xserver-multidpi/Xext/XSELinuxConfig

#
# Config file for XSELinux extension
#

#
# The nonlocal_context rule defines a context to be used for all clients
# connecting to the server from a remote host.  The nonlocal context must
# be defined, and it must be a valid context according to the SELinux
# security policy.  Only one nonlocal_context rule may be defined.
#
nonlocal_context			system_u:object_r:remote_xclient_t:s0
root_window_context			system_u:object_r:root_window_t:s0

#
# Property rules map a property name to a SELinux type.  The type must
# be valid according to the SELinux security policy.  There can be any
# number of property rules.  Additionally, a default property type can be
# defined for all properties not explicitly listed.  The default
# property type may not be omitted.  The default rule may appear in
# any position (it need not be the last property rule listed).
#
# Properties set by typical clients: WM, _NET_WM, etc.
property WM_NAME			client_property_t
property WM_CLASS			client_property_t
property WM_ICON_NAME			client_property_t
property WM_HINTS			client_property_t
property WM_NORMAL_HINTS		client_property_t
property WM_COMMAND			client_property_t
property WM_CLIENT_MACHINE		client_property_t
property WM_LOCALE_NAME			client_property_t
property WM_CLIENT_LEADER		client_property_t
property WM_STATE			client_property_t
property WM_PROTOCOLS			client_property_t
property WM_WINDOW_ROLE			client_property_t
property WM_TRANSIENT_FOR		client_property_t
property _NET_WM_NAME			client_property_t
property _NET_WM_ICON			client_property_t
property _NET_WM_ICON_NAME		client_property_t
property _NET_WM_PID			client_property_t
property _NET_WM_STATE			client_property_t
property _NET_WM_DESKTOP		client_property_t
property _NET_WM_SYNC_REQUEST_COUNTER	client_property_t
property _NET_WM_WINDOW_TYPE		client_property_t
property _NET_WM_USER_TIME		client_property_t
property _MOTIF_DRAG_RECEIVER_INFO	client_property_t
property XdndAware			client_property_t

# Properties written by xrdb
property RESOURCE_MANAGER		rm_property_t
property SCREEN_RESOURCES		rm_property_t

# Properties written by window managers
property _MIT_PRIORITY_COLORS		wm_property_t

# Properties used for security labeling
property _SELINUX_CLIENT_CONTEXT	seclabel_property_t

# Properties used to communicate screen information
property XFree86_VT			info_property_t
property XFree86_DDC_EDID1_RAWDATA	info_property_t

# Clipboard and selection properties
property CUT_BUFFER0			clipboard_property_t
property CUT_BUFFER1			clipboard_property_t
property CUT_BUFFER2			clipboard_property_t
property CUT_BUFFER3			clipboard_property_t
property CUT_BUFFER4			clipboard_property_t
property CUT_BUFFER5			clipboard_property_t
property CUT_BUFFER6			clipboard_property_t
property CUT_BUFFER7			clipboard_property_t
property _XT_SELECTION_0		clipboard_property_t

# Default fallback type
property default			unknown_property_t

#
# Extension rules map an extension name to a SELinux type.  The type must
# be valid according to the SELinux security policy.  There can be any
# number of extension rules.  Additionally, a default extension type can
# be defined for all extensions not explicitly listed.  The default
# extension type may not be omitted.  The default rule may appear in
# any position (it need not be the last extension rule listed).
#
# Standard extensions
extension BIG-REQUESTS			std_ext_t
extension DOUBLE-BUFFER			std_ext_t
extension Extended-Visual-Information	std_ext_t
extension MIT-SUNDRY-NONSTANDARD	std_ext_t
extension SHAPE				std_ext_t
extension SYNC				std_ext_t
extension XC-MISC			std_ext_t
extension XFIXES			std_ext_t
extension XFree86-Misc			std_ext_t
extension XpExtension                   std_ext_t

# Screen management and multihead extensions
extension RANDR				output_ext_t
extension XINERAMA			std_ext_t

# Input extensions
extension XInputExtension		input_ext_t
extension XKEYBOARD			input_ext_t

# Screensaver, power management extensions
extension DPMS				screensaver_ext_t
extension MIT-SCREEN-SAVER		screensaver_ext_t

