diff options
author | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2011-06-22 17:00:55 -0400 |
---|---|---|
committer | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2011-06-22 17:00:55 -0400 |
commit | e2686af8d000da5e454ae60c2f9585fe8321556e (patch) | |
tree | e6e5d394b9cbf481f353275f98b4ff501eaff6d5 | |
parent | 1e0196cb57f7da49a86bb493a626e59d0a31c209 (diff) |
-rw-r--r-- | README | 5 | ||||
-rw-r--r-- | README.demo | 38 |
2 files changed, 42 insertions, 1 deletions
@@ -1 +1,4 @@ -SELinux Enhanced Selection Manager +This repo is meant to be a catch-all for client-side applications and +utilities supporting the X SELinux extension. + +See README.demo for information about the device relabeling demo. diff --git a/README.demo b/README.demo new file mode 100644 index 0000000..4c957da --- /dev/null +++ b/README.demo @@ -0,0 +1,38 @@ +The input relabeling demonstration works by dynamically setting the context +of the keyboard and mouse devices during an X session. What this does is +allow policy to be written to prevent input events from going anywhere but +a selected X application or applications while the device is in a relabeled +state. + +Keep in mind that in XSELinux, input devices are treated as SUBJECTS for +purposes of input event generation. This means that the input device security +context needs permission to "send" events. The events, in turn, are labeled +using both the type of event (typically fixed as input_xevent or the like) +and the destination window of the event. The result is that the input device +must be granted permission to "send" input events to any specific window, which +is labeled off its owning process. + +Refer to the XSELinux comprehensive review paper, available on request, for +the specifics. + +The policy/ subdirectory contains the security policy for the demo. There are +three pieces: +1. The "xserver.patch" contains modifications that need to be made to the base + policy, which is too permissive in its current form. +2. The "hapdemo" module contains three custom domains that are used to run + apps in different contexts, and three custom contexts used to label the + input device, with each device context only able to send events to the + corresponding domain's windows. +3. The "local" module contains some local modifications to support the demo, + mostly just putting certain executables in execmem context. + +The demo/ subdirectory contains supporting scripts for the demo. The xinitrc +file is used with xinit/startx to set up the demo environment. The cursoncon +app runs a dialog box that does the device relabeling. The eyes.sh runs apps +under the demo domains. Finaly, the xcowsaylogmon script monitors the log for +AVC's. + +To get this stuff working you need XCB and xpyb (the XCB python binding), +which may need to be installed from source. Right now the only interface to +the XSELinux X extension is via XCB, since no Xlib client-side support has +been written for it. |