From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 14 Aug 2009 13:20:57 -0400
Subject: [refpolicy] new_device_permissions.patch
In-Reply-To: <4A81B0FA.6090100@tycho.nsa.gov>
References: <4A39A962.1000307@tycho.nsa.gov>
	<4A809F60.1090805@tycho.nsa.gov> <1249993123.27712.13.camel@gorn>
	<4A81B0FA.6090100@tycho.nsa.gov>
Message-ID: <1250270457.27712.69.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, 2009-08-11 at 13:57 -0400, Eamon Walsh wrote:
> On 08/11/2009 08:18 AM, Christopher J. PeBenito wrote:
> > On Mon, 2009-08-10 at 18:29 -0400, Eamon Walsh wrote:
> >    
> >> On 06/17/2009 10:41 PM, Eamon Walsh wrote:
> >>      
> >>> Add a few new permissions to the "x_device" class to support the new
> >>>        
> >> XI2
> >>      
> >>> functionality just merged to the X server.
> >>>
> >>>
> >>>        
> >> In the previous patch 2 x_device permission bits for the XI2
> >> functionality were left out.
> >>
> >> Fixed with attached patch.
> >>      
> >
> > Whats the difference between add/remove and create/destroy?
> >
> >    
> 
> 
> The devices are in a kind of hierarchy.  You can now create one or more 
> "master devices" (mouse cursor and keyboard focus).  The physical input 
> devices are "slave devices" that attach to master devices.
> 
> Add/remove controls the ability to add/remove slave devices from a 
> master device.  Create/destroy controls the ability to create new master 
> devices.

Merged.  Are there any MLS constraints updates for these permissions?

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150