Commit | Line | Data |
---|---|---|
a09e091a JB |
1 | /************************************************************ |
2 | ||
3 | Author: Eamon Walsh <ewalsh@tycho.nsa.gov> | |
4 | ||
5 | Permission to use, copy, modify, distribute, and sell this software and its | |
6 | documentation for any purpose is hereby granted without fee, provided that | |
7 | this permission notice appear in supporting documentation. This permission | |
8 | notice shall be included in all copies or substantial portions of the | |
9 | Software. | |
10 | ||
11 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
12 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
13 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
14 | AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN | |
15 | AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | |
16 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | |
17 | ||
18 | ********************************************************/ | |
19 | ||
20 | #ifndef _XSELINUXINT_H | |
21 | #define _XSELINUXINT_H | |
22 | ||
23 | #include <selinux/selinux.h> | |
24 | #include <selinux/avc.h> | |
25 | ||
26 | #include "globals.h" | |
27 | #include "dixaccess.h" | |
28 | #include "dixstruct.h" | |
29 | #include "privates.h" | |
30 | #include "resource.h" | |
31 | #include "registry.h" | |
32 | #include "inputstr.h" | |
33 | #include "xselinux.h" | |
34 | ||
35 | /* | |
36 | * Types | |
37 | */ | |
38 | ||
39 | #define COMMAND_LEN 64 | |
40 | ||
41 | /* subject state (clients and devices only) */ | |
42 | typedef struct { | |
43 | security_id_t sid; | |
44 | security_id_t dev_create_sid; | |
45 | security_id_t win_create_sid; | |
46 | security_id_t sel_create_sid; | |
47 | security_id_t prp_create_sid; | |
48 | security_id_t sel_use_sid; | |
49 | security_id_t prp_use_sid; | |
50 | struct avc_entry_ref aeref; | |
51 | char command[COMMAND_LEN]; | |
52 | int privileged; | |
53 | } SELinuxSubjectRec; | |
54 | ||
55 | /* object state */ | |
56 | typedef struct { | |
57 | security_id_t sid; | |
58 | int poly; | |
59 | } SELinuxObjectRec; | |
60 | ||
61 | /* | |
62 | * Globals | |
63 | */ | |
64 | ||
65 | extern DevPrivateKeyRec subjectKeyRec; | |
66 | ||
67 | #define subjectKey (&subjectKeyRec) | |
68 | extern DevPrivateKeyRec objectKeyRec; | |
69 | ||
70 | #define objectKey (&objectKeyRec) | |
71 | extern DevPrivateKeyRec dataKeyRec; | |
72 | ||
73 | #define dataKey (&dataKeyRec) | |
74 | ||
75 | /* | |
76 | * Label functions | |
77 | */ | |
78 | ||
79 | int | |
80 | SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec ** obj_rtn); | |
81 | ||
82 | int | |
83 | ||
84 | SELinuxSelectionToSID(Atom selection, SELinuxSubjectRec * subj, | |
85 | security_id_t * sid_rtn, int *poly_rtn); | |
86 | ||
87 | int | |
88 | ||
89 | SELinuxPropertyToSID(Atom property, SELinuxSubjectRec * subj, | |
