From: ewalsh@tycho.nsa.gov (Eamon Walsh)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH 3/3] X Object manager policy revisions to x_contexts.
Date: Tue, 27 Oct 2009 22:20:38 -0400 [thread overview]
Message-ID: <4AE7AA76.2040008@tycho.nsa.gov> (raw)
In-Reply-To: <4AE7A702.60309@tycho.nsa.gov>
X Object manager policy revisions to x_contexts.
Many of the specific event, extension, and property types have been
removed for the time being. Polyinstantiation allows selections and
properties to be separated in a different way, and new X server support
for labeling individual extension requests (as opposed to entire extensions)
should make the extension querying problem easier to solve in the future.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
---
config/appconfig-mcs/x_contexts | 109 +++------------------------------
config/appconfig-mls/x_contexts | 109 +++------------------------------
config/appconfig-standard/x_contexts | 109 +++------------------------------
3 files changed, 30 insertions(+), 297 deletions(-)
diff --git a/config/appconfig-mcs/x_contexts b/config/appconfig-mcs/x_contexts
index 08da649..0b32044 100644
--- a/config/appconfig-mcs/x_contexts
+++ b/config/appconfig-mcs/x_contexts
@@ -13,7 +13,7 @@
# The default client rule defines a context to be used for all clients
# connecting to the server from a remote host.
#
-client * system_u:object_r:remote_xclient_t:s0
+client * system_u:object_r:remote_t:s0
#
@@ -27,25 +27,10 @@ client * system_u:object_r:remote_xclient_t:s0
# rule indicated by an asterisk should follow all other property rules.
#
# Properties that normal clients may only read
-property XFree86_VT system_u:object_r:info_xproperty_t:s0
-property XFree86_DDC_EDID1_RAWDATA system_u:object_r:info_xproperty_t:s0
-property RESOURCE_MANAGER system_u:object_r:info_xproperty_t:s0
-property SCREEN_RESOURCES system_u:object_r:info_xproperty_t:s0
-property _MIT_PRIORITY_COLORS system_u:object_r:info_xproperty_t:s0
-property AT_SPI_IOR system_u:object_r:info_xproperty_t:s0
-property _SELINUX_CLIENT_CONTEXT system_u:object_r:info_xproperty_t:s0
-property _NET_WORKAREA system_u:object_r:info_xproperty_t:s0
-property _XKB_RULES_NAMES system_u:object_r:info_xproperty_t:s0
+property _SELINUX_* system_u:object_r:seclabel_xproperty_t:s0
# Clipboard and selection properties
-property CUT_BUFFER0 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER1 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER2 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER3 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER4 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER5 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER6 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER7 system_u:object_r:clipboard_xproperty_t:s0
+property CUT_BUFFER? system_u:object_r:clipboard_xproperty_t:s0
# Default fallback type
property * system_u:object_r:xproperty_t:s0
@@ -61,57 +46,11 @@ property * system_u:object_r:xproperty_t:s0
# Extension rules map an extension name to a context. A default extension
# rule indicated by an asterisk should follow all other extension rules.
#
-# Standard extensions
-extension BIG-REQUESTS system_u:object_r:std_xext_t:s0
-extension SHAPE system_u:object_r:std_xext_t:s0
-extension SYNC system_u:object_r:std_xext_t:s0
-extension XC-MISC system_u:object_r:std_xext_t:s0
-extension XFIXES system_u:object_r:std_xext_t:s0
-extension XInputExtension system_u:object_r:std_xext_t:s0
-extension XKEYBOARD system_u:object_r:std_xext_t:s0
-extension DAMAGE system_u:object_r:std_xext_t:s0
-extension RENDER system_u:object_r:std_xext_t:s0
-extension XINERAMA system_u:object_r:std_xext_t:s0
-
-# Direct hardware access extensions
-extension XFree86-DGA system_u:object_r:directhw_xext_t:s0
-extension XFree86-VidModeExtension system_u:object_r:directhw_xext_t:s0
-
-# Screen management and multihead extensions
-extension RANDR system_u:object_r:output_xext_t:s0
-extension Composite system_u:object_r:output_xext_t:s0
-
