Eamon Walsh wrote:
OK, I worked on this today. The property polyinstantiation itself is
easy enough, but I've run into a problem with the PropertyNotify
events that occur when a polyinstantiated property is changed or
deleted - everyone can see them! Some major changes to the event
delivery model are probably going to be necessary to make this work.
I can't immediately see how it's done in Trusted Extensions. In
TsolDeleteProperty there is just a regular DeliverEvents call to send
the event.
I think there will have to be a way to pass some private data down
with all events, and then have another hook call further down that
gives a yes/no answer for each client.
You're probably right that unnecessary PropertyNotify events may be
distributed to any client who has expressed interest in this event on
the root window. I don't think this is a big problem, however. If the
client cares to read the property whose atom is associated with the
event it will get the value which matches its security context.
If your concern is that this presents a covert channel, that is an issue
that we generally ignore. For example we don't prevent higher-level
windows from generating exposure events which may be delivered to lower
level windows. We only prevent normal clients from mapping windows into
a Trusted Path workspace.
--Glenn
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
