1*4882a593Smuzhiyun /************************************************************ 2*4882a593Smuzhiyun 3*4882a593Smuzhiyun Author: Eamon Walsh <ewalsh@tycho.nsa.gov> 4*4882a593Smuzhiyun 5*4882a593Smuzhiyun Permission to use, copy, modify, distribute, and sell this software and its 6*4882a593Smuzhiyun documentation for any purpose is hereby granted without fee, provided that 7*4882a593Smuzhiyun this permission notice appear in supporting documentation. This permission 8*4882a593Smuzhiyun notice shall be included in all copies or substantial portions of the 9*4882a593Smuzhiyun Software. 10*4882a593Smuzhiyun 11*4882a593Smuzhiyun THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 12*4882a593Smuzhiyun IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13*4882a593Smuzhiyun FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 14*4882a593Smuzhiyun AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN 15*4882a593Smuzhiyun AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 16*4882a593Smuzhiyun CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 17*4882a593Smuzhiyun 18*4882a593Smuzhiyun ********************************************************/ 19*4882a593Smuzhiyun 20*4882a593Smuzhiyun #ifndef _XSELINUXINT_H 21*4882a593Smuzhiyun #define _XSELINUXINT_H 22*4882a593Smuzhiyun 23*4882a593Smuzhiyun #include <selinux/selinux.h> 24*4882a593Smuzhiyun #include <selinux/avc.h> 25*4882a593Smuzhiyun 26*4882a593Smuzhiyun #include "globals.h" 27*4882a593Smuzhiyun #include "dixaccess.h" 28*4882a593Smuzhiyun #include "dixstruct.h" 29*4882a593Smuzhiyun #include "privates.h" 30*4882a593Smuzhiyun #include "resource.h" 31*4882a593Smuzhiyun #include "registry.h" 32*4882a593Smuzhiyun #include "inputstr.h" 33*4882a593Smuzhiyun #include "xselinux.h" 34*4882a593Smuzhiyun 35*4882a593Smuzhiyun /* 36*4882a593Smuzhiyun * Types 37*4882a593Smuzhiyun */ 38*4882a593Smuzhiyun 39*4882a593Smuzhiyun #define COMMAND_LEN 64 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun /* subject state (clients and devices only) */ 42*4882a593Smuzhiyun typedef struct { 43*4882a593Smuzhiyun security_id_t sid; 44*4882a593Smuzhiyun security_id_t dev_create_sid; 45*4882a593Smuzhiyun security_id_t win_create_sid; 46*4882a593Smuzhiyun security_id_t sel_create_sid; 47*4882a593Smuzhiyun security_id_t prp_create_sid; 48*4882a593Smuzhiyun security_id_t sel_use_sid; 49*4882a593Smuzhiyun security_id_t prp_use_sid; 50*4882a593Smuzhiyun struct avc_entry_ref aeref; 51*4882a593Smuzhiyun char command[COMMAND_LEN]; 52*4882a593Smuzhiyun int privileged; 53*4882a593Smuzhiyun } SELinuxSubjectRec; 54*4882a593Smuzhiyun 55*4882a593Smuzhiyun /* object state */ 56*4882a593Smuzhiyun typedef struct { 57*4882a593Smuzhiyun security_id_t sid; 58*4882a593Smuzhiyun int poly; 59*4882a593Smuzhiyun } SELinuxObjectRec; 60*4882a593Smuzhiyun 61*4882a593Smuzhiyun /* 62*4882a593Smuzhiyun * Globals 63*4882a593Smuzhiyun */ 64*4882a593Smuzhiyun 65*4882a593Smuzhiyun extern DevPrivateKeyRec subjectKeyRec; 66*4882a593Smuzhiyun 