90 | security_id_t * sid_rtn, int *poly_rtn); | |
91 | ||
92 | int | |
93 | ||
94 | SELinuxEventToSID(unsigned type, security_id_t sid_of_window, | |
95 | SELinuxObjectRec * sid_return); | |
96 | ||
97 | int | |
98 | SELinuxExtensionToSID(const char *name, security_id_t * sid_rtn); | |
99 | ||
100 | security_class_t SELinuxTypeToClass(RESTYPE type); | |
101 | ||
102 | security_context_t SELinuxDefaultClientLabel(void); | |
103 | ||
104 | void | |
105 | SELinuxLabelInit(void); | |
106 | ||
107 | void | |
108 | SELinuxLabelReset(void); | |
109 | ||
110 | /* | |
111 | * Security module functions | |
112 | */ | |
113 | ||
114 | void | |
115 | SELinuxFlaskInit(void); | |
116 | ||
117 | void | |
118 | SELinuxFlaskReset(void); | |
119 | ||
120 | /* | |
121 | * Private Flask definitions | |
122 | */ | |
123 | ||
124 | /* Security class constants */ | |
125 | #define SECCLASS_X_DRAWABLE 1 | |
126 | #define SECCLASS_X_SCREEN 2 | |
127 | #define SECCLASS_X_GC 3 | |
128 | #define SECCLASS_X_FONT 4 | |
129 | #define SECCLASS_X_COLORMAP 5 | |
130 | #define SECCLASS_X_PROPERTY 6 | |
131 | #define SECCLASS_X_SELECTION 7 | |
132 | #define SECCLASS_X_CURSOR 8 | |
133 | #define SECCLASS_X_CLIENT 9 | |
134 | #define SECCLASS_X_POINTER 10 | |
135 | #define SECCLASS_X_KEYBOARD 11 | |
136 | #define SECCLASS_X_SERVER 12 | |
137 | #define SECCLASS_X_EXTENSION 13 | |
138 | #define SECCLASS_X_EVENT 14 | |
139 | #define SECCLASS_X_FAKEEVENT 15 | |
140 | #define SECCLASS_X_RESOURCE 16 | |
141 | ||
142 | #ifdef _XSELINUX_NEED_FLASK_MAP | |
143 | /* Mapping from DixAccess bits to Flask permissions */ | |
144 | static struct security_class_mapping map[] = { | |
145 | {"x_drawable", | |
146 | {"read", /* DixReadAccess */ | |
147 | "write", /* DixWriteAccess */ | |
148 | "destroy", /* DixDestroyAccess */ | |
149 | "create", /* DixCreateAccess */ | |
150 | "getattr", /* DixGetAttrAccess */ | |
151 | "setattr", /* DixSetAttrAccess */ | |
152 | "list_property", /* DixListPropAccess */ | |
153 | "get_property", /* DixGetPropAccess */ | |
154 | "set_property", /* DixSetPropAccess */ | |
155 | "", /* DixGetFocusAccess */ | |
156 | "", /* DixSetFocusAccess */ | |
157 | "list_child", /* DixListAccess */ | |
158 | "add_child", /* DixAddAccess */ | |
159 | "remove_child", /* DixRemoveAccess */ | |
160 | "hide", /* DixHideAccess */ | |
161 | "show", /* DixShowAccess */ | |
162 | "blend", /* DixBlendAccess */ | |
163 | "override", /* DixGrabAccess */ | |
164 | "", /* DixFreezeAccess */ | |
165 | "", /* DixForceAccess */ | |
166 | "", /* DixInstallAccess */ | |
167 | "", /* DixUninstallAccess */ | |
168 | "send", /* DixSendAccess */ | |
169 | "receive", /* DixReceiveAccess */ | |
170 | "", /* DixUseAccess */ | |
171 | "manage", /* DixManageAccess */ | |
172 | NULL}}, | |
173 | {"x_screen", | |
174 | {"", /* DixReadAccess */ | |
175 | "", /* DixWriteAccess */ | |
176 | "", /* DixDestroyAccess */ | |
