Xavier Toth wrote:
I'm curious as to why you chose the route of specifying which properties are polyinstantiated instead of which are not bearing in mind what Glenn said in a previous post?
The server will check the "property" lines first and if it doesn't find a match it will check the "poly_property" lines. So, as long as the wildcard entry in the x_contexts file is changed from property to poly_property, the default will be to polyinstantiate.
However I wasn't planning on treating the root window any differently from other windows, so this behavior would apply to all windows.
On Feb 5, 2008 3:30 PM, Eamon Walsh <ewalsh@xxxxxxxxxxxxx> wrote:This patch adds a poly_property type to the X contexts backend, so that the X Flask module can be informed which properties to polyinstantiate. Signed-off-by: Eamon Walsh <ewalsh@xxxxxxxxxxxxx> --- include/selinux/label.h | 1 + src/label_x.c | 2 ++ 2 files changed, 3 insertions(+) Index: libselinux/include/selinux/label.h =================================================================== --- libselinux/include/selinux/label.h (revision 2789) +++ libselinux/include/selinux/label.h (working copy) @@ -113,6 +113,7 @@ #define SELABEL_X_CLIENT 3 #define SELABEL_X_EVENT 4 #define SELABEL_X_SELN 5 +#define SELABEL_X_POLYPROP 6 #ifdef __cplusplus Index: libselinux/src/label_x.c =================================================================== --- libselinux/src/label_x.c (revision 2789) +++ libselinux/src/label_x.c (working copy) @@ -69,6 +69,8 @@ data->spec_arr[data->nspec].type = SELABEL_X_EVENT; else if (!strcmp(type, "selection")) data->spec_arr[data->nspec].type = SELABEL_X_SELN; + else if (!strcmp(type, "poly_property")) + data->spec_arr[data->nspec].type = SELABEL_X_POLYPROP; else { selinux_log(SELINUX_WARNING, "%s: line %d has invalid object type %s\n", -- Eamon Walsh <ewalsh@xxxxxxxxxxxxx> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
-- Eamon Walsh <ewalsh@xxxxxxxxxxxxx> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