# Fonting extensions
extension FontCache			font_ext_t
extension XFree86-Bigfont		font_ext_t

# Shared memory extensions
extension MIT-SHM			shmem_ext_t

# Accelerated graphics, OpenGL, direct rendering extensions
extension DAMAGE			accelgraphics_ext_t
extension GLX				accelgraphics_ext_t
extension NV-CONTROL			accelgraphics_ext_t
extension NV-GLX			accelgraphics_ext_t
extension NVIDIA-GLX			accelgraphics_ext_t
extension RENDER			std_ext_t
extension XFree86-DGA			accelgraphics_ext_t

# Debugging, testing, and recording extensions
extension RECORD			debug_ext_t
extension X-Resource			debug_ext_t
extension XTEST				debug_ext_t

# Extensions just for window managers
extension TOG-CUP			windowmgr_ext_t

# Security-related extensions
extension SECURITY			security_ext_t
extension SELinux			security_ext_t
extension XAccessControlExtension	security_ext_t
extension XC-APPGROUP			security_ext_t

# Video extensions
extension XFree86-VidModeExtension	video_ext_t
extension XVideo			video_ext_t
extension XVideo-MotionCompensation	video_ext_t

# Default fallback type
extension default			unknown_ext_t
Add SELinux extension source files. 2006-09-08 21:11:04 +02:00			`#`
			`# Config file for XSELinux extension`
			`#`

			`#`
			`# The nonlocal_context rule defines a context to be used for all clients`
			`# connecting to the server from a remote host. The nonlocal context must`
			`# be defined, and it must be a valid context according to the SELinux`
			`# security policy. Only one nonlocal_context rule may be defined.`
			`#`
Change MLS levels in config file contexts to more sane defaults. 2006-12-12 21:59:38 +01:00			`nonlocal_context system_u:object_r:remote_xclient_t:s0`
			`root_window_context system_u:object_r:root_window_t:s0`
Add SELinux extension source files. 2006-09-08 21:11:04 +02:00
			`#`
			`# Property rules map a property name to a SELinux type. The type must`
			`# be valid according to the SELinux security policy. There can be any`
			`# number of property rules. Additionally, a default property type can be`
			`# defined for all properties not explicitly listed. The default`
			`# property type may not be omitted. The default rule may appear in`
			`# any position (it need not be the last property rule listed).`
			`#`
Policy updates. 2006-12-22 19:04:50 +01:00			`# Properties set by typical clients: WM, _NET_WM, etc.`
			`property WM_NAME client_property_t`
			`property WM_CLASS client_property_t`
			`property WM_ICON_NAME client_property_t`
			`property WM_HINTS client_property_t`
			`property WM_NORMAL_HINTS client_property_t`
			`property WM_COMMAND client_property_t`
			`property WM_CLIENT_MACHINE client_property_t`
			`property WM_LOCALE_NAME client_property_t`
			`property WM_CLIENT_LEADER client_property_t`
			`property WM_STATE client_property_t`
			`property WM_PROTOCOLS client_property_t`
			`property WM_WINDOW_ROLE client_property_t`
			`property WM_TRANSIENT_FOR client_property_t`
			`property _NET_WM_NAME client_property_t`
			`property _NET_WM_ICON client_property_t`
			`property _NET_WM_ICON_NAME client_property_t`
			`property _NET_WM_PID client_property_t`
			`property _NET_WM_STATE client_property_t`
			`property _NET_WM_DESKTOP client_property_t`
			`property _NET_WM_SYNC_REQUEST_COUNTER client_property_t`
			`property _NET_WM_WINDOW_TYPE client_property_t`
			`property _NET_WM_USER_TIME client_property_t`
			`property _MOTIF_DRAG_RECEIVER_INFO client_property_t`
			`property XdndAware client_property_t`
Add SELinux extension source files. 2006-09-08 21:11:04 +02:00
Policy updates. 2006-12-22 19:04:50 +01:00			`# Properties written by xrdb`
			`property RESOURCE_MANAGER rm_property_t`
			`property SCREEN_RESOURCES rm_property_t`

			`# Properties written by window managers`
			`property _MIT_PRIORITY_COLORS wm_property_t`

			`# Properties used for security labeling`
			`property _SELINUX_CLIENT_CONTEXT seclabel_property_t`

			`# Properties used to communicate screen information`
			`property XFree86_VT info_property_t`
			`property XFree86_DDC_EDID1_RAWDATA info_property_t`