177 | "", /* DixCreateAccess */ | |
178 | "getattr", /* DixGetAttrAccess */ | |
179 | "setattr", /* DixSetAttrAccess */ | |
180 | "saver_getattr", /* DixListPropAccess */ | |
181 | "saver_setattr", /* DixGetPropAccess */ | |
182 | "", /* DixSetPropAccess */ | |
183 | "", /* DixGetFocusAccess */ | |
184 | "", /* DixSetFocusAccess */ | |
185 | "", /* DixListAccess */ | |
186 | "", /* DixAddAccess */ | |
187 | "", /* DixRemoveAccess */ | |
188 | "hide_cursor", /* DixHideAccess */ | |
189 | "show_cursor", /* DixShowAccess */ | |
190 | "saver_hide", /* DixBlendAccess */ | |
191 | "saver_show", /* DixGrabAccess */ | |
192 | NULL}}, | |
193 | {"x_gc", | |
194 | {"", /* DixReadAccess */ | |
195 | "", /* DixWriteAccess */ | |
196 | "destroy", /* DixDestroyAccess */ | |
197 | "create", /* DixCreateAccess */ | |
198 | "getattr", /* DixGetAttrAccess */ | |
199 | "setattr", /* DixSetAttrAccess */ | |
200 | "", /* DixListPropAccess */ | |
201 | "", /* DixGetPropAccess */ | |
202 | "", /* DixSetPropAccess */ | |
203 | "", /* DixGetFocusAccess */ | |
204 | "", /* DixSetFocusAccess */ | |
205 | "", /* DixListAccess */ | |
206 | "", /* DixAddAccess */ | |
207 | "", /* DixRemoveAccess */ | |
208 | "", /* DixHideAccess */ | |
209 | "", /* DixShowAccess */ | |
210 | "", /* DixBlendAccess */ | |
211 | "", /* DixGrabAccess */ | |
212 | "", /* DixFreezeAccess */ | |
213 | "", /* DixForceAccess */ | |
214 | "", /* DixInstallAccess */ | |
215 | "", /* DixUninstallAccess */ | |
216 | "", /* DixSendAccess */ | |
217 | "", /* DixReceiveAccess */ | |
218 | "use", /* DixUseAccess */ | |
219 | NULL}}, | |
220 | {"x_font", | |
221 | {"", /* DixReadAccess */ | |
222 | "", /* DixWriteAccess */ | |
223 | "destroy", /* DixDestroyAccess */ | |
224 | "create", /* DixCreateAccess */ | |
225 | "getattr", /* DixGetAttrAccess */ | |
226 | "", /* DixSetAttrAccess */ | |
227 | "", /* DixListPropAccess */ | |
228 | "", /* DixGetPropAccess */ | |
229 | "", /* DixSetPropAccess */ | |
230 | "", /* DixGetFocusAccess */ | |
231 | "", /* DixSetFocusAccess */ | |
232 | "", /* DixListAccess */ | |
233 | "add_glyph", /* DixAddAccess */ | |
234 | "remove_glyph", /* DixRemoveAccess */ | |
235 | "", /* DixHideAccess */ | |
236 | "", /* DixShowAccess */ | |
237 | "", /* DixBlendAccess */ | |
238 | "", /* DixGrabAccess */ | |
239 | "", /* DixFreezeAccess */ | |
240 | "", /* DixForceAccess */ | |
241 | "", /* DixInstallAccess */ | |
242 | "", /* DixUninstallAccess */ | |
243 | "", /* DixSendAccess */ | |
244 | "", /* DixReceiveAccess */ | |
245 | "use", /* DixUseAccess */ | |
246 | NULL}}, | |
247 | {"x_colormap", | |
248 | {"read", /* DixReadAccess */ | |
249 | "write", /* DixWriteAccess */ | |
250 | "destroy", /* DixDestroyAccess */ | |
251 | "create", /* DixCreateAccess */ | |
252 | "getattr", /* DixGetAttrAccess */ | |
253 | "", /* DixSetAttrAccess */ | |
