Eamon Walsh
1393a97ea9
xselinux: Send AVC messages to audit system instead of log file/stderr.
2007-12-20 16:23:49 -05:00
Eamon Walsh
9a7ce57363
xselinux: Add new protocol for setting device create context.
2007-12-12 20:44:59 -05:00
Eamon Walsh
5fea1ed50f
registry: Remove registry code from SELinux extension.
...
Moving all the names into dix/registry.c
2007-11-20 18:39:48 -05:00
Eamon Walsh
f207e69d62
xselinux: adjust receive hook to use new synthetic_event class.
2007-11-14 12:23:29 -05:00
Eamon Walsh
45f884d79c
xselinux: add new synthetic_event security class, and fix registry code.
2007-11-09 15:00:15 -05:00
Eamon Walsh
c7e18beb3c
xselinux: Register SELinux extension protocol names.
2007-11-05 15:02:05 -05:00
Eamon Walsh
3b7af72fe3
xselinux: Add a SetDeviceContext request and stubs for more requests.
2007-10-26 20:32:47 -04:00
Eamon Walsh
7d14ca59c5
xselinux: Don't include the client in the receive hook audit messages.
2007-10-25 19:00:50 -04:00
Eamon Walsh
40de9fcf18
xselinux: Label the default device directly with the process context.
2007-10-25 12:35:01 -04:00
Eamon Walsh
4b05f19cb9
xselinux: Introduce a type transition when labeling events.
2007-10-24 19:59:58 -04:00
Eamon Walsh
0d2ef187e7
xselinux: Add audit message fields for selection and event names.
2007-10-24 18:23:31 -04:00
Eamon Walsh
46521f5298
xselinux: Add basic support for selection access control and redirection.
...
Probably not fully baked yet. It's difficult to test since so few apps
actually follow the ICCCM with respect to cut & paste.
2007-10-23 20:58:48 -04:00
Eamon Walsh
660557593e
xselinux: Remove synthetic bit when looking up event type.
2007-10-23 14:46:37 -04:00
Eamon Walsh
d7db549db4
xselinux: Unregister callbacks on server reset.
2007-10-23 14:08:54 -04:00
Eamon Walsh
ce7f6fe126
xselinux: properly update sizes when dynamic arrays are resized...
2007-10-19 19:40:04 -04:00
Eamon Walsh
55a96aa6b0
xselinux: add basic event labeling.
2007-10-18 14:11:11 -04:00
Eamon Walsh
e974bc1233
xselinux: add hooks for send and receive access.
2007-10-18 12:33:39 -04:00
Eamon Walsh
aa340b2c7c
xselinux: add hook for device acceses.
2007-10-17 19:27:16 -04:00
Eamon Walsh
503f918f55
xselinux: Move functions around; add some more comments.
2007-10-17 19:14:15 -04:00
Eamon Walsh
baabae623b
xselinux: Started reworking extension using new XACE hooks.
2007-10-17 13:54:56 -04:00
Eamon Walsh
50551ec693
xace: remove obsoleted DRAWABLE_ACCESS hook.
2007-09-28 15:04:33 -04:00
Eamon Walsh
5bee8db003
xace: drop background-none checking hook, add new hook for controlling
...
access to other clients.
2007-08-16 10:44:51 -04:00
Eamon Walsh
3c9553ac2c
xace: rename hostlist security hook to "server" as this hook will be used
...
for other types of server access besides just the host list.
2007-08-15 14:14:25 -04:00
Eamon Walsh
2030e9e539
xselinux: use new libselinux support for context labeling.
...
Remove all the config file parsing code and use the new lookup interface
instead.
2007-06-21 15:37:18 -04:00
Eamon Walsh
878cac71aa
xselinux: use new libselinux support for private Flask definitions.
...
Removes indirect dependency on kernel headers.
2007-06-11 14:19:37 -04:00
Eamon Walsh
9cee4ec5e6
xace: change the semantics of the return value of XACE hooks to allow
...
arbitrary X status codes instead of just TRUE/FALSE.
The dix layer in most cases still does not propagate the return value of
XACE hooks back to the client, however. There is more error propagation
work to do.
2007-04-17 16:01:56 -04:00
Eamon Walsh
84a066cc88
xace: pass serverClient as default argument to dixChangeWindowProperty
...
instead of NullClient.
2007-03-23 10:33:53 -04:00
Eamon Walsh
e1cc68add0
xace: drop the name argument from the property callback.
2007-03-22 17:33:16 -04:00
Eamon Walsh
1b766ffc06
dix: reorganize property code to better support xace hook; requires new API for
...
changing a property, dixChangeWindowProperty, taking an additional client argument.
2007-03-22 15:55:35 -04:00
Eamon Walsh
78c962da76
xselinux: use the new ResourceStateCallback instead of the XACE_WINDOW_INIT hook.
2007-03-19 17:04:51 -04:00
Eamon Walsh
6a89106e9c
xselinux + security: remove confusing CALLBACK macro.
2007-03-19 16:51:29 -04:00
Eamon Walsh
18339375cd
xselinux: remove context validation function for now.
2007-03-08 12:14:06 -05:00
Eamon Walsh
2fb8b7f819
Split ObjectSIDByLabel into two functions since property labeling now
...
involves an additional compute_create lookup.
2007-01-19 19:14:51 -05:00
Eamon Walsh
700fccf863
Remove the root window context line from the configuration file.
...
This context will be derived through a type_transition rule instead.
2007-01-19 14:56:38 -05:00
Eamon Walsh
cd71e86183
Naming change: Security*Access -> Dix*Access.
...
Clarify some error message strings.
2006-12-20 13:45:24 -05:00
Eamon Walsh
fb6d676de5
Add xserver object class to list of object classes.
2006-12-12 16:17:51 -05:00
Eamon Walsh
568c09481e
Split AssignClientState() into two routines, new routine is server-specific.
2006-12-12 15:59:08 -05:00
Eamon Walsh
e124806994
Remove trailing whitespace (whitespace police).
2006-12-12 13:35:22 -05:00
Eamon Walsh
ca77c12107
Naming change: Security*Operation -> Xace*Operation
2006-12-12 13:27:03 -05:00
Eamon Walsh
354c80da66
Improve error handling, messages during initialization.
2006-12-12 13:27:03 -05:00
Eamon Walsh
3714d91499
Experimental window property holding security context.
2006-12-12 13:27:03 -05:00
Eamon Walsh
83aad2be8a
Add SELinux extension source files.
2006-12-12 13:27:02 -05:00