summaryrefslogtreecommitdiff
path: root/config/appconfig-standard/x_contexts
diff options
context:
space:
mode:
authorEamon Walsh <ewalsh@tycho.nsa.gov>2009-10-13 20:49:45 -0400
committerEamon Walsh <ewalsh@tycho.nsa.gov>2009-10-13 20:49:45 -0400
commitad1235d0cb31e90f33e7afc2944030c8b96de2b2 (patch)
tree582d1093bfa1f070f13d2d1a0dc9f176d83ec22a /config/appconfig-standard/x_contexts
parent88d81eb4898404e82c8c5d42df85d05f602e9e59 (diff)
X Object manager policy revisions to x_contexts.xselinux
Many of the specific event, extension, and property types have been removed for the time being. Polyinstantiation allows selections and properties to be separated in a different way, and new X server support for labeling individual extension requests (as opposed to entire extensions) should make the extension querying problem easier to solve in the future. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Diffstat (limited to 'config/appconfig-standard/x_contexts')
-rw-r--r--config/appconfig-standard/x_contexts109
1 files changed, 10 insertions, 99 deletions
diff --git a/config/appconfig-standard/x_contexts b/config/appconfig-standard/x_contexts
index f9cefb97..5b752f85 100644
--- a/config/appconfig-standard/x_contexts
+++ b/config/appconfig-standard/x_contexts
@@ -13,7 +13,7 @@
# The default client rule defines a context to be used for all clients
# connecting to the server from a remote host.
#
-client * system_u:object_r:remote_xclient_t
+client * system_u:object_r:remote_t
#
@@ -27,25 +27,10 @@ client * system_u:object_r:remote_xclient_t
# rule indicated by an asterisk should follow all other property rules.
#
# Properties that normal clients may only read
-property XFree86_VT system_u:object_r:info_xproperty_t
-property XFree86_DDC_EDID1_RAWDATA system_u:object_r:info_xproperty_t
-property RESOURCE_MANAGER system_u:object_r:info_xproperty_t
-property SCREEN_RESOURCES system_u:object_r:info_xproperty_t
-property _MIT_PRIORITY_COLORS system_u:object_r:info_xproperty_t
-property AT_SPI_IOR system_u:object_r:info_xproperty_t
-property _SELINUX_CLIENT_CONTEXT system_u:object_r:info_xproperty_t
-property _NET_WORKAREA system_u:object_r:info_xproperty_t
-property _XKB_RULES_NAMES system_u:object_r:info_xproperty_t
+property _SELINUX_* system_u:object_r:seclabel_xproperty_t
# Clipboard and selection properties
-property CUT_BUFFER0 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER1 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER2 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER3 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER4 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER5 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER6 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER7 system_u:object_r:clipboard_xproperty_t
+property CUT_BUFFER? system_u:object_r:clipboard_xproperty_t
# Default fallback type
property * system_u:object_r:xproperty_t
@@ -61,57 +46,11 @@ property * system_u:object_r:xproperty_t
# Extension rules map an extension name to a context. A default extension
# rule indicated by an asterisk should follow all other extension rules.
#
-# Standard extensions
-extension BIG-REQUESTS system_u:object_r:std_xext_t
-extension SHAPE system_u:object_r:std_xext_t
-extension SYNC system_u:object_r:std_xext_t
-extension XC-MISC system_u:object_r:std_xext_t
-extension XFIXES system_u:object_r:std_xext_t
-extension XInputExtension system_u:object_r:std_xext_t
-extension XKEYBOARD system_u:object_r:std_xext_t
-extension DAMAGE system_u:object_r:std_xext_t
-extension RENDER system_u:object_r:std_xext_t
-extension XINERAMA system_u:object_r:std_xext_t
-
-# Direct hardware access extensions
-extension XFree86-DGA system_u:object_r:directhw_xext_t
-extension XFree86-VidModeExtension system_u:object_r:directhw_xext_t
-
-# Screen management and multihead extensions
-extension RANDR system_u:object_r:output_xext_t
-extension Composite system_u:object_r:output_xext_t
-
-# Screensaver, power management extensions
-extension DPMS system_u:object_r:screensaver_xext_t