254 | "", /* DixListPropAccess */ | |
255 | "", /* DixGetPropAccess */ | |
256 | "", /* DixSetPropAccess */ | |
257 | "", /* DixGetFocusAccess */ | |
258 | "", /* DixSetFocusAccess */ | |
259 | "", /* DixListAccess */ | |
260 | "add_color", /* DixAddAccess */ | |
261 | "remove_color", /* DixRemoveAccess */ | |
262 | "", /* DixHideAccess */ | |
263 | "", /* DixShowAccess */ | |
264 | "", /* DixBlendAccess */ | |
265 | "", /* DixGrabAccess */ | |
266 | "", /* DixFreezeAccess */ | |
267 | "", /* DixForceAccess */ | |
268 | "install", /* DixInstallAccess */ | |
269 | "uninstall", /* DixUninstallAccess */ | |
270 | "", /* DixSendAccess */ | |
271 | "", /* DixReceiveAccess */ | |
272 | "use", /* DixUseAccess */ | |
273 | NULL}}, | |
274 | {"x_property", | |
275 | {"read", /* DixReadAccess */ | |
276 | "write", /* DixWriteAccess */ | |
277 | "destroy", /* DixDestroyAccess */ | |
278 | "create", /* DixCreateAccess */ | |
279 | "getattr", /* DixGetAttrAccess */ | |
280 | "setattr", /* DixSetAttrAccess */ | |
281 | "", /* DixListPropAccess */ | |
282 | "", /* DixGetPropAccess */ | |
283 | "", /* DixSetPropAccess */ | |
284 | "", /* DixGetFocusAccess */ | |
285 | "", /* DixSetFocusAccess */ | |
286 | "", /* DixListAccess */ | |
287 | "", /* DixAddAccess */ | |
288 | "", /* DixRemoveAccess */ | |
289 | "", /* DixHideAccess */ | |
290 | "", /* DixShowAccess */ | |
291 | "write", /* DixBlendAccess */ | |
292 | NULL}}, | |
293 | {"x_selection", | |
294 | {"read", /* DixReadAccess */ | |
295 | "", /* DixWriteAccess */ | |
296 | "", /* DixDestroyAccess */ | |
297 | "setattr", /* DixCreateAccess */ | |
298 | "getattr", /* DixGetAttrAccess */ | |
299 | "setattr", /* DixSetAttrAccess */ | |
300 | NULL}}, | |
301 | {"x_cursor", | |
302 | {"read", /* DixReadAccess */ | |
303 | "write", /* DixWriteAccess */ | |
304 | "destroy", /* DixDestroyAccess */ | |
305 | "create", /* DixCreateAccess */ | |
306 | "getattr", /* DixGetAttrAccess */ | |
307 | "setattr", /* DixSetAttrAccess */ | |
308 | "", /* DixListPropAccess */ | |
309 | "", /* DixGetPropAccess */ | |
310 | "", /* DixSetPropAccess */ | |
311 | "", /* DixGetFocusAccess */ | |
312 | "", /* DixSetFocusAccess */ | |
313 | "", /* DixListAccess */ | |
314 | "", /* DixAddAccess */ | |
315 | "", /* DixRemoveAccess */ | |
316 | "", /* DixHideAccess */ | |
317 | "", /* DixShowAccess */ | |
318 | "", /* DixBlendAccess */ | |
319 | "", /* DixGrabAccess */ | |
320 | "", /* DixFreezeAccess */ | |
321 | "", /* DixForceAccess */ | |
322 | "", /* DixInstallAccess */ | |
323 | "", /* DixUninstallAccess */ | |
324 | "", /* DixSendAccess */ | |
325 | "", /* DixReceiveAccess */ | |
326 | "use", /* DixUseAccess */ | |
327 | NULL}}, | |
328 | {"x_client", | |
329 | {"", /* DixReadAccess */ | |
330 | "", /* DixWriteAccess */ | |
331 | "destroy", /* DixDestroyAccess */ | |
332 | "", /* DixCreateAccess */ | |