-# Screensaver, power management extensions
-extension DPMS system_u:object_r:screensaver_xext_t:s0
-extension MIT-SCREEN-SAVER system_u:object_r:screensaver_xext_t:s0
-
-# Shared memory extensions
-extension MIT-SHM system_u:object_r:shmem_xext_t:s0
-extension XFree86-Bigfont system_u:object_r:shmem_xext_t:s0
-
-# Accelerated graphics, OpenGL, direct rendering extensions
-extension GLX system_u:object_r:accelgraphics_xext_t:s0
-extension NV-CONTROL system_u:object_r:accelgraphics_xext_t:s0
-extension NV-GLX system_u:object_r:accelgraphics_xext_t:s0
-extension NVIDIA-GLX system_u:object_r:accelgraphics_xext_t:s0
-
-# Debugging, testing, and recording extensions
-extension RECORD system_u:object_r:debug_xext_t:s0
-extension X-Resource system_u:object_r:debug_xext_t:s0
-extension XTEST system_u:object_r:debug_xext_t:s0
-
-# Security-related extensions
-extension SECURITY system_u:object_r:security_xext_t:s0
-extension SELinux system_u:object_r:security_xext_t:s0
-extension XAccessControlExtension system_u:object_r:security_xext_t:s0
-extension XC-APPGROUP system_u:object_r:security_xext_t:s0
-
-# Video extensions
-extension XVideo system_u:object_r:video_xext_t:s0
-extension XVideo-MotionCompensation system_u:object_r:video_xext_t:s0
+# Restricted extensions
+extension SELinux system_u:object_r:security_xextension_t:s0
-# Default fallback type
-extension * system_u:object_r:xext_t:s0
+# Standard extensions
+extension * system_u:object_r:xextension_t:s0
#
@@ -124,8 +63,6 @@ extension * system_u:object_r:xext_t:s0
# rule indicated by an asterisk should follow all other selection rules.
#
# Standard selections
-selection XA_PRIMARY system_u:object_r:clipboard_xselection_t:s0
-selection XA_SECONDARY system_u:object_r:clipboard_xselection_t:s0
selection PRIMARY system_u:object_r:clipboard_xselection_t:s0
selection CLIPBOARD system_u:object_r:clipboard_xselection_t:s0
@@ -149,7 +86,6 @@ event X11:KeyRelease system_u:object_r:input_xevent_t:s0
event X11:ButtonPress system_u:object_r:input_xevent_t:s0
event X11:ButtonRelease system_u:object_r:input_xevent_t:s0
event X11:MotionNotify system_u:object_r:input_xevent_t:s0
-event X11:SelectionNotify system_u:object_r:input_xevent_t:s0
event XInputExtension:DeviceKeyPress system_u:object_r:input_xevent_t:s0
event XInputExtension:DeviceKeyRelease system_u:object_r:input_xevent_t:s0
event XInputExtension:DeviceButtonPress system_u:object_r:input_xevent_t:s0
@@ -159,36 +95,11 @@ event XInputExtension:DeviceValuator system_u:object_r:input_xevent_t:s0
event XInputExtension:ProximityIn system_u:object_r:input_xevent_t:s0
event XInputExtension:ProximityOut system_u:object_r:input_xevent_t:s0
-# Focus events
-event X11:FocusIn system_u:object_r:focus_xevent_t:s0
-event X11:FocusOut system_u:object_r:focus_xevent_t:s0
-event X11:EnterNotify system_u:object_r:focus_xevent_t:s0
-event X11:LeaveNotify system_u:object_r:focus_xevent_t:s0
-
-# Property events
-event X11:PropertyNotify system_u:object_r:property_xevent_t:s0
-
# Client message events
event X11:ClientMessage system_u:object_r:client_xevent_t:s0
-
-# Manager events
-event X11:ConfigureRequest system_u:object_r:manage_xevent_t:s0
-event X11:ResizeRequest system_u:object_r:manage_xevent_t:s0
-event X11:MapRequest system_u:object_r:manage_xevent_t:s0
-event X11:CirculateRequest system_u:object_r:manage_xevent_t:s0
-event X11:CreateNotify system_u:object_r:manage_xevent_t:s0
-event X11:DestroyNotify system_u:object_r:manage_xevent_t:s0
-event X11:MapNotify system_u:object_r:manage_xevent_t:s0
-event X11:UnmapNotify system_u:object_r:manage_xevent_t:s0
-event X11:ReparentNotify system_u:object_r:manage_xevent_t:s0
-event X11:ConfigureNotify system_u:object_r:manage_xevent_t:s0
-event X11:GravityNotify system_u:object_r:manage_xevent_t:s0
-event X11:CirculateNotify system_u:object_r:manage_xevent_t:s0
-event X11:Expose system_u:object_r:manage_xevent_t:s0
-event X11:VisibilityNotify system_u:object_r:manage_xevent_t:s0
-
-# Unknown events (that are not registered in the X server's name database)
