.if (modified) (1 diff)
- trunk/policy/modules/apps/vmware.te (modified) (1 diff)
- trunk/policy/modules/kernel/mls.if (modified) (2 diffs)
- trunk/policy/modules/kernel/mls.te (modified) (1 diff)
- trunk/policy/modules/services/bluetooth.if (modified) (1 diff)
- trunk/policy/modules/services/bluetooth.te (modified) (1 diff)
- trunk/policy/modules/services/ssh.if (modified) (1 diff)
- trunk/policy/modules/services/ssh.te (modified) (1 diff)
- trunk/policy/modules/services/xserver.fc (modified) (2 diffs)
- trunk/policy/modules/services/xserver.if (modified) (11 diffs)
- trunk/policy/modules/services/xserver.te (modified) (6 diffs)
- trunk/policy/modules/system/unconfined.if (modified) (1 diff)
- trunk/policy/modules/system/unconfined.te (modified) (1 diff)
- trunk/support/selinux-policy-refpolicy.spec (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/Changelog
r2649 r2655 1 - Add core Security Enhanced X Windows support. 1 2 - Fix winbind socket connection interface for default location of the 2 3 sock_file. trunk/Makefile
r2632 r2655 237 237 user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts) 238 238 user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts)))) 239 appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types securetty_types) $(contextpath)/files/media $(user_default_contexts_names)239 appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types) $(contextpath)/files/media $(user_default_contexts_names) 240 240 net_contexts := $(builddir)net_contexts 241 241 trunk/policy/flask/access_vectors
r2631 r2655 417 417 # SE-X Windows stuff 418 418 # 419 class drawable419 class x_drawable 420 420 { 421 421 create 422 422 destroy 423 draw 424 copy 425 getattr 426 } 427 428 class gc 429 { 430 create 431 free 432 getattr 433 setattr 434 } 435 436 class window 437 { 438 addchild 423 read 424 write 425 blend 426 getattr 427 setattr 428 list_child 429 add_child 430 remove_child 431 list_property 432 get_property 433 set_property 434 manage 435 override 436 show 437 hide 438 send 439 receive 440 } 441 442 class x_screen 443 { 444 getattr 445 setattr 446 hide_cursor 447 show_cursor 448 saver_getattr 449 saver_setattr 450 saver_hide 451 saver_show 452 } 453 454 class x_gc 455 { 439 456 create 440 457 destroy 441 map 442 unmap 443 chstack 444 chproplist 445 chprop 446 listprop 447 getattr 448 setattr 449 setfocus 450 move 451 chselection 452 chparent 453 ctrllife 454 enumerate 455 transparent 456 mousemotion 457 clientcomevent 458 inputevent 459 drawevent 460 windowchangeevent 461 windowchangerequest 462 serverchangeevent 463 extensionevent 464 } 465 466 class font 467 { 468 load 469 free 470 getattr 471 use 472 } 473 474 class colormap 475 { 476 create 477 free 458 getattr 459 setattr 460 use 461 } 462 463 class x_font 464 { 465 create 466 destroy 467 getattr 468 add_glyph 469 remove_glyph 470 use 471 } 472 473 class x_colormap 474 { 475 create 476 destroy 477 read 478 write 479 getattr 480 add_color 481 remove_color 478 482 install 479 483 uninstall 480 list 481 read 482 store 483 getattr 484 setattr 485 } 486 487 class property 488 { 489 create 490 free 491 read 492 write 493 } 494 495 class cursor 496 { 497 create 498 createglyph 499 free 500 assign 501 setattr 502 } 503 504 class xclient 505 { 506 kill 507 } 508 509 class xinput 510 { 511 lookup 512 getattr 513 setattr 484 use 485 } 486 487 class x_property 488 { 489 create 490 destroy 491 read 492 write 493 append 494 getattr 495 setattr 496 } 497 498 class x_selection 499 { 500 read 501 write 502 getattr 503 setattr 504 } 505 506 class x_cursor 507 { 508 create 509 destroy 510 read 511 write 512 getattr 513 setattr 514 use 515 } 516 517 class x_client 518 { 519 destroy 520 getattr 521 setattr 522 manage 523 } 524 525 class x_device 526 { 527 getattr 528 setattr 529 use 530 