Xavier Toth wrote:
On Mon, Apr 28, 2008 at 1:26 PM, Eamon Walsh <ewalsh@xxxxxxxxxxxxx
<mailto:ewalsh@xxxxxxxxxxxxx>> wrote:
Xavier Toth wrote:
Here's a patch I'm using with an MLS version of glipper to
give the capability to check for dominance between copy and
paste data contexts. Hopefully some version of this can be
upstreamed.
Hi, why did you reverse the two paste operations? In my
suggestion I had the "paste" bit meaning "unconditional paste" and
"paste_after_confirm" meaning "allow paste only after the user
confirms."
Having the confirmation dialog semantics built in to the plain old
"paste" permission seems to me like it would be more confusing,
and difficult to change later.
Well maybe I didn't understand what you were thinking. I did it the
way I did because I use the avc_has_perm to tell me whether I need to
bring up the downgrade dialog.
Here is pseudo-code for the way I'd prefer to have the check done:
if (avc_has_perm(requestor's context, selection's context, X_APPLICATION_DATA, PASTE) == 0)
// Perform the paste without asking.
else if (avc_has_perm(requestor's context, selection's context, X_APPLICATION_DATA, PASTE_AFTER_CONFIRM) == 0)
// Pop up the confirmation dialog; perform the paste if user accepts.
else
// If you get here, the paste just isn't allowed at all.
--- serefpolicy-3.3.1/policy/flask/access_vectors
2008-04-08 13:41:18.000000000 -0500
+++ serefpolicy-3.3.1.new//policy/flask/access_vectors
2008-04-08 13:35:43.000000000 -0500
@@ -765,3 +765,10 @@
{
recv
}
+
+class x_application_data
+{
+ paste
+ paste_without_confirm
+ copy
+}
--- serefpolicy-3.3.1/policy/flask/security_classes
2008-04-08 13:41:18.000000000 -0500
+++ serefpolicy-3.3.1.new//policy/flask/security_classes
2008-04-08 13:34:36.000000000 -0500
@@ -114,5 +114,6 @@
class x_resource # userspace
class x_event # userspace
class x_synthetic_event # userspace
+class x_application_data # userspace
# FLASK
--- serefpolicy-3.3.1/policy/mls 2008-04-08
13:41:18.000000000 -0500
+++ serefpolicy-3.3.1.new/policy/mls 2008-04-08
14:20:49.000000000 -0500
@@ -567,6 +567,12 @@
( t1 == mlsxwinwritexinput ) or
( t1 == mlsxwinwrite ));
+#
+# MLS policy for the x_application_data class
+#
+mlsconstrain x_application_data { paste_without_confirm }
+ ( l1 domby l2 );
+
#
# MLS policy for the pax class
--
Eamon Walsh <ewalsh@xxxxxxxxxxxxx <mailto:ewalsh@xxxxxxxxxxxxx>>
National Security Agency
--
Eamon Walsh <ewalsh@xxxxxxxxxxxxx>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
