Attached patch adds MLS constraints for the x_selection class.
--
Eamon Walsh <[email protected]>
National Security Agency
-------------- next part --------------
A non-text attachment was scrubbed...
Name: x_selection_constraints.patch
Type: text/x-patch
Size: 1240 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090604/5a89bb49/attachment.bin
On Thu, 2009-06-04 at 17:06 -0400, Eamon Walsh wrote:
> Attached patch adds MLS constraints for the x_selection class.
Merged.
>
>
>
>
>
>
> differences
> between files
> attachment
> (x_selection_constraints.patch)
>
> Index: policy/modules/kernel/mls.te
> ===================================================================
> --- policy/modules/kernel/mls.te (revision 2991)
> +++ policy/modules/kernel/mls.te (working copy)
> @@ -42,6 +42,8 @@
> attribute mlsxwinwritetoclr;
> attribute mlsxwinreadproperty;
> attribute mlsxwinwriteproperty;
> +attribute mlsxwinreadselection;
> +attribute mlsxwinwriteselection;
> attribute mlsxwinreadcolormap;
> attribute mlsxwinwritecolormap;
> attribute mlsxwinwritexinput;
> Index: policy/mls
> ===================================================================
> --- policy/mls (revision 2991)
> +++ policy/mls (working copy)
> @@ -516,6 +516,25 @@
>
>
> #
> +# MLS policy for the x_selection class
> +#
> +
> +# the x_selection "read" ops (implicit single level)
> +mlsconstrain x_selection { read getattr }
> + (( l1 dom l2 ) or
> + (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
> + ( t1 == mlsxwinreadselection ) or
> + ( t1 == mlsxwinread ));
> +
> +# the x_selection "write" ops (implicit single level)
> +mlsconstrain x_selection { write setattr }
> + (( l1 eq l2 ) or
> + (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby
> l2 )) or
> + ( t1 == mlsxwinwriteselection ) or
> + ( t1 == mlsxwinwrite ));
> +
> +
> +#
> # MLS policy for the x_cursor class
> #
>
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150