-event <unknown> system_u:object_r:unknown_xevent_t:s0
+event X11:SelectionNotify system_u:object_r:client_xevent_t:s0
+event X11:UnmapNotify system_u:object_r:client_xevent_t:s0
+event X11:ConfigureNotify system_u:object_r:client_xevent_t:s0
# Default fallback type
event * system_u:object_r:xevent_t:s0
diff --git a/config/appconfig-mls/x_contexts b/config/appconfig-mls/x_contexts
index 08da649..0b32044 100644
--- a/config/appconfig-mls/x_contexts
+++ b/config/appconfig-mls/x_contexts
@@ -13,7 +13,7 @@
# The default client rule defines a context to be used for all clients
# connecting to the server from a remote host.
#
-client * system_u:object_r:remote_xclient_t:s0
+client * system_u:object_r:remote_t:s0
#
@@ -27,25 +27,10 @@ client * system_u:object_r:remote_xclient_t:s0
# rule indicated by an asterisk should follow all other property rules.
#
# Properties that normal clients may only read
-property XFree86_VT system_u:object_r:info_xproperty_t:s0
-property XFree86_DDC_EDID1_RAWDATA system_u:object_r:info_xproperty_t:s0
-property RESOURCE_MANAGER system_u:object_r:info_xproperty_t:s0
-property SCREEN_RESOURCES system_u:object_r:info_xproperty_t:s0
-property _MIT_PRIORITY_COLORS system_u:object_r:info_xproperty_t:s0
-property AT_SPI_IOR system_u:object_r:info_xproperty_t:s0
-property _SELINUX_CLIENT_CONTEXT system_u:object_r:info_xproperty_t:s0
-property _NET_WORKAREA system_u:object_r:info_xproperty_t:s0
-property _XKB_RULES_NAMES system_u:object_r:info_xproperty_t:s0
+property _SELINUX_* system_u:object_r:seclabel_xproperty_t:s0
# Clipboard and selection properties
-property CUT_BUFFER0 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER1 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER2 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER3 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER4 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER5 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER6 system_u:object_r:clipboard_xproperty_t:s0
