From: ewalsh@tycho.nsa.gov (Eamon Walsh)
Date: Tue, 11 Aug 2009 13:57:14 -0400
Subject: [refpolicy] new_device_permissions.patch
In-Reply-To: <1249993123.27712.13.camel@gorn>
References: <4A39A962.1000307@tycho.nsa.gov>	 <4A809F60.1090805@tycho.nsa.gov>
	<1249993123.27712.13.camel@gorn>
Message-ID: <4A81B0FA.6090100@tycho.nsa.gov>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/11/2009 08:18 AM, Christopher J. PeBenito wrote:
> On Mon, 2009-08-10 at 18:29 -0400, Eamon Walsh wrote:
>    
>> On 06/17/2009 10:41 PM, Eamon Walsh wrote:
>>      
>>> Add a few new permissions to the "x_device" class to support the new
>>>        
>> XI2
>>      
>>> functionality just merged to the X server.
>>>
>>>
>>>        
>> In the previous patch 2 x_device permission bits for the XI2
>> functionality were left out.
>>
>> Fixed with attached patch.
>>      
>
> Whats the difference between add/remove and create/destroy?
>
>    


The devices are in a kind of hierarchy.  You can now create one or more 
"master devices" (mouse cursor and keyboard focus).  The physical input 
devices are "slave devices" that attach to master devices.

Add/remove controls the ability to add/remove slave devices from a 
master device.  Create/destroy controls the ability to create new master 
devices.




-- 
Eamon Walsh<ewalsh@tycho.nsa.gov>
National Security Agency