Re: X avcs - Glenn Faden

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Glenn Faden <Glenn.Faden@sun.com>
To: Ted X Toth <txtoth@gmail.com>
Cc: SE Linux <selinux@tycho.nsa.gov>, Eamon Walsh <ewalsh@tycho.nsa.gov>
Subject: Re: X avcs
Date: Wed, 09 Jan 2008 09:46:50 -0800	[thread overview]
Message-ID: <4785088A.2070601@sun.com> (raw)
In-Reply-To: <4784D86C.1070503@gmail.com>

Ted X Toth wrote:
> Currently the root window drawable is labeled s0 which is system low 
> but it seems like it should be system high (s15:c0.c1023).

We treat it as system low to make screen snapshots and animations work 
properly. It also provides better integrity. Why should it be system high?

I think you want to make a distinction between the root drawable (as a 
viewable image) and as a conduit for event notification. In our 
implementation the drawable is system low, but the label for sending 
events to the root window is essentially system high. Anyone can send an 
event to the root window, but these events are only delivered to TCB 
clients. The ability to express interest in such events is restricted.

We also have a fairly complex policy on labeling the root colormap in 
which each color cell is independently labeled. This is an artifact of 
the graphics hardware we supported (8bit color maps).

>
> As for polyinstantiating properties I've been looking at dix property, 
> xace and xselinux and thinking about how it could be done. Looking at 
> property.c it seems like FindProperty would be the logical place to 
> search for properties based on name, context and probably a list of 
> singleton root window properties (as Glenn mentions). Currently 
> FindProperty doesn't use XaceHook and it is unclear whether 
> XACE_PROPERTY_ACCESS would be the right hook. Also other functions, 
> ProcGetProperty, don't use FindProperty to find properties.
> Regarding the idea of setting the context when a property is written 
> this would only be feasible when the mode was PropModeReplace. Even if 
> this were deemed a reasonable approach there'd probably still be a 
> list of singleton root window properties that writers could not change 
> the context of.
> We really need a solution to the issue of polyinstantiated properties 
> or there is no way X apps will run in MLS enforcing mode.
>
We implemented this before XACE was developed. I think a new hook is 
required.

--Glenn

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2008-01-09 17:46 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-12-26 21:01 X avcs Xavier Toth
2007-12-28 16:54 ` Xavier Toth
2007-12-28 19:34   ` Eamon Walsh
2007-12-28 21:26     ` Xavier Toth
2008-01-02 15:11       ` Xavier Toth
2008-01-02 20:11         ` Glenn Faden
2008-01-09 14:21           ` Ted X Toth
2008-01-09 17:46             ` Glenn Faden [this message]
2008-01-10 21:14               ` Eamon Walsh
2008-01-10 23:55                 ` Glenn Faden
2008-01-10 20:27           ` Eamon Walsh
2008-01-10 23:27             ` Glenn Faden
2008-01-11 14:46             ` Ted X Toth
2008-01-11 20:46               ` Glenn Faden
2008-01-11 22:37                 ` Ted X Toth
2008-01-17 22:07                 ` Eamon Walsh
2008-01-21  2:04                   ` Glenn Faden
2008-01-24  0:11                     ` Eamon Walsh
2008-01-24 15:40                       ` Xavier Toth
2008-01-29 15:48                       ` Xavier Toth
2008-01-31  2:26                         ` Eamon Walsh
2008-02-08 23:51                           ` Eamon Walsh
2008-02-13 16:52                             ` Xavier Toth
2008-02-15 14:53                             ` Xavier Toth
2008-02-15 17:18                               ` Eamon Walsh
2008-01-11 23:04               ` Eamon Walsh
2008-01-14 20:14             ` Xavier Toth
2008-01-15 22:47               ` Eamon Walsh
2008-01-16 15:41                 ` Xavier Toth
2008-01-16 16:05                   ` Xavier Toth
     [not found] <195F0BAA-7896-416C-9897-E191080161D4@nall.com>
     [not found] ` <47EC1760.7050504@tycho.nsa.gov>
     [not found]   ` <F3CB74C1-A379-4B76-A41B-E7282D0C580A@nall.com>
2008-06-30 19:38     ` Eamon Walsh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4785088A.2070601@sun.com \
    --to=glenn.faden@sun.com \
    --cc=ewalsh@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    --cc=txtoth@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.