Add a few new permissions to the "x_device" class to support the new XI2
functionality just merged to the X server.
--
Eamon Walsh <[email protected]>
National Security Agency
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xi2_device_perms.patch
Type: text/x-patch
Size: 326 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090617/7030eabd/attachment.bin
On Wed, 2009-06-17 at 22:41 -0400, Eamon Walsh wrote:
> Add a few new permissions to the "x_device" class to support the new
> XI2
> functionality just merged to the X server.
Merged.
>
>
>
>
>
>
> differences
> between files
> attachment
> (xi2_device_perms.patch)
>
> Index: policy/flask/access_vectors
> ===================================================================
> --- policy/flask/access_vectors (revision 2996)
> +++ policy/flask/access_vectors (working copy)
> @@ -539,6 +539,11 @@
> freeze
> grab
> manage
> + list_property
> + get_property
> + set_property
> + add
> + remove
> }
>
> class x_server
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
On 06/17/2009 10:41 PM, Eamon Walsh wrote:
> Add a few new permissions to the "x_device" class to support the new XI2
> functionality just merged to the X server.
>
>
In the previous patch 2 x_device permission bits for the XI2
functionality were left out.
Fixed with attached patch.
--
Eamon Walsh<[email protected]>
National Security Agency
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xi2_device_perms2.patch
Type: text/x-patch
Size: 288 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090810/dce3a689/attachment.bin
On Mon, 2009-08-10 at 18:29 -0400, Eamon Walsh wrote:
> On 06/17/2009 10:41 PM, Eamon Walsh wrote:
> > Add a few new permissions to the "x_device" class to support the new
> XI2
> > functionality just merged to the X server.
> >
> >
>
>
> In the previous patch 2 x_device permission bits for the XI2
> functionality were left out.
>
> Fixed with attached patch.
Whats the difference between add/remove and create/destroy?
> Index: policy/flask/access_vectors
> ===================================================================
> --- policy/flask/access_vectors (revision 3012)
> +++ policy/flask/access_vectors (working copy)
> @@ -544,6 +544,8 @@
> set_property
> add
> remove
> + create
> + destroy
> }
>
> class x_server
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
On 08/11/2009 08:18 AM, Christopher J. PeBenito wrote:
> On Mon, 2009-08-10 at 18:29 -0400, Eamon Walsh wrote:
>
>> On 06/17/2009 10:41 PM, Eamon Walsh wrote:
>>
>>> Add a few new permissions to the "x_device" class to support the new
>>>
>> XI2
>>
>>> functionality just merged to the X server.
>>>
>>>
>>>
>> In the previous patch 2 x_device permission bits for the XI2
>> functionality were left out.
>>
>> Fixed with attached patch.
>>
>
> Whats the difference between add/remove and create/destroy?
>
>
The devices are in a kind of hierarchy. You can now create one or more
"master devices" (mouse cursor and keyboard focus). The physical input
devices are "slave devices" that attach to master devices.
Add/remove controls the ability to add/remove slave devices from a
master device. Create/destroy controls the ability to create new master
devices.
--
Eamon Walsh<[email protected]>
National Security Agency
On Tue, 2009-08-11 at 13:57 -0400, Eamon Walsh wrote:
> On 08/11/2009 08:18 AM, Christopher J. PeBenito wrote:
> > On Mon, 2009-08-10 at 18:29 -0400, Eamon Walsh wrote:
> >
> >> On 06/17/2009 10:41 PM, Eamon Walsh wrote:
> >>
> >>> Add a few new permissions to the "x_device" class to support the new
> >>>
> >> XI2
> >>
> >>> functionality just merged to the X server.
> >>>
> >>>
> >>>
> >> In the previous patch 2 x_device permission bits for the XI2
> >> functionality were left out.
> >>
> >> Fixed with attached patch.
> >>
> >
> > Whats the difference between add/remove and create/destroy?
> >
> >
>
>
> The devices are in a kind of hierarchy. You can now create one or more
> "master devices" (mouse cursor and keyboard focus). The physical input
> devices are "slave devices" that attach to master devices.
>
> Add/remove controls the ability to add/remove slave devices from a
> master device. Create/destroy controls the ability to create new master
> devices.
Merged. Are there any MLS constraints updates for these permissions?
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
On 08/14/2009 01:20 PM, Christopher J. PeBenito wrote:
> On Tue, 2009-08-11 at 13:57 -0400, Eamon Walsh wrote:
>
>> On 08/11/2009 08:18 AM, Christopher J. PeBenito wrote:
>>
>>> On Mon, 2009-08-10 at 18:29 -0400, Eamon Walsh wrote:
>>>
>>>
>>>> On 06/17/2009 10:41 PM, Eamon Walsh wrote:
>>>>
>>>>
>>>>> Add a few new permissions to the "x_device" class to support the new
>>>>>
>>>>>
>>>> XI2
>>>>
>>>>
>>>>> functionality just merged to the X server.
>>>>>
>>>>>
>>>>>
>>>>>
>>>> In the previous patch 2 x_device permission bits for the XI2
>>>> functionality were left out.
>>>>
>>>> Fixed with attached patch.
>>>>
>>>>
>>> Whats the difference between add/remove and create/destroy?
>>>
>>>
>>>
>>
>> The devices are in a kind of hierarchy. You can now create one or more
>> "master devices" (mouse cursor and keyboard focus). The physical input
>> devices are "slave devices" that attach to master devices.
>>
>> Add/remove controls the ability to add/remove slave devices from a
>> master device. Create/destroy controls the ability to create new master
>> devices.
>>
> Merged. Are there any MLS constraints updates for these permissions?
>
>
Yes, I did an X demo here last month and have some policy changes, I'm
still working on cleaning them up for submission.
--
Eamon Walsh<[email protected]>
National Security Agency