From 8a346cf07ffeaed6edb87e466d37d2c5adacbfcd Mon Sep 17 00:00:00 2001
From: Eamon Walsh <ewalsh@tycho.nsa.gov>
Date: Wed, 22 Jun 2011 16:25:35 -0400
Subject: Add scripts and .xinitrc from X policy demo.

---
 demo/cursorcon.py     | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++
 demo/eyes.sh          |  6 ++++
 demo/xcowsaylogmon.pl | 36 ++++++++++++++++++++
 demo/xinitrc          | 20 +++++++++++
 4 files changed, 156 insertions(+)
 create mode 100755 demo/cursorcon.py
 create mode 100755 demo/eyes.sh
 create mode 100755 demo/xcowsaylogmon.pl
 create mode 100755 demo/xinitrc

diff --git a/demo/cursorcon.py b/demo/cursorcon.py
new file mode 100755
index 0000000..98ec08d
--- /dev/null
+++ b/demo/cursorcon.py
@@ -0,0 +1,94 @@
+#!/usr/bin/env python
+
+# example helloworld.py
+
+import xcb
+import xcb.xproto
+import xcb.xselinux
+
+import pygtk
+pygtk.require('2.0')
+import gtk
+
+class CursorControl:
+
+    def delete_event(self, widget, event, data=None):
+        gtk.main_quit()
+        return False
+
+    def destroy(self, widget, data=None):
+        gtk.main_quit()
+
+    def error_dialog(self, msg):
+        dialog = gtk.MessageDialog(self.window,
+                                   gtk.DIALOG_MODAL | gtk.DIALOG_DESTROY_WITH_PARENT,
+                                   gtk.MESSAGE_ERROR,
+                                   gtk.BUTTONS_OK,
+                                   msg)
+        dialog.show()
+        dialog.run()
+        dialog.destroy()
+
+    def relabel(self, devid, ctx):
+        cookie = self.conn.selinux.SetDeviceContextChecked(devid, len(ctx), ctx)
+        try:
+            cookie.check()
+        except xcb.ProtocolException, error:
+            self.error_dialog("Failed to relabel device to %s:\n%s" % (ctx, error.__class__.__name__))
+        except:
+            self.error_dialog("Failed to relabel device to %s:\nUnexpected error" % ctx)
+
+    def clicked(self, widget, label):
+        if widget.get_active():
+            if label == "Master":
+                self.relabel(2, "staff_u:staff_r:xserver_t:s0-s0:c0.c1023")
+                self.relabel(3, "staff_u:staff_r:xserver_t:s0-s0:c0.c1023")
+            elif label == "High":
+                self.relabel(2, "staff_u:staff_r:high_xdevice_t:s0-s0:c0.c1023")
+                self.relabel(3, "staff_u:staff_r:high_xdevice_t:s0-s0:c0.c1023")
+            elif label == "Medium":
+                self.relabel(2, "staff_u:staff_r:med_xdevice_t:s0-s0:c0.c1023")
+                self.relabel(3, "staff_u:staff_r:med_xdevice_t:s0-s0:c0.c1023")
+            elif label == "Low":
+                self.relabel(2, "staff_u:staff_r:low_xdevice_t:s0-s0:c0.c1023")
+                self.relabel(3, "staff_u:staff_r:low_xdevice_t:s0-s0:c0.c1023")
+
+    def __init__(self):
+        self.window = gtk.Window(gtk.WINDOW_TOPLEVEL)
+        self.vbox = gtk.VBox()
+        self.window.add(self.vbox)
+
+        self.window.connect("delete_event", self.delete_event)
+        self.window.connect("destroy", self.destroy)
+        self.window.set_border_width(10)
+
+        # Set up XCB
+        self.conn = xcb.connect()
+        self.conn.selinux = self.conn(xcb.xselinux.key)
+
+        # Set up radio buttons
+        radio = gtk.RadioButton(label="Master")
+        group = radio
+        radio.connect("clicked", self.clicked, "Master")
+        self.vbox.pack_start(radio)
+
+        radio = gtk.RadioButton(group=group, label="High")
+        radio.connect("clicked", self.clicked, "High")
+        self.vbox.pack_start(radio)
+
+        radio = gtk.RadioButton(group=group, label="Medium")
+        radio.connect("clicked", self.clicked, "Medium")
+        self.vbox.pack_start(radio)
+
+        radio = gtk.RadioButton(group=group, label="Low")
+        radio.connect("clicked", self.clicked, "Low")
+        self.vbox.pack_start(radio)
+    
+        self.window.show_all()
+
+    def main(self):
+        gtk.main()
+
+if __name__ == "__main__":
+    control = CursorControl()
+    control.main()
diff --git a/demo/eyes.sh b/demo/eyes.sh
new file mode 100755
index 0000000..dd8e2d3
--- /dev/null
+++ b/demo/eyes.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+xeyes -geometry 300x200 &
+lowvm xeyes -geometry 300x200 &
+medvm xeyes -geometry 300x200 &
+highvm xeyes -geometry 300x200 &
diff --git a/demo/xcowsaylogmon.pl b/demo/xcowsaylogmon.pl
new file mode 100755
index 0000000..c4d5ab5
--- /dev/null
+++ b/demo/xcowsaylogmon.pl
@@ -0,0 +1,36 @@
+#!/usr/bin/perl
+
+use warnings;
+use strict;
+
+my $dispnum = "0";
+$dispnum = $1 if $ENV{'DISPLAY'} =~ /(\d+)/;
+
+my $logfile = "/var/log/Xorg.$dispnum.log";
+my $program = '/usr/bin/fold -s -w 60 | /usr/bin/xcowsay -t 1';
+#my $program = '/bin/cat';
+my $sleeptime = 1;
+
+my %msghash;
+my $hash;
+
+open(FH, '<', $logfile) or die "Failed to open log file for reading: $!\n";
+
+for (;;) {
+    while(<FH>) {
+	next unless /avc:\s+/;
+	($hash = $_) =~ s/ for .*?scontext=//;
+	$hash =~ s/^\[.*?\]//;
+	next if exists($msghash{$hash});
+
+	open(PH, '|-', $program) or die "Failed to open pipe: $!\n";
+	print PH $_;
+	close(PH);
+
+	$msghash{$hash} = 1;
+    }
+    sleep($sleeptime);
+    seek(FH, 0, 1);
+#    %msghash = ();
+}
+close(FH);
diff --git a/demo/xinitrc b/demo/xinitrc
new file mode 100755
index 0000000..0ebcabc
--- /dev/null
+++ b/demo/xinitrc
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+eval `ssh-agent`
+
+# Run window manager
+#gtk-window-decorator &
+#sleep 1
+#compiz &
+metacity &
+
+# Run log monitor to watch for AVC's
+sleep 1
+newrole -r unconfined_r -- -c ~/bin/xcowsaylogmon &
+
+# Run desktop apps
+gnome-terminal &
+~/bin/cursorcon.py &
+
+# Run logout program
+exec ~/bin/logbutton
-- 
cgit v1.2.3