All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy]  new_device_permissions.patch
@ 2009-06-18  2:41 Eamon Walsh
  2009-06-18 13:08 ` Christopher J. PeBenito
  2009-08-10 22:29 ` Eamon Walsh
  0 siblings, 2 replies; 7+ messages in thread
From: Eamon Walsh @ 2009-06-18  2:41 UTC (permalink / raw)
  To: refpolicy

Add a few new permissions to the "x_device" class to support the new XI2
functionality just merged to the X server.

-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency

-------------- next part --------------
A non-text attachment was scrubbed...
Name: xi2_device_perms.patch
Type: text/x-patch
Size: 326 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090617/7030eabd/attachment.bin 

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [refpolicy] new_device_permissions.patch
  2009-06-18  2:41 [refpolicy] new_device_permissions.patch Eamon Walsh
@ 2009-06-18 13:08 ` Christopher J. PeBenito
  2009-08-10 22:29 ` Eamon Walsh
  1 sibling, 0 replies; 7+ messages in thread
From: Christopher J. PeBenito @ 2009-06-18 13:08 UTC (permalink / raw)
  To: refpolicy

On Wed, 2009-06-17 at 22:41 -0400, Eamon Walsh wrote:
> Add a few new permissions to the "x_device" class to support the new
> XI2
> functionality just merged to the X server.

Merged.

> 
> 
> 
> 
> 
> 
> differences
> between files
> attachment
> (xi2_device_perms.patch)
> 
> Index: policy/flask/access_vectors
> ===================================================================
> --- policy/flask/access_vectors (revision 2996)
> +++ policy/flask/access_vectors (working copy)
> @@ -539,6 +539,11 @@
>         freeze
>         grab
>         manage
> +       list_property
> +       get_property
> +       set_property
> +       add
> +       remove
>  }
>  
>  class x_server
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [refpolicy] new_device_permissions.patch
  2009-06-18  2:41 [refpolicy] new_device_permissions.patch Eamon Walsh
  2009-06-18 13:08 ` Christopher J. PeBenito
@ 2009-08-10 22:29 ` Eamon Walsh
  2009-08-11 12:18   ` Christopher J. PeBenito
  1 sibling, 1 reply; 7+ messages in thread
From: Eamon Walsh @ 2009-08-10 22:29 UTC (permalink / raw)
  To: refpolicy

On 06/17/2009 10:41 PM, Eamon Walsh wrote:
> Add a few new permissions to the "x_device" class to support the new XI2
> functionality just merged to the X server.
>
>    


In the previous patch 2 x_device permission bits for the XI2 
functionality were left out.

Fixed with attached patch.


-- 
Eamon Walsh<ewalsh@tycho.nsa.gov>
National Security Agency

-------------- next part --------------
A non-text attachment was scrubbed...
Name: xi2_device_perms2.patch
Type: text/x-patch
Size: 288 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090810/dce3a689/attachment.bin 

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [refpolicy] new_device_permissions.patch
  2009-08-10 22:29 ` Eamon Walsh
@ 2009-08-11 12:18   ` Christopher J. PeBenito
  2009-08-11 17:57     ` Eamon Walsh
  0 siblings, 1 reply; 7+ messages in thread
From: Christopher J. PeBenito @ 2009-08-11 12:18 UTC (permalink / raw)
  To: refpolicy

On Mon, 2009-08-10 at 18:29 -0400, Eamon Walsh wrote:
> On 06/17/2009 10:41 PM, Eamon Walsh wrote:
> > Add a few new permissions to the "x_device" class to support the new
> XI2
> > functionality just merged to the X server.
> >
> >    
> 
> 
> In the previous patch 2 x_device permission bits for the XI2 
> functionality were left out.
> 
> Fixed with attached patch.

Whats the difference between add/remove and create/destroy?

> Index: policy/flask/access_vectors
> ===================================================================
> --- policy/flask/access_vectors (revision 3012)
> +++ policy/flask/access_vectors (working copy)
> @@ -544,6 +544,8 @@
>         set_property
>         add
>         remove
> +       create
> +       destroy
>  }
>  
>  class x_server
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [refpolicy] new_device_permissions.patch
  2009-08-11 12:18   ` Christopher J. PeBenito
@ 2009-08-11 17:57     ` Eamon Walsh
  2009-08-14 17:20       ` Christopher J. PeBenito
  0 siblings, 1 reply; 7+ messages in thread
From: Eamon Walsh @ 2009-08-11 17:57 UTC (permalink / raw)
  To: refpolicy

On 08/11/2009 08:18 AM, Christopher J. PeBenito wrote:
> On Mon, 2009-08-10 at 18:29 -0400, Eamon Walsh wrote:
>    
>> On 06/17/2009 10:41 PM, Eamon Walsh wrote:
>>      
>>> Add a few new permissions to the "x_device" class to support the new
>>>        
>> XI2
>>      
>>> functionality just merged to the X server.
>>>
>>>
>>>        
>> In the previous patch 2 x_device permission bits for the XI2
>> functionality were left out.
>>
>> Fixed with attached patch.
>>      
>
> Whats the difference between add/remove and create/destroy?
>
>    


The devices are in a kind of hierarchy.  You can now create one or more 
"master devices" (mouse cursor and keyboard focus).  The physical input 
devices are "slave devices" that attach to master devices.

