Eamon Walsh
|
9f56fc5806
|
XSELinux: Add a request to get a client's context from a resource ID.
|
2008-03-31 17:35:10 -04:00 |
|
|
Eamon Walsh
|
b5f98fcea2
|
XSELinux: Add xorg.conf option for permissive/enforcing/disabled.
Patch by Joe Nall.
The option goes in the "extmod" subsection.
TODO: Make it easier for extension modules to handle their own options.
|
2008-03-28 14:14:23 -04:00 |
|
|
Eamon Walsh
|
3bbd77ff98
|
XSELinux: Do a check for whether background "None" is allowed.
|
2008-03-20 20:03:02 -04:00 |
|
|
Eamon Walsh
|
e323bb426c
|
XSELinux: Correctly handle some permission bits that are used more than once.
|
2008-03-20 19:42:09 -04:00 |
|
|
Eamon Walsh
|
d4101140f4
|
xselinux: Implement polyinstantiation support and related protocol.
|
2008-03-04 22:39:41 -05:00 |
|
|
Eamon Walsh
|
cc76ea6e3a
|
XACE: Add generic support for property and selection polyinstantiation.
|
2008-02-29 18:01:37 -05:00 |
|
|
Eamon Walsh
|
34bf308a9e
|
dix: Refactoring of selection code to allow for polyinstantiation.
Introduces dixLookupSelection() API.
Removes NumCurrentSelections from API.
|
2008-02-29 18:01:37 -05:00 |
|
|
Eamon Walsh
|
d04ea267a4
|
xselinux: Don't require device "read" permission for XQueryPointer.
These keyboard and pointer state polling calls are a real problem.
|
2008-02-28 21:53:16 -05:00 |
|
|
Eamon Walsh
|
3fb17a3e64
|
xselinux: Log messages to both libaudit and Xorg.0.log.
|
2008-02-28 21:52:57 -05:00 |
|
|
Eamon Walsh
|
f616735f17
|
xselinux: Prefix a few remaining error messages with "SELinux".
|
2008-02-27 22:48:29 -05:00 |
|
|
Eamon Walsh
|
e40cc5305b
|
xselinux: Don't throw BadAccess if DixUnknownAccess is passed in to a hook.
The avc will still appear, however, so that the callsite can be fixed.
|
2008-02-27 22:48:28 -05:00 |
|
|
Eamon Walsh
|
3f0681fb0b
|
xselinux: Stub out selection protocol requests.
|
2008-02-26 23:14:29 -05:00 |
|
|
Eamon Walsh
|
4632ea2258
|
xselinux: Rip out the selection code in advance of polyinstantiation support.
This resolves an issue where BadWindow errors were being thrown.
|
2008-02-26 22:00:52 -05:00 |
|
|
Eamon Walsh
|
e99aadbc26
|
xselinux: Add use to permission map for devices.
|
2008-02-13 20:20:49 -05:00 |
|
|
Eamon Walsh
|
31934132a4
|
xselinux: Use the device name in debugging output.
|
2008-02-07 16:32:06 -05:00 |
|
|
Eamon Walsh
|
6dcb7d732b
|
xselinux: Split devPrivate state into subject and object records.
|
2008-02-07 16:00:52 -05:00 |
|
|
Eamon Walsh
|
2259b144f0
|
xselinux: Add getattr and setattr to the permission map for properties.
|
2008-02-07 14:35:02 -05:00 |
|
|
Eamon Walsh
|
5c30327275
|
XACE: Push the dix "structure" includes down to the security modules.
|
2008-02-05 21:06:05 -05:00 |
|
|
Eamon Walsh
|
bb1a577a68
|
XACE: Move the property access hook to its own function.
|
2008-02-05 20:07:08 -05:00 |
|
|
Eamon Walsh
|
46794d0c96
|
xselinux: Rename SelectionManager to more generic SecurityManager.
|
2008-01-24 19:49:13 -05:00 |
|
|
Eamon Walsh
|
6ffeecabb7
|
xselinux: Use a privileged bit in the state instead of passing an index
to the permission checking function.
|
2008-01-24 18:11:49 -05:00 |
|
|
Eamon Walsh
|
7ba8e97cba
|
xselinux: Implement "get context" protocol requests.
|
2008-01-24 19:09:58 -05:00 |
|
|
Eamon Walsh
|
f0bf9a5231
|
xselinux: Whitespace fixups.
|
2008-01-24 19:02:35 -05:00 |
|
|
Eamon Walsh
|
3b23dd9fd4
|
xselinux: Fix whitespace warnings.
|
2007-12-28 13:29:45 -05:00 |
|
|
Eamon Walsh
|
643c52be32
|
xselinux: Remove "X" prefix on remaining functions and strings.
