I've been looking at the xserver_common_x_domain_template and AVCs
coming out of X applications and thinking it would be good to have
finer grained interfaces that could be used to build policy for the
wide variety of GUI apps. X extensions and selection are a couple of
area that caught my eye can you think of others.
Example:
########################################
## <summary>
## Allow an X client to use an X extension
## </summary>
## <param name="domain">
## <summary>
## Domain allowed use an X extension.
## </summary>
## </param>
## <param name="xextension prefix">
## <summary>
## Prefix for the X extension (screensaver, output, etc ...).
## </summary>
## </param>
#
interface(`xserver_use_xextension',`
gen_require(`
class x_extension { use getattr };
type $2_xext_t;
')
allow $1 $2_xext_t:x_extension { use getattr };
')
########################################
## <summary>
## Allow an X client to use the screensaver X extension
## </summary>
## <param name="domain">
## <summary>
## Domain allowed use an X extension.
## </summary>
## </param>
#
interface(`xserver_use_screensaver_xextension',`
gen_require(`
class x_extension { use getattr };
type screensaver_xext_t;
')
xclient_use_xextension($1, screensaver)
')
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