Add/remove controls the ability to add/remove slave devices from a 
master device.  Create/destroy controls the ability to create new master 
devices.




-- 
Eamon Walsh<ewalsh@tycho.nsa.gov>
National Security Agency

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [refpolicy] new_device_permissions.patch
  2009-08-11 17:57     ` Eamon Walsh
@ 2009-08-14 17:20       ` Christopher J. PeBenito
  2009-08-17 19:16         ` Eamon Walsh
  0 siblings, 1 reply; 7+ messages in thread
From: Christopher J. PeBenito @ 2009-08-14 17:20 UTC (permalink / raw)
  To: refpolicy

On Tue, 2009-08-11 at 13:57 -0400, Eamon Walsh wrote:
> On 08/11/2009 08:18 AM, Christopher J. PeBenito wrote:
> > On Mon, 2009-08-10 at 18:29 -0400, Eamon Walsh wrote:
> >    
> >> On 06/17/2009 10:41 PM, Eamon Walsh wrote:
> >>      
> >>> Add a few new permissions to the "x_device" class to support the new
> >>>        
> >> XI2
> >>      
> >>> functionality just merged to the X server.
> >>>
> >>>
> >>>        
> >> In the previous patch 2 x_device permission bits for the XI2
> >> functionality were left out.
> >>
> >> Fixed with attached patch.
> >>      
> >
> > Whats the difference between add/remove and create/destroy?
> >
> >    
> 
> 
> The devices are in a kind of hierarchy.  You can now create one or more 
> "master devices" (mouse cursor and keyboard focus).  The physical input 
> devices are "slave devices" that attach to master devices.
> 
> Add/remove controls the ability to add/remove slave devices from a 
> master device.  Create/destroy controls the ability to create new master 
> devices.

Merged.  Are there any MLS constraints updates for these permissions?

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 7+ messages in thread
* [refpolicy] new_device_permissions.patch
  2009-08-14 17:20       ` Christopher J. PeBenito
@ 2009-08-17 19:16         ` Eamon Walsh
  0 siblings, 0 replies; 7+ messages in thread
From: Eamon Walsh @ 2009-08-17 19:16 UTC (permalink / raw)
  To: refpolicy

On 08/14/2009 01:20 PM, Christopher J. PeBenito wrote:
> On Tue, 2009-08-11 at 13:57 -0400, Eamon Walsh wrote:
>    
>> On 08/11/2009 08:18 AM, Christopher J. PeBenito wrote:
>>      
>>> On Mon, 2009-08-10 at 18:29 -0400, Eamon Walsh wrote:
>>>
>>>        
>>>> On 06/17/2009 10:41 PM, Eamon Walsh wrote:
>>>>
>>>>          
>>>>> Add a few new permissions to the "x_device" class to support the new
>>>>>
>>>>>            
>>>> XI2
>>>>
>>>>          
>>>>> functionality just merged to the X server.
>>>>>
>>>>>
>>>>>
>>>>>            
>>>> In the previous patch 2 x_device permission bits for the XI2
>>>> functionality were left out.
>>>>
>>>> Fixed with attached patch.
>>>>
>>>>          
>>> Whats the difference between add/remove and create/destroy?
>>>
>>>
>>>        
>>
>> The devices are in a kind of hierarchy.  You can now create one or more
>> "master devices" (mouse cursor and keyboard focus).  The physical input
>> devices are "slave devices" that attach to master devices.
>>
>> Add/remove controls the ability to add/remove slave devices from a
>> master device.  Create/destroy controls the ability to create new master
>> devices.
>>      
> Merged.  Are there any MLS constraints updates for these permissions?
>
>    


Yes, I did an X demo here last month and have some policy changes, I'm 
still working on cleaning them up for submission.

-- 
Eamon Walsh<ewalsh@tycho.nsa.gov>
National Security Agency

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2009-08-17 19:16 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-06-18  2:41 [refpolicy] new_device_permissions.patch Eamon Walsh
2009-06-18 13:08 ` Christopher J. PeBenito
2009-08-10 22:29 ` Eamon Walsh
2009-08-11 12:18   ` Christopher J. PeBenito
2009-08-11 17:57     ` Eamon Walsh
2009-08-14 17:20       ` Christopher J. PeBenito
2009-08-17 19:16         ` Eamon Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.