config/appconfig-mcs/x_contexts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194

#
# Config file for XSELinux extension
#


#
##
### Rules for X Clients
##
#

#
# The default client rule defines a context to be used for all clients
# connecting to the server from a remote host.
#
client	*				system_u:object_r:remote_xclient_t:s0


#
##
### Rules for X Properties
##
#

#
# Property rules map a property name to a context.  A default property
# rule indicated by an asterisk should follow all other property rules.
#
# Properties that normal clients may only read
property XFree86_VT			system_u:object_r:info_xproperty_t:s0
property XFree86_DDC_EDID1_RAWDATA	system_u:object_r:info_xproperty_t:s0
property RESOURCE_MANAGER		system_u:object_r:info_xproperty_t:s0
property SCREEN_RESOURCES		system_u:object_r:info_xproperty_t:s0
property _MIT_PRIORITY_COLORS		system_u:object_r:info_xproperty_t:s0
property AT_SPI_IOR			system_u:object_r:info_xproperty_t:s0
property _SELINUX_CLIENT_CONTEXT	system_u:object_r:info_xproperty_t:s0
property _NET_WORKAREA			system_u:object_r:info_xproperty_t:s0
property _XKB_RULES_NAMES		system_u:object_r:info_xproperty_t:s0

# Clipboard and selection properties
property CUT_BUFFER0			system_u:object_r:clipboard_xproperty_t:s0
property CUT_BUFFER1			system_u:object_r:clipboard_xproperty_t:s0
property CUT_BUFFER2			system_u:object_r:clipboard_xproperty_t:s0
property CUT_BUFFER3			system_u:object_r:clipboard_xproperty_t:s0
property CUT_BUFFER4			system_u:object_r:clipboard_xproperty_t:s0
property CUT_BUFFER5			system_u:object_r:clipboard_xproperty_t:s0
property CUT_BUFFER6			system_u:object_r:clipboard_xproperty_t:s0
property CUT_BUFFER7			system_u:object_r:clipboard_xproperty_t:s0

# Default fallback type
property *	   			system_u:object_r:xproperty_t:s0


#
##
### Rules for X Extensions
##
#

#
# Extension rules map an extension name to a context.  A default extension
# rule indicated by an asterisk should follow all other extension rules.
#
# Standard extensions
extension BIG-REQUESTS			system_u:object_r:std_xext_t:s0
extension SHAPE				system_u:object_r:std_xext_t:s0
extension SYNC				system_u:object_r:std_xext_t:s0
extension XC-MISC			system_u:object_r:std_xext_t:s0
extension XFIXES			system_u:object_r:std_xext_t:s0
extension XInputExtension		system_u:object_r:std_xext_t:s0
extension XKEYBOARD			system_u:object_r:std_xext_t:s0
extension DAMAGE			system_u:object_r:std_xext_t:s0
extension RENDER			system_u:object_r:std_xext_t:s0
extension XINERAMA			system_u:object_r:std_xext_t:s0

# Direct hardware access extensions
extension XFree86-DGA			system_u:object_r:directhw_xext_t:s0
extension XFree86-VidModeExtension	system_u:object_r:directhw_xext_t:s0

# Screen management and multihead extensions
extension RANDR				system_u:object_r:output_xext_t:s0
extension Composite			system_u:object_r:output_xext_t:s0

# Screensaver, power management extensions
extension DPMS				system_u:object_r:screensaver_xext_t:s0
extension MIT-SCREEN-SAVER		system_u:object_r:screensaver_xext_t:s0

# Shared memory extensions
extension MIT-SHM			system_u:object_r:shmem_xext_t:s0
extension XFree86-Bigfont		system_u:object_r:shmem_xext_t:s0

# Accelerated graphics, OpenGL, direct rendering extensions
extension GLX				system_u:object_r:accelgraphics_xext_t:s0
extension NV-CONTROL			system_u:object_r:accelgraphics_xext_t:s0
extension NV-GLX			system_u:object_r:accelgraphics_xext_t:s0
extension NVIDIA-GLX			system_u:object_r:accelgraphics_xext_t:s0

# Debugging, testing, and recording extensions
extension RECORD			system_u:object_r:debug_xext_t:s0
extension X-Resource			system_u:object_r:debug_xext_t:s0
extension XTEST				system_u:object_r:debug_xext_t:s0