-property CUT_BUFFER7 system_u:object_r:clipboard_xproperty_t:s0
+property CUT_BUFFER? system_u:object_r:clipboard_xproperty_t:s0
# Default fallback type
property * system_u:object_r:xproperty_t:s0
@@ -61,57 +46,11 @@ property * system_u:object_r:xproperty_t:s0
# Extension rules map an extension name to a context. A default extension
# rule indicated by an asterisk should follow all other extension rules.
#
-# Standard extensions
-extension BIG-REQUESTS system_u:object_r:std_xext_t:s0
-extension SHAPE system_u:object_r:std_xext_t:s0
-extension SYNC system_u:object_r:std_xext_t:s0
-extension XC-MISC system_u:object_r:std_xext_t:s0
-extension XFIXES system_u:object_r:std_xext_t:s0
-extension XInputExtension system_u:object_r:std_xext_t:s0
-extension XKEYBOARD system_u:object_r:std_xext_t:s0
-extension DAMAGE system_u:object_r:std_xext_t:s0
-extension RENDER system_u:object_r:std_xext_t:s0
-extension XINERAMA system_u:object_r:std_xext_t:s0
-
-# Direct hardware access extensions
-extension XFree86-DGA system_u:object_r:directhw_xext_t:s0
-extension XFree86-VidModeExtension system_u:object_r:directhw_xext_t:s0
-
-# Screen management and multihead extensions
-extension RANDR system_u:object_r:output_xext_t:s0
-extension Composite system_u:object_r:output_xext_t:s0
-
-# Screensaver, power management extensions
-extension DPMS system_u:object_r:screensaver_xext_t:s0
-extension MIT-SCREEN-SAVER system_u:object_r:screensaver_xext_t:s0
-
-# Shared memory extensions
-extension MIT-SHM system_u:object_r:shmem_xext_t:s0
-extension XFree86-Bigfont system_u:object_r:shmem_xext_t:s0
-
-# Accelerated graphics, OpenGL, direct rendering extensions
-extension GLX system_u:object_r:accelgraphics_xext_t:s0
-extension NV-CONTROL system_u:object_r:accelgraphics_xext_t:s0
-extension NV-GLX system_u:object_r:accelgraphics_xext_t:s0
-extension NVIDIA-GLX system_u:object_r:accelgraphics_xext_t:s0
-
-# Debugging, testing, and recording extensions
-extension RECORD system_u:object_r:debug_xext_t:s0
-extension X-Resource system_u:object_r:debug_xext_t:s0
-extension XTEST system_u:object_r:debug_xext_t:s0
-
-# Security-related extensions
-extension SECURITY system_u:object_r:security_xext_t:s0
-extension SELinux system_u:object_r:security_xext_t:s0
-extension XAccessControlExtension system_u:object_r:security_xext_t:s0
-extension XC-APPGROUP system_u:object_r:security_xext_t:s0
-
-# Video extensions
-extension XVideo system_u:object_r:video_xext_t:s0
-extension XVideo-MotionCompensation system_u:object_r:video_xext_t:s0
+# Restricted extensions
+extension SELinux system_u:object_r:security_xextension_t:s0
-# Default fallback type
-extension * system_u:object_r:xext_t:s0
+# Standard extensions
+extension * system_u:object_r:xextension_t:s0
#
@@ -124,8 +63,6 @@ extension * system_u:object_r:xext_t:s0
# rule indicated by an asterisk should follow all other selection rules.
#
# Standard selections
-selection XA_PRIMARY system_u:object_r:clipboard_xselection_t:s0
-selection XA_SECONDARY system_u:object_r:clipboard_xselection_t:s0
selection PRIMARY system_u:object_r:clipboard_xselection_t:s0
selection CLIPBOARD system_u:object_r:clipboard_xselection_t:s0
@@ -149,7 +86,6 @@ event X11:KeyRelease system_u:object_r:input_xevent_t:s0
event X11:ButtonPress system_u:object_r:input_xevent_t:s0
event X11:ButtonRelease system_u:object_r:input_xevent_t:s0
event X11:MotionNotify system_u:object_r:input_xevent_t:s0
-event X11:SelectionNotify system_u:object_r:input_xevent_t:s0
event XInputExtension:DeviceKeyPress system_u:object_r:input_xevent_t:s0
event XInputExtension:DeviceKeyRelease system_u:object_r:input_xevent_t:s0
event XInputExtension:DeviceButtonPress system_u:object_r:input_xevent_t:s0
@@ -159,36 +95,11 @@ event XInputExtension:DeviceValuator system_u:object_r:input_xevent_t:s0
event XInputExtension:ProximityIn system_u:object_r:input_xevent_t:s0
event XInputExtension:ProximityOut system_u:object_r:input_xevent_t:s0
-# Focus events
-event X11:FocusIn system_u:object_r:focus_xevent_t:s0
-event X11:FocusOut system_u:object_r:focus_xevent_t:s0
-event X11:EnterNotify system_u:object_r:focus_xevent_t:s0
-event X11:LeaveNotify system_u:object_r:focus_xevent_t:s0
-
-# Property events
-event X11:PropertyNotify system_u:object_r:property_xevent_t:s0
-
# Client message events
event X11:ClientMessage system_u:object_r:client_xevent_t:s0
-
-# Manager events
-event X11:ConfigureRequest system_u:object_r:manage_xevent_t:s0
-event X11:ResizeRequest system_u:object_r:manage_xevent_t:s0
-event X11:MapRequest system_u:object_r:manage_xevent_t:s0
-event X11:CirculateRequest system_u:object_r:manage_xevent_t:s0
-event X11:CreateNotify system_u:object_r:manage_xevent_t:s0
-event X11:DestroyNotify system_u:object_r:manage_xevent_t:s0
-event X11:MapNotify system_u:object_r:manage_xevent_t:s0
-event X11:UnmapNotify system_u:object_r:manage_xevent_t:s0
-event X11:ReparentNotify system_u:object_r:manage_xevent_t:s0
-event X11:ConfigureNotify system_u:object_r:manage_xevent_t:s0
-event X11:GravityNotify system_u:object_r:manage_xevent_t:s0
-event X11:CirculateNotify system_u:object_r:manage_xevent_t:s0
-event X11:Expose system_u:object_r:manage_xevent_t:s0
-event X11:VisibilityNotify system_u:object_r:manage_xevent_t:s0
-
-# Unknown events (that are not registered in the X server's name database)
-event <unknown> system_u:object_r:unknown_xevent_t:s0
+event X11:SelectionNotify system_u:object_r:client_xevent_t:s0
+event X11:UnmapNotify system_u:object_r:client_xevent_t:s0
+event X11:ConfigureNotify system_u:object_r:client_xevent_t:s0
# Default fallback type
event * system_u:object_r:xevent_t:s0
diff --git a/config/appconfig-standard/x_contexts b/config/appconfig-standard/x_contexts