333 | "getattr", /* DixGetAttrAccess */ | |
334 | "setattr", /* DixSetAttrAccess */ | |
335 | "", /* DixListPropAccess */ | |
336 | "", /* DixGetPropAccess */ | |
337 | "", /* DixSetPropAccess */ | |
338 | "", /* DixGetFocusAccess */ | |
339 | "", /* DixSetFocusAccess */ | |
340 | "", /* DixListAccess */ | |
341 | "", /* DixAddAccess */ | |
342 | "", /* DixRemoveAccess */ | |
343 | "", /* DixHideAccess */ | |
344 | "", /* DixShowAccess */ | |
345 | "", /* DixBlendAccess */ | |
346 | "", /* DixGrabAccess */ | |
347 | "", /* DixFreezeAccess */ | |
348 | "", /* DixForceAccess */ | |
349 | "", /* DixInstallAccess */ | |
350 | "", /* DixUninstallAccess */ | |
351 | "", /* DixSendAccess */ | |
352 | "", /* DixReceiveAccess */ | |
353 | "", /* DixUseAccess */ | |
354 | "manage", /* DixManageAccess */ | |
355 | NULL}}, | |
356 | {"x_pointer", | |
357 | {"read", /* DixReadAccess */ | |
358 | "write", /* DixWriteAccess */ | |
359 | "destroy", /* DixDestroyAccess */ | |
360 | "create", /* DixCreateAccess */ | |
361 | "getattr", /* DixGetAttrAccess */ | |
362 | "setattr", /* DixSetAttrAccess */ | |
363 | "list_property", /* DixListPropAccess */ | |
364 | "get_property", /* DixGetPropAccess */ | |
365 | "set_property", /* DixSetPropAccess */ | |
366 | "getfocus", /* DixGetFocusAccess */ | |
367 | "setfocus", /* DixSetFocusAccess */ | |
368 | "", /* DixListAccess */ | |
369 | "add", /* DixAddAccess */ | |
370 | "remove", /* DixRemoveAccess */ | |
371 | "", /* DixHideAccess */ | |
372 | "", /* DixShowAccess */ | |
373 | "", /* DixBlendAccess */ | |
374 | "grab", /* DixGrabAccess */ | |
375 | "freeze", /* DixFreezeAccess */ | |
376 | "force_cursor", /* DixForceAccess */ | |
377 | "", /* DixInstallAccess */ | |
378 | "", /* DixUninstallAccess */ | |
379 | "", /* DixSendAccess */ | |
380 | "", /* DixReceiveAccess */ | |
381 | "use", /* DixUseAccess */ | |
382 | "manage", /* DixManageAccess */ | |
383 | "", /* DixDebugAccess */ | |
384 | "bell", /* DixBellAccess */ | |
385 | NULL}}, | |
386 | {"x_keyboard", | |
387 | {"read", /* DixReadAccess */ | |
388 | "write", /* DixWriteAccess */ | |
389 | "destroy", /* DixDestroyAccess */ | |
390 | "create", /* DixCreateAccess */ | |
391 | "getattr", /* DixGetAttrAccess */ | |
392 | "setattr", /* DixSetAttrAccess */ | |
393 | "list_property", /* DixListPropAccess */ | |
394 | "get_property", /* DixGetPropAccess */ | |
395 | "set_property", /* DixSetPropAccess */ | |
396 | "getfocus", /* DixGetFocusAccess */ | |
397 | "setfocus", /* DixSetFocusAccess */ | |
398 | "", /* DixListAccess */ | |
399 | "add", /* DixAddAccess */ | |
400 | "remove", /* DixRemoveAccess */ | |
401 | "", /* DixHideAccess */ | |
402 | "", /* DixShowAccess */ | |
403 | "", /* DixBlendAccess */ | |
404 | "grab", /* DixGrabAccess */ | |
405 | "freeze", /* DixFreezeAccess */ | |
406 | "force_cursor", /* DixForceAccess */ | |