Policy updates. 2007-01-19 20:53:09 +01:00			`# Clipboard and selection properties`
			`property CUT_BUFFER0 clipboard_property_t`
			`property CUT_BUFFER1 clipboard_property_t`
			`property CUT_BUFFER2 clipboard_property_t`
			`property CUT_BUFFER3 clipboard_property_t`
			`property CUT_BUFFER4 clipboard_property_t`
			`property CUT_BUFFER5 clipboard_property_t`
			`property CUT_BUFFER6 clipboard_property_t`
			`property CUT_BUFFER7 clipboard_property_t`
			`property _XT_SELECTION_0 clipboard_property_t`
Add SELinux extension source files. 2006-09-08 21:11:04 +02:00
Policy updates. 2006-12-22 19:04:50 +01:00			`# Default fallback type`
Add SELinux extension source files. 2006-09-08 21:11:04 +02:00			`property default unknown_property_t`

			`#`
			`# Extension rules map an extension name to a SELinux type. The type must`
			`# be valid according to the SELinux security policy. There can be any`
			`# number of extension rules. Additionally, a default extension type can`
			`# be defined for all extensions not explicitly listed. The default`
			`# extension type may not be omitted. The default rule may appear in`
			`# any position (it need not be the last extension rule listed).`
			`#`
Policy updates. 2006-12-22 19:04:50 +01:00			`# Standard extensions`
Add SELinux extension source files. 2006-09-08 21:11:04 +02:00			`extension BIG-REQUESTS std_ext_t`
			`extension DOUBLE-BUFFER std_ext_t`
			`extension Extended-Visual-Information std_ext_t`
Policy updates. 2006-12-22 19:04:50 +01:00			`extension MIT-SUNDRY-NONSTANDARD std_ext_t`
			`extension SHAPE std_ext_t`
			`extension SYNC std_ext_t`
			`extension XC-MISC std_ext_t`
			`extension XFIXES std_ext_t`
			`extension XFree86-Misc std_ext_t`
			`extension XpExtension std_ext_t`

			`# Screen management and multihead extensions`
			`extension RANDR output_ext_t`
			`extension XINERAMA std_ext_t`

			`# Input extensions`
			`extension XInputExtension input_ext_t`
			`extension XKEYBOARD input_ext_t`

			`# Screensaver, power management extensions`
			`extension DPMS screensaver_ext_t`
Add SELinux extension source files. 2006-09-08 21:11:04 +02:00			`extension MIT-SCREEN-SAVER screensaver_ext_t`
Policy updates. 2006-12-22 19:04:50 +01:00
			`# Fonting extensions`
			`extension FontCache font_ext_t`
			`extension XFree86-Bigfont font_ext_t`

			`# Shared memory extensions`
Add SELinux extension source files. 2006-09-08 21:11:04 +02:00			`extension MIT-SHM shmem_ext_t`
Policy updates. 2006-12-22 19:04:50 +01:00
			`# Accelerated graphics, OpenGL, direct rendering extensions`
			`extension DAMAGE accelgraphics_ext_t`
			`extension GLX accelgraphics_ext_t`
Add SELinux extension source files. 2006-09-08 21:11:04 +02:00			`extension NV-CONTROL accelgraphics_ext_t`
			`extension NV-GLX accelgraphics_ext_t`
			`extension NVIDIA-GLX accelgraphics_ext_t`
			`extension RENDER std_ext_t`
Policy updates. 2006-12-22 19:04:50 +01:00			`extension XFree86-DGA accelgraphics_ext_t`

			`# Debugging, testing, and recording extensions`
			`extension RECORD debug_ext_t`
			`extension X-Resource debug_ext_t`
			`extension XTEST debug_ext_t`

			`# Extensions just for window managers`
			`extension TOG-CUP windowmgr_ext_t`

			`# Security-related extensions`
Add SELinux extension source files. 2006-09-08 21:11:04 +02:00			`extension SECURITY security_ext_t`
			`extension SELinux security_ext_t`
			`extension XAccessControlExtension security_ext_t`
			`extension XC-APPGROUP security_ext_t`
Policy updates. 2006-12-22 19:04:50 +01:00
			`# Video extensions`
Add SELinux extension source files. 2006-09-08 21:11:04 +02:00			`extension XFree86-VidModeExtension video_ext_t`
			`extension XVideo video_ext_t`
			`extension XVideo-MotionCompensation video_ext_t`
Policy updates. 2006-12-22 19:04:50 +01:00
			`# Default fallback type`
Add SELinux extension source files. 2006-09-08 21:11:04 +02:00			`extension default unknown_ext_t`