# Security-related extensions
extension SECURITY			system_u:object_r:security_xext_t:s0
extension SELinux			system_u:object_r:security_xext_t:s0
extension XAccessControlExtension	system_u:object_r:security_xext_t:s0
extension XC-APPGROUP			system_u:object_r:security_xext_t:s0

# Video extensions
extension XVideo			system_u:object_r:video_xext_t:s0
extension XVideo-MotionCompensation	system_u:object_r:video_xext_t:s0

# Default fallback type
extension *	   			system_u:object_r:xext_t:s0


#
##
### Rules for X Selections
##
#

# Selection rules map a selection name to a context.  A default selection
# rule indicated by an asterisk should follow all other selection rules.
#
# Standard selections
selection XA_PRIMARY			system_u:object_r:clipboard_xselection_t:s0
selection XA_SECONDARY			system_u:object_r:clipboard_xselection_t:s0
selection PRIMARY			system_u:object_r:clipboard_xselection_t:s0
selection CLIPBOARD			system_u:object_r:clipboard_xselection_t:s0

# Default fallback type
selection *				system_u:object_r:xselection_t:s0


#
##
### Rules for X Events
##
#

#
# Event rules map an event protocol name to a context.  A default event
# rule indicated by an asterisk should follow all other event rules.
#
# Input events
event X11:KeyPress			system_u:object_r:input_xevent_t:s0
event X11:KeyRelease			system_u:object_r:input_xevent_t:s0
event X11:ButtonPress			system_u:object_r:input_xevent_t:s0
event X11:ButtonRelease			system_u:object_r:input_xevent_t:s0
event X11:MotionNotify			system_u:object_r:input_xevent_t:s0
event X11:SelectionNotify		system_u:object_r:input_xevent_t:s0
event XInputExtension:DeviceKeyPress	system_u:object_r:input_xevent_t:s0
event XInputExtension:DeviceKeyRelease	system_u:object_r:input_xevent_t:s0
event XInputExtension:DeviceButtonPress	system_u:object_r:input_xevent_t:s0
event XInputExtension:DeviceButtonRelease	system_u:object_r:input_xevent_t:s0
event XInputExtension:DeviceMotionNotify	system_u:object_r:input_xevent_t:s0
event XInputExtension:DeviceValuator	system_u:object_r:input_xevent_t:s0
event XInputExtension:ProximityIn	system_u:object_r:input_xevent_t:s0
event XInputExtension:ProximityOut	system_u:object_r:input_xevent_t:s0

# Focus events
event X11:FocusIn			system_u:object_r:focus_xevent_t:s0
event X11:FocusOut			system_u:object_r:focus_xevent_t:s0
event X11:EnterNotify			system_u:object_r:focus_xevent_t:s0
event X11:LeaveNotify			system_u:object_r:focus_xevent_t:s0

# Property events
event X11:PropertyNotify		system_u:object_r:property_xevent_t:s0

# Client message events
event X11:ClientMessage			system_u:object_r:client_xevent_t:s0

# Manager events
event X11:ConfigureRequest		system_u:object_r:manage_xevent_t:s0
event X11:ResizeRequest			system_u:object_r:manage_xevent_t:s0
event X11:MapRequest			system_u:object_r:manage_xevent_t:s0
event X11:CirculateRequest		system_u:object_r:manage_xevent_t:s0
event X11:CreateNotify			system_u:object_r:manage_xevent_t:s0
event X11:DestroyNotify			system_u:object_r:manage_xevent_t:s0
event X11:MapNotify			system_u:object_r:manage_xevent_t:s0
event X11:UnmapNotify			system_u:object_r:manage_xevent_t:s0
event X11:ReparentNotify		system_u:object_r:manage_xevent_t:s0
event X11:ConfigureNotify		system_u:object_r:manage_xevent_t:s0
event X11:GravityNotify			system_u:object_r:manage_xevent_t:s0
event X11:CirculateNotify		system_u:object_r:manage_xevent_t:s0
event X11:Expose			system_u:object_r:manage_xevent_t:s0
event X11:VisibilityNotify		system_u:object_r:manage_xevent_t:s0

# Unknown events (that are not registered in the X server's name database)
event <unknown>				system_u:object_r:unknown_xevent_t:s0

# Default fallback type
event *					system_u:object_r:xevent_t:s0