Eamon Walsh
ef0780b738
Attempt getpeercon() on remote sockets as well as local ones.
...
(cherry picked from commit 60ad8d5d05
)
2008-08-28 23:50:20 -04:00
Eamon Walsh
ad10515b6c
SELinux: Add an extension alias under the OS-agnostic "Flask" name.
...
(cherry picked from commit 79dd600942
)
2008-06-17 19:12:43 -04:00
Eamon Walsh
bde2890148
XSELinux: Add a request to get a client's context from a resource ID.
...
(cherry picked from commit 9f56fc5806
)
2008-03-31 19:22:53 -04:00
Eamon Walsh
c26bccf417
XSELinux: Add xorg.conf option for permissive/enforcing/disabled.
...
Patch by Joe Nall.
The option goes in the "extmod" subsection.
TODO: Make it easier for extension modules to handle their own options.
(cherry picked from commit b5f98fcea2
)
2008-03-28 14:24:06 -04:00
Eamon Walsh
98249dfa98
XSELinux: Do a check for whether background "None" is allowed.
...
(cherry picked from commit 3bbd77ff98
)
2008-03-20 21:34:42 -04:00
Eamon Walsh
d08bb7040c
XSELinux: Correctly handle some permission bits that are used more than once.
...
(cherry picked from commit e323bb426c
)
2008-03-20 21:34:31 -04:00
Eamon Walsh
9de621afee
xselinux: Implement polyinstantiation support and related protocol.
...
(cherry picked from commit d4101140f4
)
2008-03-04 22:42:53 -05:00
Eamon Walsh
cc76ea6e3a
XACE: Add generic support for property and selection polyinstantiation.
2008-02-29 18:01:37 -05:00
Eamon Walsh
34bf308a9e
dix: Refactoring of selection code to allow for polyinstantiation.
...
Introduces dixLookupSelection() API.
Removes NumCurrentSelections from API.
2008-02-29 18:01:37 -05:00
Eamon Walsh
d04ea267a4
xselinux: Don't require device "read" permission for XQueryPointer.
...
These keyboard and pointer state polling calls are a real problem.
2008-02-28 21:53:16 -05:00
Eamon Walsh
3fb17a3e64
xselinux: Log messages to both libaudit and Xorg.0.log.
2008-02-28 21:52:57 -05:00
Eamon Walsh
f616735f17
xselinux: Prefix a few remaining error messages with "SELinux".
2008-02-27 22:48:29 -05:00
Eamon Walsh
e40cc5305b
xselinux: Don't throw BadAccess if DixUnknownAccess is passed in to a hook.
...
The avc will still appear, however, so that the callsite can be fixed.
2008-02-27 22:48:28 -05:00
Eamon Walsh
3f0681fb0b
xselinux: Stub out selection protocol requests.
2008-02-26 23:14:29 -05:00
Eamon Walsh
4632ea2258
xselinux: Rip out the selection code in advance of polyinstantiation support.
...
This resolves an issue where BadWindow errors were being thrown.
2008-02-26 22:00:52 -05:00
Eamon Walsh
e99aadbc26
xselinux: Add use to permission map for devices.
2008-02-13 20:20:49 -05:00
Eamon Walsh
31934132a4
xselinux: Use the device name in debugging output.
2008-02-07 16:32:06 -05:00
Eamon Walsh
6dcb7d732b
xselinux: Split devPrivate state into subject and object records.
2008-02-07 16:00:52 -05:00
Eamon Walsh
2259b144f0
xselinux: Add getattr and setattr to the permission map for properties.
2008-02-07 14:35:02 -05:00
Eamon Walsh
5c30327275
XACE: Push the dix "structure" includes down to the security modules.
2008-02-05 21:06:05 -05:00
Eamon Walsh
bb1a577a68
XACE: Move the property access hook to its own function.
2008-02-05 20:07:08 -05:00
Eamon Walsh
46794d0c96
xselinux: Rename SelectionManager to more generic SecurityManager.
2008-01-24 19:49:13 -05:00
Eamon Walsh
6ffeecabb7
xselinux: Use a privileged bit in the state instead of passing an index
...
to the permission checking function.