read 531 write 532 getfocus 514 533 setfocus 515 warppointer516 activegrab517 passivegrab518 ungrab519 534 bell 520 mousemotion 521 relabelinput 522 } 523 524 class xserver 525 { 526 screensaver 527 gethostlist 528 sethostlist 529 getfontpath 530 setfontpath 531 getattr 535 force_cursor 536 freeze 532 537 grab 533 ungrab 534 } 535 536 class xextension 538 manage 539 } 540 541 class x_server 542 { 543 getattr 544 setattr 545 record 546 debug 547 grab 548 manage 549 } 550 551 class x_extension 537 552 { 538 553 query … … 540 555 } 541 556 542 # 543 # Define the access vector interpretation for controlling 544 # PaX flags 545 # 546 class pax 547 { 548 pageexec # Paging based non-executable pages 549 emutramp # Emulate trampolines 550 mprotect # Restrict mprotect() 551 randmmap # Randomize mmap() base 552 randexec # Randomize ET_EXEC base 553 segmexec # Segmentation based non-executable pages 557 class x_resource 558 { 559 read 560 write 561 } 562 563 class x_event 564 { 565 send 566 receive 567 } 568 569 class x_synthetic_event 570 { 571 send 572 receive 554 573 } 555 574 trunk/policy/flask/security_classes
r2596 r2655 51 51 class passwd # userspace 52 52 53 # SE-X Windows stuff 54 class drawable # userspace 55 class window # userspace 56 class gc # userspace 57 class font # userspace 58 class colormap # userspace 59 class property # userspace 60 class cursor # userspace 61 class xclient # userspace 62 class xinput # userspace 63 class xserver # userspace 64 class xextension # userspace 65 66 # pax flags; deprecated--can be reclaimed 67 class pax # userspace 53 # SE-X Windows stuff (more classes below) 54 class x_drawable # userspace 55 class x_screen # userspace 56 class x_gc # userspace 57 class x_font # userspace 58 class x_colormap # userspace 59 class x_property # userspace 60 class x_selection # userspace 61 class x_cursor # userspace 62 class x_client # userspace 63 class x_device # userspace 64 class x_server # userspace 65 class x_extension # userspace 68 66 69 67 # extended netlink sockets … … 113 111 class capability2 114 112 113 # More SE-X Windows stuff 114 class x_resource # userspace 115 class x_event # userspace 116 class x_synthetic_event # userspace 117 115 118 # FLASK trunk/policy/mls
r2570 r2655 372 372 373 373 # 374 # MLS policy for the drawable class 375 # 376 377 # the drawable "read" ops (implicit single level) 378 mlsconstrain drawable { getattr copy } 379 (( l1 dom l2 ) or 380 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or 381 ( t1 == mlsxwinread )); 382 383 # the drawable "write" ops (implicit single level) 384 mlsconstrain drawable { create destroy draw copy } 385 (( l1 eq l2 ) or 386 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or 387 ( t1 == mlsxwinwrite )); 388 389 390 391 392 # 393 # MLS policy for the gc class 394 # 395 396 # the gc "read" ops (implicit single level) 397 mlsconstrain gc getattr 398 (( l1 dom l2 ) or 399 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or 400 ( t1 == mlsxwinread )); 401 402 # the gc "write" ops (implicit single level) 403 mlsconstrain gc { create free setattr } 404 (( l1 eq l2 ) or 405 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or 406 ( t1 == mlsxwinwrite )); 407 408 409 410 411 # 412 # MLS policy for the window class 413 # 414 415 # the window "read" ops (implicit single level) 416 mlsconstrain window { listprop getattr enumerate mousemotion inputevent drawevent windowchangeevent windowchangerequest serverchangeevent extensionevent } 417 (( l1 dom l2 ) or 418 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or 419 ( t1 == mlsxwinread )); 420 421 # the window "write" ops (implicit single level) 422 mlsconstrain window { addchild create destroy chstack chproplist chprop setattr setfocus move chselection chparent ctrllife transparent clientcomevent } 423 (( l1 eq l2 ) or 424 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or 425 ( t1 == mlsxwinwrite ) or 426 ( t2 == mlstrustedobject )); 427 428 # these access vectors have no MLS restrictions 429 # window { map unmap } 430 431 432 433 434 # 435 # MLS policy for the font class 436 # 437 438 # the font "read" ops (implicit single level) 439 mlsconstrain font { load getattr } 440 (( l1 dom l2 ) or 441 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or 442 ( t1 == mlsxwinread )); 443 444 # the font "write" ops (implicit single level) 445 mlsconstrain font free 374 # MLS policy for the x_drawable class 375 # 376 377 # the x_drawable "read" ops (implicit single level) 378 mlsconstrain x_drawable { read blend getattr list_child list_property get_property receive } 379 (( l1 dom l2 ) or 380 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or 381 ( t1 == mlsxwinread )); 382 383 # the x_drawable "write" ops (implicit single level) 384 mlsconstrain x_drawable { create destroy write setattr add_child remove_child send manage } 385 (( l1 eq l2 ) or 386 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or 387 ( t1 == mlsxwinwrite )); 388 389 # No MLS restrictions: x_drawable { show hide override } 390 391 392 # 393 # MLS policy for the x_gc class 394 # 395 396 # the x_gc "read" ops (implicit single level) 397 mlsconstrain x_gc { getattr use } 398 (( l1 dom l2 ) or 399 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or 400 ( t1 == mlsxwinread )); 401 402 # the x_gc "write" ops (implicit single level) 403 mlsconstrain x_gc { create destroy setattr } 404 (( l1 eq l2 ) or 405 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or 406 ( t1 == mlsxwinwrite )); 407 408 409 # 410 # MLS policy for the x_font class 411 # 412 413 # the x_font "read" ops (implicit single level) 414 mlsconstrain x_font { use } 415 (( l1 dom l2 ) or 416 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or 417 ( t1 == mlsxwinread )); 418 419 # the x_font "write" ops (implicit single level) 420 mlsconstrain x_font { create destroy add_glyph remove_glyph } 446 421 (( l1 eq l2 ) or 447 422 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or … … 452 427 453 428 454 455 456 # 457 # MLS policy for the colormap class 458 # 459 460 # the colormap "read" ops (implicit single level) 461 mlsconstrain colormap { list read getattr } 429 # 430 # MLS policy for the x_colormap class 431 # 432 433 # the x_colormap "read" ops (implicit single level) 434 mlsconstrain x_colormap { read getattr use } 462 435 (( l1 dom l2 ) or 463 436 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or … … 465 438 ( t1 == mlsxwinread )); 466 439 467 # the colormap "write" ops (implicit single level)468 mlsconstrain colormap { create free install uninstall store setattr}440 # the x_colormap "write" ops (implicit single level) 441 mlsconstrain x_colormap { create destroy write add_color remove_color install uninstall } 469 442 (( l1 eq l2 ) or 470 443 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or … … 473 446 474 447 475 476 477 # 478 # MLS policy for the property class 479 # 480 481 # the property "read" ops (implicit single level) 482 mlsconstrain property { read } 448 # 449 # MLS policy for the x_property class 450 # 451 452 # the x_property "read" ops (implicit single level) 453 mlsconstrain x_property { read getattr } 483 454 (( l1 dom l2 ) or 484 455 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or … … 486 457 ( t1 == mlsxwinread )); 487 458 488 # the property "write" ops (implicit single level)489 mlsconstrain property { create free write}459 # the x_property "write" ops (implicit single level) 460 mlsconstrain x_property { create destroy write append setattr } 490 461 (( l1 eq l2 ) or 491 462 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or … … 494 465 495 466 