3f0681fb0b
xselinux: Stub out selection protocol requests.
2008-02-26 23:14:29 -05:00
4632ea2258
xselinux: Rip out the selection code in advance of polyinstantiation support.
...
This resolves an issue where BadWindow errors were being thrown.
2008-02-26 22:00:52 -05:00
e99aadbc26
xselinux: Add use to permission map for devices.
2008-02-13 20:20:49 -05:00
31934132a4
xselinux: Use the device name in debugging output.
2008-02-07 16:32:06 -05:00
6dcb7d732b
xselinux: Split devPrivate state into subject and object records.
2008-02-07 16:00:52 -05:00
2259b144f0
xselinux: Add getattr and setattr to the permission map for properties.
2008-02-07 14:35:02 -05:00
5c30327275
XACE: Push the dix "structure" includes down to the security modules.
2008-02-05 21:06:05 -05:00
bb1a577a68
XACE: Move the property access hook to its own function.
2008-02-05 20:07:08 -05:00
46794d0c96
xselinux: Rename SelectionManager to more generic SecurityManager.
2008-01-24 19:49:13 -05:00
6ffeecabb7
xselinux: Use a privileged bit in the state instead of passing an index
...
to the permission checking function.
2008-01-24 18:11:49 -05:00
7ba8e97cba
xselinux: Implement "get context" protocol requests.
2008-01-24 19:09:58 -05:00
f0bf9a5231
xselinux: Whitespace fixups.
2008-01-24 19:02:35 -05:00
3b23dd9fd4
xselinux: Fix whitespace warnings.
2007-12-28 13:29:45 -05:00
643c52be32
xselinux: Remove "X" prefix on remaining functions and strings.
...
Should be evident from the context.
2007-12-28 13:27:28 -05:00
f4bc333fc1
xselinux: don't FatalError on an invalid class mapping, just disable support.
2007-12-28 13:27:28 -05:00
f3780ece52
xselinux: Implement swapped protocol request logic.
2007-12-28 13:27:28 -05:00
1393a97ea9
xselinux: Send AVC messages to audit system instead of log file/stderr.
2007-12-20 16:23:49 -05:00
9a7ce57363
xselinux: Add new protocol for setting device create context.
2007-12-12 20:44:59 -05:00
5fea1ed50f
registry: Remove registry code from SELinux extension.
...
Moving all the names into dix/registry.c
2007-11-20 18:39:48 -05:00
f207e69d62
xselinux: adjust receive hook to use new synthetic_event class.
2007-11-14 12:23:29 -05:00
45f884d79c
xselinux: add new synthetic_event security class, and fix registry code.
2007-11-09 15:00:15 -05:00
c7e18beb3c
xselinux: Register SELinux extension protocol names.
2007-11-05 15:02:05 -05:00
3b7af72fe3
xselinux: Add a SetDeviceContext request and stubs for more requests.
2007-10-26 20:32:47 -04:00
7d14ca59c5
xselinux: Don't include the client in the receive hook audit messages.
2007-10-25 19:00:50 -04:00
40de9fcf18
xselinux: Label the default device directly with the process context.
2007-10-25 12:35:01 -04:00
4b05f19cb9
xselinux: Introduce a type transition when labeling events.
2007-10-24 19:59:58 -04:00
0d2ef187e7
xselinux: Add audit message fields for selection and event names.
2007-10-24 18:23:31 -04:00
46521f5298
xselinux: Add basic support for selection access control and redirection.
...
Probably not fully baked yet. It's difficult to test since so few apps
actually follow the ICCCM with respect to cut & paste.
2007-10-23 20:58:48 -04:00
660557593e
xselinux: Remove synthetic bit when looking up event type.
2007-10-23 14:46:37 -04:00
d7db549db4
xselinux: Unregister callbacks on server reset.
2007-10-23 14:08:54 -04:00
ce7f6fe126
xselinux: properly update sizes when dynamic arrays are resized...
2007-10-19 19:40:04 -04:00
55a96aa6b0
xselinux: add basic event labeling.
2007-10-18 14:11:11 -04:00
e974bc1233
xselinux: add hooks for send and receive access.
2007-10-18 12:33:39 -04:00
aa340b2c7c
xselinux: add hook for device acceses.
2007-10-17 19:27:16 -04:00
503f918f55
xselinux: Move functions around; add some more comments.
2007-10-17 19:14:15 -04:00
baabae623b
xselinux: Started reworking extension using new XACE hooks.
2007-10-17 13:54:56 -04:00
50551ec693
xace: remove obsoleted DRAWABLE_ACCESS hook.
2007-09-28 15:04:33 -04:00
5bee8db003
xace: drop background-none checking hook, add new hook for controlling
...
access to other clients.
2007-08-16 10:44:51 -04:00
3c9553ac2c
xace: rename hostlist security hook to "server" as this hook will be used
...
for other types of server access besides just the host list.
2007-08-15 14:14:25 -04:00
2030e9e539
xselinux: use new libselinux support for context labeling.
...
Remove all the config file parsing code and use the new lookup interface
instead.
2007-06-21 15:37:18 -04:00
878cac71aa
xselinux: use new libselinux support for private Flask definitions.
...
Removes indirect dependency on kernel headers.
2007-06-11 14:19:37 -04:00
9cee4ec5e6
xace: change the semantics of the return value of XACE hooks to allow
...
arbitrary X status codes instead of just TRUE/FALSE.
The dix layer in most cases still does not propagate the return value of
XACE hooks back to the client, however. There is more error propagation
work to do.
2007-04-17 16:01:56 -04:00
84a066cc88
xace: pass serverClient as default argument to dixChangeWindowProperty
...
instead of NullClient.
2007-03-23 10:33:53 -04:00
e1cc68add0
xace: drop the name argument from the property callback.
2007-03-22 17:33:16 -04:00
1b766ffc06
dix: reorganize property code to better support xace hook; requires new API for
...
changing a property, dixChangeWindowProperty, taking an additional client argument.
2007-03-22 15:55:35 -04:00
78c962da76
xselinux: use the new ResourceStateCallback instead of the XACE_WINDOW_INIT hook.
2007-03-19 17:04:51 -04:00
6a89106e9c
xselinux + security: remove confusing CALLBACK macro.
2007-03-19 16:51:29 -04:00
18339375cd
xselinux: remove context validation function for now.
2007-03-08 12:14:06 -05:00
2fb8b7f819
Split ObjectSIDByLabel into two functions since property labeling now
...
involves an additional compute_create lookup.
2007-01-19 19:14:51 -05:00
700fccf863
Remove the root window context line from the configuration file.
...
This context will be derived through a type_transition rule instead.
2007-01-19 14:56:38 -05:00
Eamon Walsh