Re: [PATCH] libselinux: add "poly_property" type to X contexts backend

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eamon Walsh <ewalsh@tycho.nsa.gov>
To: Xavier Toth <txtoth@gmail.com>
Cc: SELinux List <selinux@tycho.nsa.gov>,
	Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: [PATCH] libselinux: add "poly_property" type to X contexts backend
Date: Tue, 05 Feb 2008 22:04:45 -0500	[thread overview]
Message-ID: <47A923CD.7080607@tycho.nsa.gov> (raw)
In-Reply-To: <47A9047D.1000501@tycho.nsa.gov>

Eamon Walsh wrote:
> Xavier Toth wrote:
>   
>> I'm curious as to why you chose the route of specifying which
>> properties are polyinstantiated instead of which are not bearing in
>> mind what Glenn said in a previous post?
>>   
>>     
>
> The server will check the "property" lines first and if it doesn't find 
> a match it will check the "poly_property" lines.  So, as long as the 
> wildcard entry in the x_contexts file is changed from property to 
> poly_property, the default will be to polyinstantiate.
>
> However I wasn't planning on treating the root window any differently 
> from other windows, so this behavior would apply to all windows.
>   

Upon further consideration I think I might just add a lookup function to 
the label API that returns the polyinstantiation bit as a separate 
argument.  This could work with files too.

>
>   
>> On Feb 5, 2008 3:30 PM, Eamon Walsh <ewalsh@tycho.nsa.gov> wrote:
>>   
>>     
>>> This patch adds a poly_property type to the X contexts backend, so that
>>> the X Flask module can be informed which properties to polyinstantiate.
>>>
>>> Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
>>> ---
>>>
>>>  include/selinux/label.h |    1 +
>>>  src/label_x.c           |    2 ++
>>>  2 files changed, 3 insertions(+)
>>>
>>>
>>> Index: libselinux/include/selinux/label.h
>>> ===================================================================
>>> --- libselinux/include/selinux/label.h  (revision 2789)
>>> +++ libselinux/include/selinux/label.h  (working copy)
>>> @@ -113,6 +113,7 @@
>>>  #define SELABEL_X_CLIENT       3
>>>  #define SELABEL_X_EVENT                4
>>>  #define SELABEL_X_SELN         5
>>> +#define SELABEL_X_POLYPROP     6
>>>
>>>
>>>  #ifdef __cplusplus
>>> Index: libselinux/src/label_x.c
>>> ===================================================================
>>> --- libselinux/src/label_x.c    (revision 2789)
>>> +++ libselinux/src/label_x.c    (working copy)
>>> @@ -69,6 +69,8 @@
>>>                         data->spec_arr[data->nspec].type = SELABEL_X_EVENT;
>>>                 else if (!strcmp(type, "selection"))
>>>                         data->spec_arr[data->nspec].type = SELABEL_X_SELN;
>>> +               else if (!strcmp(type, "poly_property"))
>>> +                       data->spec_arr[data->nspec].type = SELABEL_X_POLYPROP;
>>>                 else {
>>>                         selinux_log(SELINUX_WARNING,
>>>                                     "%s:  line %d has invalid object type %s\n",
>>>
>>> --
>>> Eamon Walsh <ewalsh@tycho.nsa.gov>
>>> National Security Agency
>>>
>>>
>>> --
>>> This message was distributed to subscribers of the selinux mailing list.
>>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
>>> the words "unsubscribe selinux" without quotes as the message.
>>>
>>>     
>>>       
>>   
>>     
>
>
>   


-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2008-02-06  3:04 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-05 21:30 [PATCH] libselinux: add "poly_property" type to X contexts backend Eamon Walsh
2008-02-05 22:12 ` Xavier Toth
2008-02-06  0:51   ` Eamon Walsh
2008-02-06  3:04     ` Eamon Walsh [this message]
2008-02-06 16:03     ` Glenn Faden
2008-02-06 19:27       ` Eamon Walsh
2008-02-09  0:39         ` Ted X Toth
2008-02-13 20:06           ` Eamon Walsh
2008-02-12 17:53         ` Xavier Toth
2008-02-07 16:13 ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47A923CD.7080607@tycho.nsa.gov \
    --to=ewalsh@tycho.nsa.gov \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    --cc=txtoth@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.