496 497 498 # 499 # MLS policy for the cursor class 500 # 501 502 # the cursor "write" ops (implicit single level) 503 mlsconstrain cursor { create createglyph free assign setattr } 504 (( l1 eq l2 ) or 505 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or 506 ( t1 == mlsxwinwrite )); 507 508 509 510 511 # 512 # MLS policy for the xclient class 513 # 514 515 # the xclient "write" ops (implicit single level) 516 mlsconstrain xclient kill 517 (( l1 eq l2 ) or 518 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or 519 ( t1 == mlsxwinwrite )); 520 521 522 523 524 # 525 # MLS policy for the xinput class 526 # 527 528 # these access vectors have no MLS restrictions 529 # xinput ~{ relabelinput setattr } 530 531 # the xinput "write" ops (implicit single level) 532 mlsconstrain xinput { setattr relabelinput } 467 # 468 # MLS policy for the x_cursor class 469 # 470 471 # the x_cursor "read" ops (implicit single level) 472 mlsconstrain x_cursor { read getattr use } 473 (( l1 dom l2 ) or 474 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or 475 ( t1 == mlsxwinread )); 476 477 # the x_cursor "write" ops (implicit single level) 478 mlsconstrain x_cursor { create destroy write setattr } 479 (( l1 eq l2 ) or 480 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or 481 ( t1 == mlsxwinwrite )); 482 483 484 # 485 # MLS policy for the x_client class 486 # 487 488 # the x_client "read" ops (implicit single level) 489 mlsconstrain x_client { getattr } 490 (( l1 dom l2 ) or 491 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or 492 ( t1 == mlsxwinread )); 493 494 # the x_client "write" ops (implicit single level) 495 mlsconstrain x_client { destroy setattr manage } 496 (( l1 eq l2 ) or 497 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or 498 ( t1 == mlsxwinwrite )); 499 500 501 # 502 # MLS policy for the x_device class 503 # 504 505 # the x_device "read" ops (implicit single level) 506 mlsconstrain x_device { getattr use read getfocus grab } 507 (( l1 dom l2 ) or 508 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or 509 ( t1 == mlsxwinread )); 510 511 # the x_device "write" ops (implicit single level) 512 mlsconstrain x_device { setattr write setfocus bell force_cursor freeze manage } 533 513 (( l1 eq l2 ) or 534 514 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or … … 537 517 538 518 539 540 541 # 542 # MLS policy for the xserver class 543 # 544 545 # these access vectors have no MLS restrictions 546 # xserver * 547 548 549 550 551 # 552 # MLS policy for the xextension class 553 # 554 555 # these access vectors have no MLS restrictions 556 # xextension { query use } 519 # 520 # MLS policy for the x_server class 521 # 522 523 # these access vectors have no MLS restrictions 524 # x_server * 525 526 527 # 528 # MLS policy for the x_extension class 529 # 530 531 # these access vectors have no MLS restrictions 532 # x_extension { query use } 533 534 535 # 536 # MLS policy for the x_resource class 537 # 538 539 # the x_resource "read" ops (implicit single level) 540 mlsconstrain x_resource { read } 541 (( l1 dom l2 ) or 542 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or 543 ( t1 == mlsxwinread )); 544 545 # the x_resource "write" ops (implicit single level) 546 mlsconstrain x_resource { write } 547 (( l1 eq l2 ) or 548 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or 549 ( t1 == mlsxwinwritexinput ) or 550 ( t1 == mlsxwinwrite )); 551 552 553 # 554 # MLS policy for the x_event class 555 # 556 557 # the x_event "read" ops (implicit single level) 558 mlsconstrain x_event { receive } 559 (( l1 dom l2 ) or 560 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or 561 ( t1 == mlsxwinread )); 562 563 # the x_event "write" ops (implicit single level) 564 mlsconstrain x_event { send } 565 (( l1 eq l2 ) or 566 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or 567 ( t1 == mlsxwinwritexinput ) or 568 ( t1 == mlsxwinwrite )); 569 557 570 558 571 trunk/policy/modules/apps/ethereal.if