index f9cefb9..5b752f8 100644
--- a/config/appconfig-standard/x_contexts
+++ b/config/appconfig-standard/x_contexts
@@ -13,7 +13,7 @@
# The default client rule defines a context to be used for all clients
# connecting to the server from a remote host.
#
-client * system_u:object_r:remote_xclient_t
+client * system_u:object_r:remote_t
#
@@ -27,25 +27,10 @@ client * system_u:object_r:remote_xclient_t
# rule indicated by an asterisk should follow all other property rules.
#
# Properties that normal clients may only read
-property XFree86_VT system_u:object_r:info_xproperty_t
-property XFree86_DDC_EDID1_RAWDATA system_u:object_r:info_xproperty_t
-property RESOURCE_MANAGER system_u:object_r:info_xproperty_t
-property SCREEN_RESOURCES system_u:object_r:info_xproperty_t
-property _MIT_PRIORITY_COLORS system_u:object_r:info_xproperty_t
-property AT_SPI_IOR system_u:object_r:info_xproperty_t
-property _SELINUX_CLIENT_CONTEXT system_u:object_r:info_xproperty_t
-property _NET_WORKAREA system_u:object_r:info_xproperty_t
-property _XKB_RULES_NAMES system_u:object_r:info_xproperty_t
+property _SELINUX_* system_u:object_r:seclabel_xproperty_t
# Clipboard and selection properties
-property CUT_BUFFER0 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER1 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER2 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER3 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER4 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER5 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER6 system_u:object_r:clipboard_xproperty_t
