Ted X Toth wrote:
I'll look at implementing a dixPropertyLookup function. Do any other
XACE hooks have value-return parameters, would it just be va_arg(ap,
PropertyPtr*)?
No and yes, respectively.
What about the idea of an exception list of single-instance root-window
properties?
I'm examining the type_member policy statement to determine how we can
use it to provide this information. type_member was intented to support
polyinstantiation but it's mls semantics have not been defined yet.
With respect to the root window drawable, it is protected at the
lowest label, so it is never modified. Applications like Nautilus are
polyinstantiated, too, and render their own background windows.
Our implementation is all open-sourced using the Xorg license. A
summary of the X11 security policy implemented by Solaris Trusted
Extensions is described in Chapter 6 of the Developer's Guide,
http://docs.sun.com/app/docs/doc/819-0869/6n391u3ru?a=view
The configuration file for the polyinstantiation policy is described
in the TrustedExtensionsPolicy man page,
http://docs.sun.com/app/docs/doc/819-7307/trustedextensionspolicy-4?a=view
The source code which implements this policy can be viewed in the
OpenSolaris browser using this link:
http://src.opensolaris.org/source/xref/fox/fox-gate/XW_NV/open-src/xserver/xorg/sun-src/tsol/
The hooks to the XACE extension layer (also used by SELinux) are in
the file tsolCompat.c, which can be viewed here:
http://src.opensolaris.org/source/xref/fox/fox-gate/XW_NV/open-src/xserver/xorg/sun-src/Xext/tsolCompat.c
Although Trusted Extensions and SELinux have significant differences
with respect to their security models, both systems attempt to
implement MAC policy in a manner that is transparent to applications.
This should apply to the desktop, as well. In general, the user
experience running GNOME on Solaris (with or without Trusted
Extensions) or on Linux (with or without SELinux) should be almost
identical. So the underlying policies enforced by the X11 server
should follow the same general principles.
Our long-term goal is to make applications aware of and responsive to
the security environment, particularly applications that could
themselves be multi-level such as e-mail, web, office.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
--
Eamon Walsh <ewalsh@xxxxxxxxxxxxx>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