Should be evident from the context.
|
2007-12-28 13:27:28 -05:00 |
|
|
Eamon Walsh
|
f4bc333fc1
|
xselinux: don't FatalError on an invalid class mapping, just disable support.
|
2007-12-28 13:27:28 -05:00 |
|
|
Eamon Walsh
|
f3780ece52
|
xselinux: Implement swapped protocol request logic.
|
2007-12-28 13:27:28 -05:00 |
|
|
Eamon Walsh
|
1393a97ea9
|
xselinux: Send AVC messages to audit system instead of log file/stderr.
|
2007-12-20 16:23:49 -05:00 |
|
|
Eamon Walsh
|
9a7ce57363
|
xselinux: Add new protocol for setting device create context.
|
2007-12-12 20:44:59 -05:00 |
|
|
Eamon Walsh
|
5fea1ed50f
|
registry: Remove registry code from SELinux extension.
Moving all the names into dix/registry.c
|
2007-11-20 18:39:48 -05:00 |
|
|
Eamon Walsh
|
f207e69d62
|
xselinux: adjust receive hook to use new synthetic_event class.
|
2007-11-14 12:23:29 -05:00 |
|
|
Eamon Walsh
|
45f884d79c
|
xselinux: add new synthetic_event security class, and fix registry code.
|
2007-11-09 15:00:15 -05:00 |
|
|
Eamon Walsh
|
c7e18beb3c
|
xselinux: Register SELinux extension protocol names.
|
2007-11-05 15:02:05 -05:00 |
|
|
Eamon Walsh
|
3b7af72fe3
|
xselinux: Add a SetDeviceContext request and stubs for more requests.
|
2007-10-26 20:32:47 -04:00 |
|
|
Eamon Walsh
|
7d14ca59c5
|
xselinux: Don't include the client in the receive hook audit messages.
|
2007-10-25 19:00:50 -04:00 |
|
|
Eamon Walsh
|
40de9fcf18
|
xselinux: Label the default device directly with the process context.
|
2007-10-25 12:35:01 -04:00 |
|
|
Eamon Walsh
|
4b05f19cb9
|
xselinux: Introduce a type transition when labeling events.
|
2007-10-24 19:59:58 -04:00 |
|
|
Eamon Walsh
|
0d2ef187e7
|
xselinux: Add audit message fields for selection and event names.
|
2007-10-24 18:23:31 -04:00 |
|
|
Eamon Walsh
|
46521f5298
|
xselinux: Add basic support for selection access control and redirection.
Probably not fully baked yet. It's difficult to test since so few apps
actually follow the ICCCM with respect to cut & paste.
|
2007-10-23 20:58:48 -04:00 |
|
|
Eamon Walsh
|
660557593e
|
xselinux: Remove synthetic bit when looking up event type.
|
2007-10-23 14:46:37 -04:00 |
|
|
Eamon Walsh
|
d7db549db4
|
xselinux: Unregister callbacks on server reset.
|
2007-10-23 14:08:54 -04:00 |
|
|
Eamon Walsh
|
ce7f6fe126
|
xselinux: properly update sizes when dynamic arrays are resized...
|
2007-10-19 19:40:04 -04:00 |
|
|
Eamon Walsh
|
55a96aa6b0
|
xselinux: add basic event labeling.
|
2007-10-18 14:11:11 -04:00 |
|
|
Eamon Walsh
|
e974bc1233
|
xselinux: add hooks for send and receive access.
|
2007-10-18 12:33:39 -04:00 |
|
|
Eamon Walsh
|
aa340b2c7c
|
xselinux: add hook for device acceses.
|
2007-10-17 19:27:16 -04:00 |
|
|
Eamon Walsh
|
503f918f55
|
xselinux: Move functions around; add some more comments.
|
2007-10-17 19:14:15 -04:00 |
|
|
Eamon Walsh
|
baabae623b
|
xselinux: Started reworking extension using new XACE hooks.
|
2007-10-17 13:54:56 -04:00 |
|
|
Eamon Walsh
|
50551ec693
|
xace: remove obsoleted DRAWABLE_ACCESS hook.
|
2007-09-28 15:04:33 -04:00 |
|
|
Eamon Walsh
|
5bee8db003
|
xace: drop background-none checking hook, add new hook for controlling
access to other clients.
|
2007-08-16 10:44:51 -04:00 |
|
|
Eamon Walsh
|
3c9553ac2c
|
xace: rename hostlist security hook to "server" as this hook will be used
for other types of server access besides just the host list.
|
2007-08-15 14:14:25 -04:00 |
|