From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 05 Jun 2009 09:36:30 -0400
Subject: [refpolicy] x_selection_constraints.patch
In-Reply-To: <4A28376B.1070108@tycho.nsa.gov>
References: <4A28376B.1070108@tycho.nsa.gov>
Message-ID: <1244208990.27717.1681.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2009-06-04 at 17:06 -0400, Eamon Walsh wrote:
> Attached patch adds MLS constraints for the x_selection class.

Merged.

> 
> 
> 
> 
> 
> 
> differences
> between files
> attachment
> (x_selection_constraints.patch)
> 
> Index: policy/modules/kernel/mls.te
> ===================================================================
> --- policy/modules/kernel/mls.te        (revision 2991)
> +++ policy/modules/kernel/mls.te        (working copy)
> @@ -42,6 +42,8 @@
>  attribute mlsxwinwritetoclr;
>  attribute mlsxwinreadproperty;
>  attribute mlsxwinwriteproperty;
> +attribute mlsxwinreadselection;
> +attribute mlsxwinwriteselection;
>  attribute mlsxwinreadcolormap;
>  attribute mlsxwinwritecolormap;
>  attribute mlsxwinwritexinput;
> Index: policy/mls
> ===================================================================
> --- policy/mls  (revision 2991)
> +++ policy/mls  (working copy)
> @@ -516,6 +516,25 @@
>  
>  
>  #
> +# MLS policy for the x_selection class
> +#
> +
> +# the x_selection "read" ops (implicit single level)
> +mlsconstrain x_selection { read getattr }
> +       (( l1 dom l2 ) or
> +        (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
> +        ( t1 == mlsxwinreadselection ) or
> +        ( t1 == mlsxwinread ));
> +
> +# the x_selection "write" ops (implicit single level)
> +mlsconstrain x_selection { write setattr }
> +       (( l1 eq l2 ) or
> +        (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby
> l2 )) or
> +        ( t1 == mlsxwinwriteselection ) or
> +        ( t1 == mlsxwinwrite ));
> +
> +
> +#
>  # MLS policy for the x_cursor class
>  #
>  
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150