Re: X in MLS enforcing problem

[Eamon Walsh <ewalsh@tycho.nsa.gov>]

Ted X Toth wrote:
> If I were to do this I'd use either SetSelectionCreateContext or 
> SetSelectionUseContext, could you explain the difference between them 
> and which I should use?
>   
>

SetSelectionCreateContext is for setting the context on the clipboard 
_data_.  This is how an SELinux-aware application could specify what 
type of data the user has made available for pasting.  The 
"x_application_data" security class represents the "object" labeled by 
this context, and the selection manager is responsible for checking 
permission on it.  The X server doesn't perform any checks on this 
context.  See earlier message [1].

SetSelectionUseContext is for setting the context of the selection 
object itself.  It was intended to be used by a selection manager that 
supports polyinstantiation.  It sets the context of the selection object 
that the client wants to "use".  So for example if there are three 
PRIMARY selections labeled foo_t, bar_t, and baz_t the selection manager 
can choose the one to operate on using SetSelectionUseContext.

In the non-polyinstantiated case, SetSelectionUseContext can be used to 
override the value from x_contexts and set the label on the one object 
that will be seen by everyone (which is what we want to do with 
dbus_launch).  This only works if the selection doesn't already exist 
because there's currently no way to change the label on an existing object.

So in summary:

Clipboard data - x_application_data object class
SetSelectionCreateContext / GetSelectionDataContext
checked by selection manager

Clipboard object - x_selection object class
SetSelectionUseContext / GetSelectionContext
checked by X server


One more note: the clipboard data context currently defaults to the 
selection's context (e.g. clipboard_xselection_t), but I think it might 
be more logical to default it to the client program's context (user_t).  
This would require a change to the X server.

[1] http://marc.info/?l=selinux&m=120701081703490&w=2

-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.