Changeset 2710

Timestamp:

06/06/08 00:34:42 (6 months ago)

Author:

cpebenito

Message:

rbacsep: additional xserver_role pieces.

Files:

• branches/rbacsep/policy/modules/services/xserver.if (modified) (1 diff)
• branches/rbacsep/policy/modules/services/xserver.te (modified) (2 diffs)

branches/rbacsep/policy/modules/services/xserver.if

@@ -532 +532 @@
-        allow xserver_t $2:shm rw_shm_perms;
-        allow $2 xserver_t:shm rw_shm_perms;
+
+        # allow ps to show iceauth
+        ps_process_pattern($2, iceauth_t)
+        
+        domtrans_pattern($2, iceauth_exec_t, iceauth_t)
+        
+        allow $2 iceauth_home_t:file manage_file_perms;
+        allow $2 iceauth_home_t:file { relabelfrom relabelto };
+        
+        domtrans_pattern($2, xauth_exec_t, xauth_t)
+        
+        allow $2 xauth_t:process signal;
+        
+        # allow ps to show xauth
+        ps_process_pattern($2,xauth_t)
+        
+        allow $2 xauth_home_t:file manage_file_perms;
+        allow $2 xauth_home_t:file { relabelfrom relabelto };
+
-
-        ##############################

branches/rbacsep/policy/modules/services/xserver.te

@@ -169 +169 @@
-#
-
-domtrans_pattern($2, iceauth_exec_t, iceauth_t)
-
-allow iceauth_t iceauth_home_t:file manage_file_perms;
-userdom_user_home_dir_filetrans($1,iceauth_t,iceauth_home_t,file)
-
-# allow ps to show iceauth
-ps_process_pattern($2, iceauth_t)
-
-allow $2 iceauth_home_t:file manage_file_perms;
-allow $2 iceauth_home_t:file { relabelfrom relabelto };
-
-allow xdm_t iceauth_home_t:file read_file_perms;
@@ -211 +204 @@
-manage_files_pattern(xauth_t, xauth_tmp_t, xauth_tmp_t)
-files_tmp_filetrans(xauth_t, xauth_tmp_t, { file dir })
-
-domtrans_pattern($2, xauth_exec_t, xauth_t)
-
-allow $2 xauth_t:process signal;
-
-# allow ps to show xauth
-ps_process_pattern($2,xauth_t)
-
-allow $2 xauth_home_t:file manage_file_perms;
-allow $2 xauth_home_t:file { relabelfrom relabelto };
-
-allow xdm_t xauth_home_t:file manage_file_perms;