[selinux-policy: 2122/3172] trunk: MLS constraints for the x_selection class, from Eamon Walsh.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:08:18 UTC 2010 

commit 16fd1fd814b0a69b0127ab44a1a738fa015aaded
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Jun 5 13:36:19 2009 +0000

    trunk: MLS constraints for the x_selection class, from Eamon Walsh.

 Changelog                    |    1 +
 policy/mls                   |   19 +++++++++++++++++++
 policy/modules/kernel/mls.te |    2 ++
 3 files changed, 22 insertions(+), 0 deletions(-)
---
diff --git a/Changelog b/Changelog
index 48f96f8..fb931d7 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- MLS constraints for the x_selection class, from Eamon Walsh.
 - Postgresql updates from KaiGai Kohei.
 - Milter state directory patch from Paul Howarth.
 - Add MLS constrains for ingress/egress and secmark from Paul Moore.
diff --git a/policy/mls b/policy/mls
index 4410109..1e87ce2 100644
--- a/policy/mls
+++ b/policy/mls
@@ -516,6 +516,25 @@ mlsconstrain x_property { create destroy write append setattr }
 
 
 #
+# MLS policy for the x_selection class
+#
+
+# the x_selection "read" ops (implicit single level)
+mlsconstrain x_selection { read getattr }
+	(( l1 dom l2 ) or
+	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
+	 ( t1 == mlsxwinreadselection ) or
+	 ( t1 == mlsxwinread ));
+
+# the x_selection "write" ops (implicit single level)
+mlsconstrain x_selection { write setattr }
+	(( l1 eq l2 ) or
+	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+	 ( t1 == mlsxwinwriteselection ) or
+	 ( t1 == mlsxwinwrite ));
+
+
+#
 # MLS policy for the x_cursor class
 #
 
diff --git a/policy/modules/kernel/mls.te b/policy/modules/kernel/mls.te
index 252deef..290fda7 100644
--- a/policy/modules/kernel/mls.te
+++ b/policy/modules/kernel/mls.te
@@ -42,6 +42,8 @@ attribute mlsxwinwrite;
 attribute mlsxwinwritetoclr;
 attribute mlsxwinreadproperty;
 attribute mlsxwinwriteproperty;
+attribute mlsxwinreadselection;
+attribute mlsxwinwriteselection;
 attribute mlsxwinreadcolormap;
 attribute mlsxwinwritecolormap;
 attribute mlsxwinwritexinput;

More information about the scm-commits mailing list