Eamon Walsh wrote:
Xavier Toth wrote:
I'm curious as to why you chose the route of specifying which
properties are polyinstantiated instead of which are not bearing in
mind what Glenn said in a previous post?
The server will check the "property" lines first and if it doesn't find
a match it will check the "poly_property" lines. So, as long as the
wildcard entry in the x_contexts file is changed from property to
poly_property, the default will be to polyinstantiate.
However I wasn't planning on treating the root window any differently
from other windows, so this behavior would apply to all windows.
Upon further consideration I think I might just add a lookup function to
the label API that returns the polyinstantiation bit as a separate
argument. This could work with files too.
On Feb 5, 2008 3:30 PM, Eamon Walsh <ewalsh@xxxxxxxxxxxxx> wrote:
This patch adds a poly_property type to the X contexts backend, so that
the X Flask module can be informed which properties to polyinstantiate.
Signed-off-by: Eamon Walsh <ewalsh@xxxxxxxxxxxxx>
---
include/selinux/label.h | 1 +
src/label_x.c | 2 ++
2 files changed, 3 insertions(+)
Index: libselinux/include/selinux/label.h
===================================================================
--- libselinux/include/selinux/label.h (revision 2789)
+++ libselinux/include/selinux/label.h (working copy)
@@ -113,6 +113,7 @@
#define SELABEL_X_CLIENT 3
#define SELABEL_X_EVENT 4
#define SELABEL_X_SELN 5
+#define SELABEL_X_POLYPROP 6
#ifdef __cplusplus
Index: libselinux/src/label_x.c
===================================================================
--- libselinux/src/label_x.c (revision 2789)
+++ libselinux/src/label_x.c (working copy)
@@ -69,6 +69,8 @@
data->spec_arr[data->nspec].type = SELABEL_X_EVENT;
else if (!strcmp(type, "selection"))
data->spec_arr[data->nspec].type = SELABEL_X_SELN;
+ else if (!strcmp(type, "poly_property"))
+ data->spec_arr[data->nspec].type = SELABEL_X_POLYPROP;
else {
selinux_log(SELINUX_WARNING,
"%s: line %d has invalid object type %s\n",
--
Eamon Walsh <ewalsh@xxxxxxxxxxxxx>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
--
Eamon Walsh <ewalsh@xxxxxxxxxxxxx>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.