From: ewalsh@tycho.nsa.gov (Eamon Walsh) Date: Mon, 17 Aug 2009 15:16:14 -0400 Subject: [refpolicy] new_device_permissions.patch In-Reply-To: <1250270457.27712.69.camel@gorn.columbia.tresys.com> References: <4A39A962.1000307@tycho.nsa.gov> <4A809F60.1090805@tycho.nsa.gov> <1249993123.27712.13.camel@gorn> <4A81B0FA.6090100@tycho.nsa.gov> <1250270457.27712.69.camel@gorn.columbia.tresys.com> Message-ID: <4A89AC7E.4030503@tycho.nsa.gov> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/14/2009 01:20 PM, Christopher J. PeBenito wrote: > On Tue, 2009-08-11 at 13:57 -0400, Eamon Walsh wrote: > >> On 08/11/2009 08:18 AM, Christopher J. PeBenito wrote: >> >>> On Mon, 2009-08-10 at 18:29 -0400, Eamon Walsh wrote: >>> >>> >>>> On 06/17/2009 10:41 PM, Eamon Walsh wrote: >>>> >>>> >>>>> Add a few new permissions to the "x_device" class to support the new >>>>> >>>>> >>>> XI2 >>>> >>>> >>>>> functionality just merged to the X server. >>>>> >>>>> >>>>> >>>>> >>>> In the previous patch 2 x_device permission bits for the XI2 >>>> functionality were left out. >>>> >>>> Fixed with attached patch. >>>> >>>> >>> Whats the difference between add/remove and create/destroy? >>> >>> >>> >> >> The devices are in a kind of hierarchy. You can now create one or more >> "master devices" (mouse cursor and keyboard focus). The physical input >> devices are "slave devices" that attach to master devices. >> >> Add/remove controls the ability to add/remove slave devices from a >> master device. Create/destroy controls the ability to create new master >> devices. >> > Merged. Are there any MLS constraints updates for these permissions? > > Yes, I did an X demo here last month and have some policy changes, I'm still working on cleaning them up for submission. -- Eamon Walsh National Security Agency