r2372 r2655 160 160 161 161 optional_policy(` 162 xserver_user_ client_template($1,$1_ethereal_t,$1_ethereal_tmpfs_t)162 xserver_user_x_domain_template($1,$1_ethereal,$1_ethereal_t,$1_ethereal_tmpfs_t) 163 163 xserver_create_xdm_tmp_sockets($1_ethereal_t) 164 164 ') trunk/policy/modules/apps/ethereal.te
r2553 r2655 1 1 2 policy_module(ethereal,1.4. 0)2 policy_module(ethereal,1.4.1) 3 3 4 4 ######################################## trunk/policy/modules/apps/evolution.if
r2474 r2655 248 248 mta_read_config($1_evolution_t) 249 249 250 xserver_user_ client_template($1,$1_evolution_t,$1_evolution_tmpfs_t)250 xserver_user_x_domain_template($1,$1_evolution,$1_evolution_t,$1_evolution_tmpfs_t) 251 251 xserver_read_xdm_tmp_files($1_evolution_t) 252 252 … … 514 514 userdom_dontaudit_read_user_home_content_files($1,$1_evolution_alarm_t) 515 515 516 xserver_user_ client_template($1,$1_evolution_alarm_t,$1_evolution_alarm_tmpfs_t)516 xserver_user_x_domain_template($1,$1_evolution_alarm,$1_evolution_alarm_t,$1_evolution_alarm_tmpfs_t) 517 517 518 518 # Access evolution home … … 616 616 userdom_dontaudit_read_user_home_content_files($1,$1_evolution_exchange_t) 617 617 618 xserver_user_ client_template($1,$1_evolution_exchange_t,$1_evolution_exchange_tmpfs_t)618 xserver_user_x_domain_template($1,$1_evolution_exchange,$1_evolution_exchange_t,$1_evolution_exchange_tmpfs_t) 619 619 620 620 # Access evolution home … … 777 777 userdom_dontaudit_read_user_home_content_files($1,$1_evolution_webcal_t) 778 778 779 xserver_user_ client_template($1,$1_evolution_webcal_t,$1_evolution_webcal_tmpfs_t)779 xserver_user_x_domain_template($1,$1_evolution_webcal,$1_evolution_webcal_t,$1_evolution_webcal_tmpfs_t) 780 780 781 781 optional_policy(` trunk/policy/modules/apps/evolution.te
r2553 r2655 1 1 2 policy_module(evolution,1.5. 0)2 policy_module(evolution,1.5.1) 3 3 4 4 ######################################## trunk/policy/modules/apps/games.if
r2449 r2655 147 147 148 148 optional_policy(` 149 xserver_user_ client_template($1,$1_games_t,$1_games_tmpfs_t)149 xserver_user_x_domain_template($1,$1_games,$1_games_t,$1_games_tmpfs_t) 150 150 xserver_create_xdm_tmp_sockets($1_games_t) 151 151 xserver_read_xdm_lib_files($1_games_t) trunk/policy/modules/apps/games.te
r2553 r2655 1 1 2 policy_module(games,1.5. 0)2 policy_module(games,1.5.1) 3 3 4 4 ######################################## trunk/policy/modules/apps/gift.if
r2372 r2655 131 131 132 132 optional_policy(` 133 xserver_user_ client_template($1,$1_gift_t,$1_gift_tmpfs_t)133 xserver_user_x_domain_template($1,$1_gift,$1_gift_t,$1_gift_tmpfs_t) 134 134 ') 135 135 trunk/policy/modules/apps/gift.te
r2553 r2655 1 1 2 policy_module(gift,1.3. 0)2 policy_module(gift,1.3.1) 3 3 4 4 ######################################## trunk/policy/modules/apps/java.if
r2437 r2655 165 165 166 166 optional_policy(` 167 xserver_user_ client_template($1,$1_javaplugin_t,$1_javaplugin_tmpfs_t)167 xserver_user_x_domain_template($1,$1_javaplugin,$1_javaplugin_t,$1_javaplugin_tmpfs_t) 168 168 ') 169 169 ') trunk/policy/modules/apps/java.te
r2553 r2655 1 1 2 policy_module(java,1.7. 0)2 policy_module(java,1.7.1) 3 3 4 4 ######################################## trunk/policy/modules/apps/mozilla.if
r2474 r2655 192 192 userdom_manage_user_tmp_sockets($1,$1_mozilla_t) 193 193 194 xserver_user_ client_template($1,$1_mozilla_t,$1_mozilla_tmpfs_t)194 xserver_user_x_domain_template($1,$1_mozilla,$1_mozilla_t,$1_mozilla_tmpfs_t) 195 195 xserver_dontaudit_read_xdm_tmp_files($1_mozilla_t) 196 196 xserver_dontaudit_getattr_xdm_tmp_sockets($1_mozilla_t) trunk/policy/modules/apps/mozilla.te