2008-01-24 18:11:49 -05:00
Eamon Walsh
7ba8e97cba
xselinux: Implement "get context" protocol requests.
2008-01-24 19:09:58 -05:00
Eamon Walsh
f0bf9a5231
xselinux: Whitespace fixups.
2008-01-24 19:02:35 -05:00
Eamon Walsh
3b23dd9fd4
xselinux: Fix whitespace warnings.
2007-12-28 13:29:45 -05:00
Eamon Walsh
643c52be32
xselinux: Remove "X" prefix on remaining functions and strings.
...
Should be evident from the context.
2007-12-28 13:27:28 -05:00
Eamon Walsh
f4bc333fc1
xselinux: don't FatalError on an invalid class mapping, just disable support.
2007-12-28 13:27:28 -05:00
Eamon Walsh
f3780ece52
xselinux: Implement swapped protocol request logic.
2007-12-28 13:27:28 -05:00
Eamon Walsh
1393a97ea9
xselinux: Send AVC messages to audit system instead of log file/stderr.
2007-12-20 16:23:49 -05:00
Eamon Walsh
9a7ce57363
xselinux: Add new protocol for setting device create context.
2007-12-12 20:44:59 -05:00
Eamon Walsh
5fea1ed50f
registry: Remove registry code from SELinux extension.
...
Moving all the names into dix/registry.c
2007-11-20 18:39:48 -05:00
Eamon Walsh
f207e69d62
xselinux: adjust receive hook to use new synthetic_event class.
2007-11-14 12:23:29 -05:00
Eamon Walsh
45f884d79c
xselinux: add new synthetic_event security class, and fix registry code.
2007-11-09 15:00:15 -05:00
Eamon Walsh
c7e18beb3c
xselinux: Register SELinux extension protocol names.
2007-11-05 15:02:05 -05:00
Eamon Walsh
3b7af72fe3
xselinux: Add a SetDeviceContext request and stubs for more requests.
2007-10-26 20:32:47 -04:00
Eamon Walsh
7d14ca59c5
xselinux: Don't include the client in the receive hook audit messages.
2007-10-25 19:00:50 -04:00
Eamon Walsh
40de9fcf18
xselinux: Label the default device directly with the process context.
2007-10-25 12:35:01 -04:00
Eamon Walsh
4b05f19cb9
xselinux: Introduce a type transition when labeling events.
2007-10-24 19:59:58 -04:00
Eamon Walsh
0d2ef187e7
xselinux: Add audit message fields for selection and event names.
2007-10-24 18:23:31 -04:00
Eamon Walsh
46521f5298
xselinux: Add basic support for selection access control and redirection.
...
Probably not fully baked yet. It's difficult to test since so few apps
actually follow the ICCCM with respect to cut & paste.
2007-10-23 20:58:48 -04:00
Eamon Walsh
660557593e
xselinux: Remove synthetic bit when looking up event type.
2007-10-23 14:46:37 -04:00
Eamon Walsh
d7db549db4
xselinux: Unregister callbacks on server reset.
2007-10-23 14:08:54 -04:00
Eamon Walsh
ce7f6fe126
xselinux: properly update sizes when dynamic arrays are resized...
2007-10-19 19:40:04 -04:00
Eamon Walsh
55a96aa6b0
xselinux: add basic event labeling.
2007-10-18 14:11:11 -04:00
Eamon Walsh
e974bc1233
xselinux: add hooks for send and receive access.
2007-10-18 12:33:39 -04:00
Eamon Walsh
aa340b2c7c
xselinux: add hook for device acceses.
2007-10-17 19:27:16 -04:00
Eamon Walsh
503f918f55
xselinux: Move functions around; add some more comments.
2007-10-17 19:14:15 -04:00
Eamon Walsh
baabae623b
xselinux: Started reworking extension using new XACE hooks.
2007-10-17 13:54:56 -04:00
Eamon Walsh
50551ec693
xace: remove obsoleted DRAWABLE_ACCESS hook.
2007-09-28 15:04:33 -04:00