-extension MIT-SCREEN-SAVER system_u:object_r:screensaver_xext_t
-
-# Shared memory extensions
-extension MIT-SHM system_u:object_r:shmem_xext_t
-extension XFree86-Bigfont system_u:object_r:shmem_xext_t
-
-# Accelerated graphics, OpenGL, direct rendering extensions
-extension GLX system_u:object_r:accelgraphics_xext_t
-extension NV-CONTROL system_u:object_r:accelgraphics_xext_t
-extension NV-GLX system_u:object_r:accelgraphics_xext_t
-extension NVIDIA-GLX system_u:object_r:accelgraphics_xext_t
-
-# Debugging, testing, and recording extensions
-extension RECORD system_u:object_r:debug_xext_t
-extension X-Resource system_u:object_r:debug_xext_t
-extension XTEST system_u:object_r:debug_xext_t
-
-# Security-related extensions
-extension SECURITY system_u:object_r:security_xext_t
-extension SELinux system_u:object_r:security_xext_t
-extension XAccessControlExtension system_u:object_r:security_xext_t
-extension XC-APPGROUP system_u:object_r:security_xext_t
-
-# Video extensions
-extension XVideo system_u:object_r:video_xext_t
-extension XVideo-MotionCompensation system_u:object_r:video_xext_t
+# Restricted extensions
+extension SELinux system_u:object_r:security_xextension_t
-# Default fallback type
-extension * system_u:object_r:xext_t
+# Standard extensions
+extension * system_u:object_r:xextension_t
#
@@ -124,8 +63,6 @@ extension * system_u:object_r:xext_t
# rule indicated by an asterisk should follow all other selection rules.
#
# Standard selections
-selection XA_PRIMARY system_u:object_r:clipboard_xselection_t
-selection XA_SECONDARY system_u:object_r:clipboard_xselection_t
selection PRIMARY system_u:object_r:clipboard_xselection_t
selection CLIPBOARD system_u:object_r:clipboard_xselection_t
@@ -149,7 +86,6 @@ event X11:KeyRelease system_u:object_r:input_xevent_t
event X11:ButtonPress system_u:object_r:input_xevent_t
event X11:ButtonRelease system_u:object_r:input_xevent_t
event X11:MotionNotify system_u:object_r:input_xevent_t
-event X11:SelectionNotify system_u:object_r:input_xevent_t
event XInputExtension:DeviceKeyPress system_u:object_r:input_xevent_t
event XInputExtension:DeviceKeyRelease system_u:object_r:input_xevent_t
event XInputExtension:DeviceButtonPress system_u:object_r:input_xevent_t
@@ -159,36 +95,11 @@ event XInputExtension:DeviceValuator system_u:object_r:input_xevent_t
event XInputExtension:ProximityIn system_u:object_r:input_xevent_t
event XInputExtension:ProximityOut system_u:object_r:input_xevent_t
-# Focus events
-event X11:FocusIn system_u:object_r:focus_xevent_t
-event X11:FocusOut system_u:object_r:focus_xevent_t
-event X11:EnterNotify system_u:object_r:focus_xevent_t
-event X11:LeaveNotify system_u:object_r:focus_xevent_t
-
-# Property events
-event X11:PropertyNotify system_u:object_r:property_xevent_t
-
# Client message events
event X11:ClientMessage system_u:object_r:client_xevent_t
-
-# Manager events
-event X11:ConfigureRequest system_u:object_r:manage_xevent_t
-event X11:ResizeRequest system_u:object_r:manage_xevent_t
-event X11:MapRequest system_u:object_r:manage_xevent_t
-event X11:CirculateRequest system_u:object_r:manage_xevent_t
-event X11:CreateNotify system_u:object_r:manage_xevent_t
-event X11:DestroyNotify system_u:object_r:manage_xevent_t
-event X11:MapNotify system_u:object_r:manage_xevent_t
-event X11:UnmapNotify system_u:object_r:manage_xevent_t
-event X11:ReparentNotify system_u:object_r:manage_xevent_t
-event X11:ConfigureNotify system_u:object_r:manage_xevent_t
-event X11:GravityNotify system_u:object_r:manage_xevent_t
-event X11:CirculateNotify system_u:object_r:manage_xevent_t
-event X11:Expose system_u:object_r:manage_xevent_t
-event X11:VisibilityNotify system_u:object_r:manage_xevent_t
-
-# Unknown events (that are not registered in the X server's name database)
-event <unknown> system_u:object_r:unknown_xevent_t
+event X11:SelectionNotify system_u:object_r:client_xevent_t
+event X11:UnmapNotify system_u:object_r:client_xevent_t
+event X11:ConfigureNotify system_u:object_r:client_xevent_t
# Default fallback type
event * system_u:object_r:xevent_t