407 | "", /* DixInstallAccess */ | |
408 | "", /* DixUninstallAccess */ | |
409 | "", /* DixSendAccess */ | |
410 | "", /* DixReceiveAccess */ | |
411 | "use", /* DixUseAccess */ | |
412 | "manage", /* DixManageAccess */ | |
413 | "", /* DixDebugAccess */ | |
414 | "bell", /* DixBellAccess */ | |
415 | NULL}}, | |
416 | {"x_server", | |
417 | {"record", /* DixReadAccess */ | |
418 | "", /* DixWriteAccess */ | |
419 | "", /* DixDestroyAccess */ | |
420 | "", /* DixCreateAccess */ | |
421 | "getattr", /* DixGetAttrAccess */ | |
422 | "setattr", /* DixSetAttrAccess */ | |
423 | "", /* DixListPropAccess */ | |
424 | "", /* DixGetPropAccess */ | |
425 | "", /* DixSetPropAccess */ | |
426 | "", /* DixGetFocusAccess */ | |
427 | "", /* DixSetFocusAccess */ | |
428 | "", /* DixListAccess */ | |
429 | "", /* DixAddAccess */ | |
430 | "", /* DixRemoveAccess */ | |
431 | "", /* DixHideAccess */ | |
432 | "", /* DixShowAccess */ | |
433 | "", /* DixBlendAccess */ | |
434 | "grab", /* DixGrabAccess */ | |
435 | "", /* DixFreezeAccess */ | |
436 | "", /* DixForceAccess */ | |
437 | "", /* DixInstallAccess */ | |
438 | "", /* DixUninstallAccess */ | |
439 | "", /* DixSendAccess */ | |
440 | "", /* DixReceiveAccess */ | |
441 | "", /* DixUseAccess */ | |
442 | "manage", /* DixManageAccess */ | |
443 | "debug", /* DixDebugAccess */ | |
444 | NULL}}, | |
445 | {"x_extension", | |
446 | {"", /* DixReadAccess */ | |
447 | "", /* DixWriteAccess */ | |
448 | "", /* DixDestroyAccess */ | |
449 | "", /* DixCreateAccess */ | |
450 | "query", /* DixGetAttrAccess */ | |
451 | "", /* DixSetAttrAccess */ | |
452 | "", /* DixListPropAccess */ | |
453 | "", /* DixGetPropAccess */ | |
454 | "", /* DixSetPropAccess */ | |
455 | "", /* DixGetFocusAccess */ | |
456 | "", /* DixSetFocusAccess */ | |
457 | "", /* DixListAccess */ | |
458 | "", /* DixAddAccess */ | |
459 | "", /* DixRemoveAccess */ | |
460 | "", /* DixHideAccess */ | |
461 | "", /* DixShowAccess */ | |
462 | "", /* DixBlendAccess */ | |
463 | "", /* DixGrabAccess */ | |
464 | "", /* DixFreezeAccess */ | |
465 | "", /* DixForceAccess */ | |
466 | "", /* DixInstallAccess */ | |
467 | "", /* DixUninstallAccess */ | |
468 | "", /* DixSendAccess */ | |
469 | "", /* DixReceiveAccess */ | |
470 | "use", /* DixUseAccess */ | |
471 | NULL}}, | |
472 | {"x_event", | |
473 | {"", /* DixReadAccess */ | |
474 | "", /* DixWriteAccess */ | |
475 | "", /* DixDestroyAccess */ | |
476 | "", /* DixCreateAccess */ | |
477 | "", /* DixGetAttrAccess */ | |
478 | "", /* DixSetAttrAccess */ | |
479 | "", /* DixListPropAccess */ | |
480 | "", /* DixGetPropAccess */ | |
481 | "", /* DixSetPropAccess */ | |
482 | "", /* DixGetFocusAccess */ | |
483 | "", /* DixSetFocusAccess */ | |
484 | "", /* DixListAccess */ | |
485 | "", /* DixAddAccess */ | |
486 | "", /* DixRemoveAccess */ | |
487 | "", /* DixHideAccess */ | |
