xselinux: use new libselinux support for private Flask definitions.

Removes indirect dependency on kernel headers.
This commit is contained in:
Eamon Walsh 2007-06-11 14:19:37 -04:00 committed by Eamon Walsh
parent 793470a835
commit 878cac71aa
2 changed files with 133 additions and 2 deletions

View File

@ -22,8 +22,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
* All rights reserved.
*/
#include <selinux/flask.h>
#include <selinux/av_permissions.h>
#include <selinux/selinux.h>
#include <selinux/context.h>
#include <selinux/avc.h>
@ -96,6 +94,42 @@ static char *XSELinuxNonlocalContextDefault = NULL;
extern Selection *CurrentSelections;
extern int NumCurrentSelections;
/* Dynamically allocated security classes and permissions */
static struct security_class_mapping map[] = {
{ "drawable",
{ "create", "destroy", "draw", "copy", "getattr", NULL }},
{ "window",
{ "addchild", "create", "destroy", "map", "unmap", "chstack",
"chproplist", "chprop", "listprop", "getattr", "setattr", "setfocus",
"move", "chselection", "chparent", "ctrllife", "enumerate",
"transparent", "mousemotion", "clientcomevent", "inputevent",
"drawevent", "windowchangeevent", "windowchangerequest",
"serverchangeevent", "extensionevent", NULL }},
{ "gc",
{ "create", "free", "getattr", "setattr", NULL }},
{ "font",
{ "load", "free", "getattr", "use", NULL }},
{ "colormap",
{ "create", "free", "install", "uninstall", "list", "read", "store",
"getattr", "setattr", NULL }},
{ "property",
{ "create", "free", "read", "write", NULL }},
{ "cursor",
{ "create", "createglyph", "free", "assign", "setattr", NULL }},
{ "xclient",
{ "kill", NULL }},
{ "xinput",
{ "lookup", "getattr", "setattr", "setfocus", "warppointer",
"activegrab", "passivegrab", "ungrab", "bell", "mousemotion",
"relabelinput", NULL }},
{ "xserver",
{ "screensaver", "gethostlist", "sethostlist", "getfontpath",
"setfontpath", "getattr", "grab", "ungrab", NULL }},
{ "xextension",
{ "query", "use", NULL }},
{ NULL }
};
/*
* list of classes corresponding to SIDs in the
* rsid array of the security state structure (below).
@ -1851,6 +1885,10 @@ XSELinuxExtensionInit(INITARGS)
return;
}
if (selinux_set_mapping(map) < 0) {
FatalError("XSELinux: Failed to set up security class mapping\n");
}
if (avc_init("xserver", NULL, &alc, NULL, NULL) < 0)
{
FatalError("XSELinux: Couldn't initialize SELinux userspace AVC\n");