r2553 r2655 1 1 2 policy_module(mozilla,1.5. 0)2 policy_module(mozilla,1.5.1) 3 3 4 4 ######################################## trunk/policy/modules/apps/mplayer.if
r2372 r2655 343 343 userdom_read_user_home_content_symlinks($1,$1_mplayer_t) 344 344 345 xserver_user_ client_template($1,$1_mplayer_t,$1_mplayer_tmpfs_t)345 xserver_user_x_domain_template($1,$1_mplayer,$1_mplayer_t,$1_mplayer_tmpfs_t) 346 346 347 347 # Read songs trunk/policy/modules/apps/mplayer.te
r2553 r2655 1 1 2 policy_module(mplayer,1.4. 0)2 policy_module(mplayer,1.4.1) 3 3 4 4 ######################################## trunk/policy/modules/apps/thunderbird.if
r2543 r2655 161 161 userdom_read_user_home_content_files($1,$1_thunderbird_t) 162 162 163 xserver_user_ client_template($1,$1_thunderbird_t,$1_thunderbird_tmpfs_t)163 xserver_user_x_domain_template($1,$1_thunderbird,$1_thunderbird_t,$1_thunderbird_tmpfs_t) 164 164 xserver_read_xdm_tmp_files($1_thunderbird_t) 165 165 xserver_dontaudit_getattr_xdm_tmp_sockets($1_thunderbird_t) trunk/policy/modules/apps/thunderbird.te
r2553 r2655 1 1 2 policy_module(thunderbird,1.5. 0)2 policy_module(thunderbird,1.5.1) 3 3 4 4 ######################################## trunk/policy/modules/apps/tvtime.if
r2372 r2655 135 135 136 136 optional_policy(` 137 xserver_user_ client_template($1,$1_tvtime_t,$1_tvtime_tmpfs_t)137 xserver_user_x_domain_template($1,$1_tvtime,$1_tvtime_t,$1_tvtime_tmpfs_t) 138 138 ') 139 139 ') trunk/policy/modules/apps/tvtime.te
r2431 r2655 1 1 2 policy_module(tvtime,1.3. 0)2 policy_module(tvtime,1.3.1) 3 3 4 4 ######################################## trunk/policy/modules/apps/vmware.if
r2181 r2655 165 165 sysnet_read_config($1_vmware_t) 166 166 167 xserver_user_ client_template($1,$1_vmware_t,$1_vmware_tmpfs_t)167 xserver_user_x_domain_template($1,$1_vmware,$1_vmware_t,$1_vmware_tmpfs_t) 168 168 ') 169 169 trunk/policy/modules/apps/vmware.te
r2553 r2655 1 1 2 policy_module(vmware,1.4. 0)2 policy_module(vmware,1.4.1) 3 3 4 4 ######################################## trunk/policy/modules/kernel/mls.if
r2570 r2655 613 613 ## <summary> 614 614 ## Make specified domain MLS trusted 615 ## for reading from X objects up to its clearance. 616 ## </summary> 617 ## <param name="domain"> 618 ## <summary> 619 ## Domain allowed access. 620 ## </summary> 621 ## </param> 622 ## <rolecap/> 623 # 624 interface(`mls_xwin_read_to_clearance',` 625 gen_require(` 626 attribute mlsxwinreadtoclr; 627 ') 628 629 typeattribute $1 mlsxwinreadtoclr; 630 ') 631 632 ######################################## 633 ## <summary> 634 ## Make specified domain MLS trusted 615 635 ## for reading from X objects at any level. 616 636 ## </summary> … … 628 648 629 649 typeattribute $1 mlsxwinread; 650 ') 651 652 ######################################## 653 ## <summary> 654 ## Make specified domain MLS trusted 655 ## for write to X objects up to its clearance. 656 ## </summary> 657 ## <param name="domain"> 658 ## <summary> 659 ## Domain allowed access. 660 ## </summary> 661 ## </param> 662 ## <rolecap/> 663 # 664 interface(`mls_xwin_write_to_clearance',` 665 gen_require(` 666 attribute mlsxwinwritetoclr; 667 ') 668 669 typeattribute $1 mlsxwinwritetoclr; 630 670 ') 631 671 trunk/policy/modules/kernel/mls.te
r2570 r2655 1 1 2 policy_module(mls,1.6. 1)2 policy_module(mls,1.6.2) 3 3 4 4 ######################################## trunk/policy/modules/services/bluetooth.if
r2474 r2655 108 108 109 109 optional_policy(` 110 xserver_user_ client_template($1, $1_bluetooth_t, $1_bluetooth_tmpfs_t)110 xserver_user_x_domain_template($1, $1_bluetooth, $1_bluetooth_t, $1_bluetooth_tmpfs_t) 111 111 ') 112 112 ') trunk/policy/modules/services/bluetooth.te
r2553 r2655 1 1 2 policy_module(bluetooth,2.0. 0)2 policy_module(bluetooth,2.0.1) 3 3 4 4 ######################################## trunk/policy/modu