488 | "", /* DixShowAccess */ | |
489 | "", /* DixBlendAccess */ | |
490 | "", /* DixGrabAccess */ | |
491 | "", /* DixFreezeAccess */ | |
492 | "", /* DixForceAccess */ | |
493 | "", /* DixInstallAccess */ | |
494 | "", /* DixUninstallAccess */ | |
495 | "send", /* DixSendAccess */ | |
496 | "receive", /* DixReceiveAccess */ | |
497 | NULL}}, | |
498 | {"x_synthetic_event", | |
499 | {"", /* DixReadAccess */ | |
500 | "", /* DixWriteAccess */ | |
501 | "", /* DixDestroyAccess */ | |
502 | "", /* DixCreateAccess */ | |
503 | "", /* DixGetAttrAccess */ | |
504 | "", /* DixSetAttrAccess */ | |
505 | "", /* DixListPropAccess */ | |
506 | "", /* DixGetPropAccess */ | |
507 | "", /* DixSetPropAccess */ | |
508 | "", /* DixGetFocusAccess */ | |
509 | "", /* DixSetFocusAccess */ | |
510 | "", /* DixListAccess */ | |
511 | "", /* DixAddAccess */ | |
512 | "", /* DixRemoveAccess */ | |
513 | "", /* DixHideAccess */ | |
514 | "", /* DixShowAccess */ | |
515 | "", /* DixBlendAccess */ | |
516 | "", /* DixGrabAccess */ | |
517 | "", /* DixFreezeAccess */ | |
518 | "", /* DixForceAccess */ | |
519 | "", /* DixInstallAccess */ | |
520 | "", /* DixUninstallAccess */ | |
521 | "send", /* DixSendAccess */ | |
522 | "receive", /* DixReceiveAccess */ | |
523 | NULL}}, | |
524 | {"x_resource", | |
525 | {"read", /* DixReadAccess */ | |
526 | "write", /* DixWriteAccess */ | |
527 | "write", /* DixDestroyAccess */ | |
528 | "write", /* DixCreateAccess */ | |
529 | "read", /* DixGetAttrAccess */ | |
530 | "write", /* DixSetAttrAccess */ | |
531 | "read", /* DixListPropAccess */ | |
532 | "read", /* DixGetPropAccess */ | |
533 | "write", /* DixSetPropAccess */ | |
534 | "read", /* DixGetFocusAccess */ | |
535 | "write", /* DixSetFocusAccess */ | |
536 | "read", /* DixListAccess */ | |
537 | "write", /* DixAddAccess */ | |
538 | "write", /* DixRemoveAccess */ | |
539 | "write", /* DixHideAccess */ | |
540 | "read", /* DixShowAccess */ | |
541 | "read", /* DixBlendAccess */ | |
542 | "write", /* DixGrabAccess */ | |
543 | "write", /* DixFreezeAccess */ | |
544 | "write", /* DixForceAccess */ | |
545 | "write", /* DixInstallAccess */ | |
546 | "write", /* DixUninstallAccess */ | |
547 | "write", /* DixSendAccess */ | |
548 | "read", /* DixReceiveAccess */ | |
549 | "read", /* DixUseAccess */ | |
550 | "write", /* DixManageAccess */ | |
551 | "read", /* DixDebugAccess */ | |
552 | "write", /* DixBellAccess */ | |
553 | NULL}}, | |
554 | {NULL} | |
555 | }; | |
556 | ||
557 | /* x_resource "read" bits from the list above */ | |
558 | #define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \ | |
559 | DixGetPropAccess|DixGetFocusAccess|DixListAccess| \ | |
560 | DixShowAccess|DixBlendAccess|DixReceiveAccess| \ | |
561 | DixUseAccess|DixDebugAccess) | |
562 | ||
563 | #endif /* _XSELINUX_NEED_FLASK_MAP */ | |
564 | #endif /* _XSELINUXINT_H */ |