-property CUT_BUFFER7 system_u:object_r:clipboard_xproperty_t
+property CUT_BUFFER? system_u:object_r:clipboard_xproperty_t
# Default fallback type
property * system_u:object_r:xproperty_t
@@ -61,57 +46,11 @@ property * system_u:object_r:xproperty_t
# Extension rules map an extension name to a context. A default extension
# rule indicated by an asterisk should follow all other extension rules.
#
-# Standard extensions
-extension BIG-REQUESTS system_u:object_r:std_xext_t
-extension SHAPE system_u:object_r:std_xext_t
-extension SYNC system_u:object_r:std_xext_t
-extension XC-MISC system_u:object_r:std_xext_t
-extension XFIXES system_u:object_r:std_xext_t
-extension XInputExtension system_u:object_r:std_xext_t
-extension XKEYBOARD system_u:object_r:std_xext_t
-extension DAMAGE system_u:object_r:std_xext_t
-extension RENDER system_u:object_r:std_xext_t
-extension XINERAMA system_u:object_r:std_xext_t
-
-# Direct hardware access extensions
-extension XFree86-DGA system_u:object_r:directhw_xext_t
-extension XFree86-VidModeExtension system_u:object_r:directhw_xext_t
-
-# Screen management and multihead extensions
-extension RANDR system_u:object_r:output_xext_t
-extension Composite system_u:object_r:output_xext_t
-
-# Screensaver, power management extensions
-extension DPMS system_u:object_r:screensaver_xext_t
-extension MIT-SCREEN-SAVER system_u:object_r:screensaver_xext_t
-
-# Shared memory extensions
-extension MIT-SHM system_u:object_r:shmem_xext_t
-extension XFree86-Bigfont system_u:object_r:shmem_xext_t
-
-# Accelerated graphics, OpenGL, direct rendering extensions
-extension GLX system_u:object_r:accelgraphics_xext_t
-extension NV-CONTROL system_u:object_r:accelgraphics_xext_t
-extension NV-GLX system_u:object_r:accelgraphics_xext_t
-extension NVIDIA-GLX system_u:object_r:accelgraphics_xext_t
-
-# Debugging, testing, and recording extensions
-extension RECORD system_u:object_r:debug_xext_t
-extension X-Resource system_u:object_r:debug_xext_t
-extension XTEST system_u:object_r:debug_xext_t
-
-# Security-related extensions
-extension SECURITY system_u:object_r:security_xext_t
-extension SELinux system_u:object_r:security_xext_t
-extension XAccessControlExtension system_u:object_r:security_xext_t
-extension XC-APPGROUP system_u:object_r:security_xext_t
-
-# Video extensions
-extension XVideo system_u:object_r:video_xext_t
-extension XVideo-MotionCompensation system_u:object_r:video_xext_t
+# Restricted extensions
+extension SELinux system_u:object_r:security_xextension_t
-# Default fallback type
-extension * system_u:object_r:xext_t
+# Standard extensions
+extension * system_u:object_r:xextension_t
#
@@ -124,8 +63,6 @@ extension * system_u:object_r:xext_t
# rule indicated by an asterisk should follow all other selection rules.
#
# Standard selections
-selection XA_PRIMARY system_u:object_r:clipboard_xselection_t
-selection XA_SECONDARY system_u:object_r:clipboard_xselection_t
selection PRIMARY system_u:object_r:clipboard_xselection_t
selection CLIPBOARD system_u:object_r:clipboard_xselection_t
@@ -149,7 +86,6 @@ event X11:KeyRelease system_u:object_r:input_xevent_t
event X11:ButtonPress system_u:object_r:input_xevent_t
event X11:ButtonRelease system_u:object_r:input_xevent_t
event X11:MotionNotify system_u:object_r:input_xevent_t
-event X11:SelectionNotify system_u:object_r:input_xevent_t
event XInputExtension:DeviceKeyPress system_u:object_r:input_xevent_t
event XInputExtension:DeviceKeyRelease system_u:object_r:input_xevent_t
event XInputExtension:DeviceButtonPress system_u:object_r:input_xevent_t
@@ -159,36 +95,11 @@ event XInputExtension:DeviceValuator system_u:object_r:input_xevent_t
event XInputExtension:ProximityIn system_u:object_r:input_xevent_t
event XInputExtension:ProximityOut system_u:object_r:input_xevent_t
-# Focus events
-event X11:FocusIn system_u:object_r:focus_xevent_t
-event X11:FocusOut system_u:object_r:focus_xevent_t
-event X11:EnterNotify system_u:object_r:focus_xevent_t
-event X11:LeaveNotify system_u:object_r:focus_xevent_t
-
-# Property events
-event X11:PropertyNotify system_u:object_r:property_xevent_t
-
# Client message events
event X11:ClientMessage system_u:object_r:client_xevent_t
-
-# Manager events
-event X11:ConfigureRequest system_u:object_r:manage_xevent_t
-event X11:ResizeRequest system_u:object_r:manage_xevent_t
-event X11:MapRequest system_u:object_r:manage_xevent_t
-event X11:CirculateRequest system_u:object_r:manage_xevent_t
-event X11:CreateNotify system_u:object_r:manage_xevent_t
-event X11:DestroyNotify system_u:object_r:manage_xevent_t
-event X11:MapNotify system_u:object_r:manage_xevent_t
-event X11:UnmapNotify system_u:object_r:manage_xevent_t
-event X11:ReparentNotify system_u:object_r:manage_xevent_t
-event X11:ConfigureNotify system_u:object_r:manage_xevent_t
-event X11:GravityNotify system_u:object_r:manage_xevent_t
-event X11:CirculateNotify system_u:object_r:manage_xevent_t
-event X11:Expose system_u:object_r:manage_xevent_t
-event X11:VisibilityNotify system_u:object_r:manage_xevent_t
-
-# Unknown events (that are not registered in the X server's name database)
-event <unknown> system_u:object_r:unknown_xevent_t
+event X11:SelectionNotify system_u:object_r:client_xevent_t
+event X11:UnmapNotify system_u:object_r:client_xevent_t
+event X11:ConfigureNotify system_u:object_r:client_xevent_t
# Default fallback type
event * system_u:object_r:xevent_t
--
1.6.5.rc2
--
Eamon Walsh
National Security Agency
next prev parent reply other threads:[~2009-10-28 2:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-28 2:05 [refpolicy] [PATCH 0/3] Updated X object manager policy -v2: Intro Eamon Walsh
2009-10-28 2:18 ` [refpolicy] [PATCH 1/3] X Object Manager policy revisions to xserver.te Eamon Walsh
2009-10-28 2:19 ` [refpolicy] [PATCH 2/4] X Object Manager policy revisions to xserver.if Eamon Walsh
2009-10-28 2:20 ` Eamon Walsh [this message]
2009-10-28 13:57 ` [refpolicy] [PATCH 0/3] Updated X object manager policy -v2: Intro Christopher J. PeBenito
2009-10-29 22:57 ` Eamon Walsh
2009-10-30 13:17 ` Christopher J. PeBenito
2009-10-30 22:24 ` Eamon Walsh
2009-11-02 13:45 ` Christopher J. PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AE7AA76.2040008@tycho.nsa.gov \
--to=ewalsh@tycho.nsa.gov \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.