View File

@ -20,10 +20,103 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#ifndef _XSELINUX_H
#define _XSELINUX_H
/* Extension info */
#define XSELINUX_EXTENSION_NAME "SELinux"
#define XSELINUX_MAJOR_VERSION 1
#define XSELINUX_MINOR_VERSION 0
#define XSELinuxNumberEvents 0
#define XSELinuxNumberErrors 0
/* Private Flask definitions */
#define SECCLASS_DRAWABLE 1
#define DRAWABLE__CREATE 0x00000001UL
#define DRAWABLE__DESTROY 0x00000002UL
#define DRAWABLE__DRAW 0x00000004UL
#define DRAWABLE__COPY 0x00000008UL
#define DRAWABLE__GETATTR 0x00000010UL
#define SECCLASS_WINDOW 2
#define WINDOW__ADDCHILD 0x00000001UL
#define WINDOW__CREATE 0x00000002UL
#define WINDOW__DESTROY 0x00000004UL
#define WINDOW__MAP 0x00000008UL
#define WINDOW__UNMAP 0x00000010UL
#define WINDOW__CHSTACK 0x00000020UL
#define WINDOW__CHPROPLIST 0x00000040UL
#define WINDOW__CHPROP 0x00000080UL
#define WINDOW__LISTPROP 0x00000100UL
#define WINDOW__GETATTR 0x00000200UL
#define WINDOW__SETATTR 0x00000400UL
#define WINDOW__SETFOCUS 0x00000800UL
#define WINDOW__MOVE 0x00001000UL
#define WINDOW__CHSELECTION 0x00002000UL
#define WINDOW__CHPARENT 0x00004000UL
#define WINDOW__CTRLLIFE 0x00008000UL
#define WINDOW__ENUMERATE 0x00010000UL
#define WINDOW__TRANSPARENT 0x00020000UL
#define WINDOW__MOUSEMOTION 0x00040000UL
#define WINDOW__CLIENTCOMEVENT 0x00080000UL
#define WINDOW__INPUTEVENT 0x00100000UL
#define WINDOW__DRAWEVENT 0x00200000UL
#define WINDOW__WINDOWCHANGEEVENT 0x00400000UL
#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL
#define WINDOW__SERVERCHANGEEVENT 0x01000000UL
#define WINDOW__EXTENSIONEVENT 0x02000000UL
#define SECCLASS_GC 3
#define GC__CREATE 0x00000001UL
#define GC__FREE 0x00000002UL
#define GC__GETATTR 0x00000004UL
#define GC__SETATTR 0x00000008UL
#define SECCLASS_FONT 4
#define FONT__LOAD 0x00000001UL
#define FONT__FREE 0x00000002UL
#define FONT__GETATTR 0x00000004UL
#define FONT__USE 0x00000008UL
#define SECCLASS_COLORMAP 5
#define COLORMAP__CREATE 0x00000001UL
#define COLORMAP__FREE 0x00000002UL
#define COLORMAP__INSTALL 0x00000004UL
#define COLORMAP__UNINSTALL 0x00000008UL
#define COLORMAP__LIST 0x00000010UL
#define COLORMAP__READ 0x00000020UL
#define COLORMAP__STORE 0x00000040UL
#define COLORMAP__GETATTR 0x00000080UL
#define COLORMAP__SETATTR 0x00000100UL
#define SECCLASS_PROPERTY 6
#define PROPERTY__CREATE 0x00000001UL
#define PROPERTY__FREE 0x00000002UL
#define PROPERTY__READ 0x00000004UL
#define PROPERTY__WRITE 0x00000008UL
#define SECCLASS_CURSOR 7
#define CURSOR__CREATE 0x00000001UL
#define CURSOR__CREATEGLYPH 0x00000002UL
#define CURSOR__FREE 0x00000004UL
#define CURSOR__ASSIGN 0x00000008UL
#define CURSOR__SETATTR 0x00000010UL
#define SECCLASS_XCLIENT 8
#define XCLIENT__KILL 0x00000001UL
#define SECCLASS_XINPUT 9
#define XINPUT__LOOKUP 0x00000001UL
#define XINPUT__GETATTR 0x00000002UL
#define XINPUT__SETATTR 0x00000004UL
#define XINPUT__SETFOCUS 0x00000008UL
#define XINPUT__WARPPOINTER 0x00000010UL
#define XINPUT__ACTIVEGRAB 0x00000020UL
#define XINPUT__PASSIVEGRAB 0x00000040UL
#define XINPUT__UNGRAB 0x00000080UL
#define XINPUT__BELL 0x00000100UL
#define XINPUT__MOUSEMOTION 0x00000200UL
#define XINPUT__RELABELINPUT 0x00000400UL
#define SECCLASS_XSERVER 10
#define XSERVER__SCREENSAVER 0x00000001UL
#define XSERVER__GETHOSTLIST 0x00000002UL
#define XSERVER__SETHOSTLIST 0x00000004UL
#define XSERVER__GETFONTPATH 0x00000008UL
#define XSERVER__SETFONTPATH 0x00000010UL
#define XSERVER__GETATTR 0x00000020UL
#define XSERVER__GRAB 0x00000040UL
#define XSERVER__UNGRAB 0x00000080UL
#define SECCLASS_XEXTENSION 11
#define XEXTENSION__QUERY 0x00000001UL
#define XEXTENSION__USE 0x00000002UL
#endif /* _XSELINUX_H */