xselinux: use new libselinux support for private Flask definitions.
Removes indirect dependency on kernel headers.
This commit is contained in:
Eamon Walsh
Eamon Walsh
parent
793470a835
commit
878cac71aa
|
|
@ -22,8 +22,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
* All rights reserved.
|
||||
*/
|
||||
|
||||
#include <selinux/flask.h>
|
||||
#include <selinux/av_permissions.h>
|
||||
#include <selinux/selinux.h>
|
||||
#include <selinux/context.h>
|
||||
#include <selinux/avc.h>
|
||||
|
|
@ -96,6 +94,42 @@ static char *XSELinuxNonlocalContextDefault = NULL;
|
|||
extern Selection *CurrentSelections;
|
||||
extern int NumCurrentSelections;
|
||||
|
||||
/* Dynamically allocated security classes and permissions */
|
||||
static struct security_class_mapping map[] = {
|
||||
{ "drawable",
|
||||
{ "create", "destroy", "draw", "copy", "getattr", NULL }},
|
||||
{ "window",
|
||||
{ "addchild", "create", "destroy", "map", "unmap", "chstack",
|
||||
"chproplist", "chprop", "listprop", "getattr", "setattr", "setfocus",
|
||||
"move", "chselection", "chparent", "ctrllife", "enumerate",
|
||||
"transparent", "mousemotion", "clientcomevent", "inputevent",
|
||||
"drawevent", "windowchangeevent", "windowchangerequest",
|
||||
"serverchangeevent", "extensionevent", NULL }},
|
||||
{ "gc",
|
||||
{ "create", "free", "getattr", "setattr", NULL }},
|
||||
{ "font",
|
||||
{ "load", "free", "getattr", "use", NULL }},
|
||||
{ "colormap",
|
||||
{ "create", "free", "install", "uninstall", "list", "read", "store",
|
||||
"getattr", "setattr", NULL }},
|
||||
{ "property",
|
||||
{ "create", "free", "read", "write", NULL }},
|
||||
{ "cursor",
|
||||
{ "create", "createglyph", "free", "assign", "setattr", NULL }},
|
||||
{ "xclient",
|
||||
{ "kill", NULL }},
|
||||
{ "xinput",
|
||||
{ "lookup", "getattr", "setattr", "setfocus", "warppointer",
|
||||
"activegrab", "passivegrab", "ungrab", "bell", "mousemotion",
|
||||
"relabelinput", NULL }},
|
||||
{ "xserver",
|
||||
{ "screensaver", "gethostlist", "sethostlist", "getfontpath",
|
||||
"setfontpath", "getattr", "grab", "ungrab", NULL }},
|
||||
{ "xextension",
|
||||
{ "query", "use", NULL }},
|
||||
{ NULL }
|
||||
};
|
||||
|
||||
/*
|
||||
* list of classes corresponding to SIDs in the
|
||||
* rsid array of the security state structure (below).
|
||||
|
|
@ -1851,6 +1885,10 @@ XSELinuxExtensionInit(INITARGS)
|
|||
return;
|
||||
}
|
||||
|
||||
if (selinux_set_mapping(map) < 0) {
|
||||
FatalError("XSELinux: Failed to set up security class mapping\n");
|
||||
}
|
||||
|
||||
if (avc_init("xserver", NULL, &alc, NULL, NULL) < 0)
|
||||
{
|
||||
FatalError("XSELinux: Couldn't initialize SELinux userspace AVC\n");
|
||||
|
|
|
|||
|
|
@ -20,10 +20,103 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
#ifndef _XSELINUX_H
|
||||
#define _XSELINUX_H
|
||||
|
||||
/* Extension info */
|
||||
#define XSELINUX_EXTENSION_NAME "SELinux"
|
||||
#define XSELINUX_MAJOR_VERSION 1
|
||||
#define XSELINUX_MINOR_VERSION 0
|
||||
#define XSELinuxNumberEvents 0
|
||||
#define XSELinuxNumberErrors 0
|
||||
|
||||
/* Private Flask definitions */
|
||||
#define SECCLASS_DRAWABLE 1
|
||||
#define DRAWABLE__CREATE 0x00000001UL
|
||||
#define DRAWABLE__DESTROY 0x00000002UL
|
||||
#define DRAWABLE__DRAW 0x00000004UL
|
||||
#define DRAWABLE__COPY 0x00000008UL
|
||||
#define DRAWABLE__GETATTR 0x00000010UL
|
||||
#define SECCLASS_WINDOW 2
|
||||
#define WINDOW__ADDCHILD 0x00000001UL
|
||||
#define WINDOW__CREATE 0x00000002UL
|
||||
#define WINDOW__DESTROY 0x00000004UL
|
||||
#define WINDOW__MAP 0x00000008UL
|
||||
#define WINDOW__UNMAP 0x00000010UL
|
||||
#define WINDOW__CHSTACK 0x00000020UL
|
||||
#define WINDOW__CHPROPLIST 0x00000040UL
|
||||
#define WINDOW__CHPROP 0x00000080UL
|
||||
#define WINDOW__LISTPROP 0x00000100UL
|
||||
#define WINDOW__GETATTR 0x00000200UL
|
||||
#define WINDOW__SETATTR 0x00000400UL
|
||||
#define WINDOW__SETFOCUS 0x00000800UL
|
||||
#define WINDOW__MOVE 0x00001000UL
|
||||
#define WINDOW__CHSELECTION 0x00002000UL
|
||||
#define WINDOW__CHPARENT 0x00004000UL
|
||||
#define WINDOW__CTRLLIFE 0x00008000UL
|
||||
#define WINDOW__ENUMERATE 0x00010000UL
|
||||
#define WINDOW__TRANSPARENT 0x00020000UL
|
||||
#define WINDOW__MOUSEMOTION 0x00040000UL
|
||||
#define WINDOW__CLIENTCOMEVENT 0x00080000UL
|
||||
#define WINDOW__INPUTEVENT 0x00100000UL
|
||||
#define WINDOW__DRAWEVENT 0x00200000UL
|
||||
#define WINDOW__WINDOWCHANGEEVENT 0x00400000UL
|
||||
#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL
|
||||
#define WINDOW__SERVERCHANGEEVENT 0x01000000UL
|
||||
#define WINDOW__EXTENSIONEVENT 0x02000000UL
|
||||
#define SECCLASS_GC 3
|
||||
#define GC__CREATE 0x00000001UL
|
||||
#define GC__FREE 0x00000002UL
|
||||
#define GC__GETATTR 0x00000004UL
|
||||
#define GC__SETATTR 0x00000008UL
|
||||
#define SECCLASS_FONT 4
|
||||
#define FONT__LOAD 0x00000001UL
|
||||
#define FONT__FREE 0x00000002UL
|
||||
#define FONT__GETATTR 0x00000004UL
|
||||
#define FONT__USE 0x00000008UL
|
||||
#define SECCLASS_COLORMAP 5
|
||||
#define COLORMAP__CREATE 0x00000001UL
|
||||
#define COLORMAP__FREE 0x00000002UL
|
||||
#define COLORMAP__INSTALL 0x00000004UL
|
||||
#define COLORMAP__UNINSTALL 0x00000008UL
|
||||
#define COLORMAP__LIST 0x00000010UL
|
||||
#define COLORMAP__READ 0x00000020UL
|
||||
#define COLORMAP__STORE 0x00000040UL
|
||||
#define COLORMAP__GETATTR 0x00000080UL
|
||||
#define COLORMAP__SETATTR 0x00000100UL
|
||||
#define SECCLASS_PROPERTY 6
|
||||
#define PROPERTY__CREATE 0x00000001UL
|
||||
#define PROPERTY__FREE 0x00000002UL
|
||||
#define PROPERTY__READ 0x00000004UL
|
||||
#define PROPERTY__WRITE 0x00000008UL
|
||||
#define SECCLASS_CURSOR 7
|
||||
#define CURSOR__CREATE 0x00000001UL
|
||||
#define CURSOR__CREATEGLYPH 0x00000002UL
|
||||
#define CURSOR__FREE 0x00000004UL
|
||||
#define CURSOR__ASSIGN 0x00000008UL
|
||||
#define CURSOR__SETATTR 0x00000010UL
|
||||
#define SECCLASS_XCLIENT 8
|
||||
#define XCLIENT__KILL 0x00000001UL
|
||||
#define SECCLASS_XINPUT 9
|
||||
#define XINPUT__LOOKUP 0x00000001UL
|
||||
#define XINPUT__GETATTR 0x00000002UL
|
||||
#define XINPUT__SETATTR 0x00000004UL
|
||||
#define XINPUT__SETFOCUS 0x00000008UL
|
||||
#define XINPUT__WARPPOINTER 0x00000010UL
|
||||
#define XINPUT__ACTIVEGRAB 0x00000020UL
|
||||
#define XINPUT__PASSIVEGRAB 0x00000040UL
|
||||
#define XINPUT__UNGRAB 0x00000080UL
|
||||
#define XINPUT__BELL 0x00000100UL
|
||||
#define XINPUT__MOUSEMOTION 0x00000200UL
|
||||
#define XINPUT__RELABELINPUT 0x00000400UL
|
||||
#define SECCLASS_XSERVER 10
|
||||
#define XSERVER__SCREENSAVER 0x00000001UL
|
||||
#define XSERVER__GETHOSTLIST 0x00000002UL
|
||||
#define XSERVER__SETHOSTLIST 0x00000004UL
|
||||
#define XSERVER__GETFONTPATH 0x00000008UL
|
||||
#define XSERVER__SETFONTPATH 0x00000010UL
|
||||
#define XSERVER__GETATTR 0x00000020UL
|
||||
#define XSERVER__GRAB 0x00000040UL
|
||||
#define XSERVER__UNGRAB 0x00000080UL
|
||||
#define SECCLASS_XEXTENSION 11
|
||||
#define XEXTENSION__QUERY 0x00000001UL
|
||||
#define XEXTENSION__USE 0x00000002UL
|
||||
|
||||
#endif /* _XSELINUX_H */
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user