67*4882a593Smuzhiyun #define subjectKey (&subjectKeyRec) 68*4882a593Smuzhiyun extern DevPrivateKeyRec objectKeyRec; 69*4882a593Smuzhiyun 70*4882a593Smuzhiyun #define objectKey (&objectKeyRec) 71*4882a593Smuzhiyun extern DevPrivateKeyRec dataKeyRec; 72*4882a593Smuzhiyun 73*4882a593Smuzhiyun #define dataKey (&dataKeyRec) 74*4882a593Smuzhiyun 75*4882a593Smuzhiyun /* 76*4882a593Smuzhiyun * Label functions 77*4882a593Smuzhiyun */ 78*4882a593Smuzhiyun 79*4882a593Smuzhiyun int 80*4882a593Smuzhiyun SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec ** obj_rtn); 81*4882a593Smuzhiyun 82*4882a593Smuzhiyun int 83*4882a593Smuzhiyun 84*4882a593Smuzhiyun SELinuxSelectionToSID(Atom selection, SELinuxSubjectRec * subj, 85*4882a593Smuzhiyun security_id_t * sid_rtn, int *poly_rtn); 86*4882a593Smuzhiyun 87*4882a593Smuzhiyun int 88*4882a593Smuzhiyun 89*4882a593Smuzhiyun SELinuxPropertyToSID(Atom property, SELinuxSubjectRec * subj, 90*4882a593Smuzhiyun security_id_t * sid_rtn, int *poly_rtn); 91*4882a593Smuzhiyun 92*4882a593Smuzhiyun int 93*4882a593Smuzhiyun 94*4882a593Smuzhiyun SELinuxEventToSID(unsigned type, security_id_t sid_of_window, 95*4882a593Smuzhiyun SELinuxObjectRec * sid_return); 96*4882a593Smuzhiyun 97*4882a593Smuzhiyun int 98*4882a593Smuzhiyun SELinuxExtensionToSID(const char *name, security_id_t * sid_rtn); 99*4882a593Smuzhiyun 100*4882a593Smuzhiyun security_class_t SELinuxTypeToClass(RESTYPE type); 101*4882a593Smuzhiyun 102*4882a593Smuzhiyun security_context_t SELinuxDefaultClientLabel(void); 103*4882a593Smuzhiyun 104*4882a593Smuzhiyun void 105*4882a593Smuzhiyun SELinuxLabelInit(void); 106*4882a593Smuzhiyun 107*4882a593Smuzhiyun void 108*4882a593Smuzhiyun SELinuxLabelReset(void); 109*4882a593Smuzhiyun 110*4882a593Smuzhiyun /* 111*4882a593Smuzhiyun * Security module functions 112*4882a593Smuzhiyun */ 113*4882a593Smuzhiyun 114*4882a593Smuzhiyun void 115*4882a593Smuzhiyun SELinuxFlaskInit(void); 116*4882a593Smuzhiyun 117*4882a593Smuzhiyun void 118*4882a593Smuzhiyun SELinuxFlaskReset(void); 119*4882a593Smuzhiyun 120*4882a593Smuzhiyun /* 121*4882a593Smuzhiyun * Private Flask definitions 122*4882a593Smuzhiyun */ 123*4882a593Smuzhiyun 124*4882a593Smuzhiyun /* Security class constants */ 125*4882a593Smuzhiyun #define SECCLASS_X_DRAWABLE 1 126*4882a593Smuzhiyun #define SECCLASS_X_SCREEN 2 127*4882a593Smuzhiyun #define SECCLASS_X_GC 3 128*4882a593Smuzhiyun #define SECCLASS_X_FONT 4 129*4882a593Smuzhiyun #define SECCLASS_X_COLORMAP 5 130*4882a593Smuzhiyun #define SECCLASS_X_PROPERTY 6 131*4882a593Smuzhiyun #define SECCLASS_X_SELECTION 7 132*4882a593Smuzhiyun #define SECCLASS_X_CURSOR 8 133*4882a593Smuzhiyun #define SECCLASS_X_CLIENT 9 134*4882a593Smuzhiyun #define SECCLASS_X_POINTER 10 135*4882a593Smuzhiyun #define SECCLASS_X_KEYBOARD 11 136*4882a593Smuzhiyun #define SECCLASS_X_SERVER 12 137*4882a593Smuzhiyun #define SECCLASS_X_EXTENSION 13 138*4882a593Smuzhiyun #define SECCLASS_X_EVENT 14 139*4882a593Smuzhiyun #define SECCLASS_X_FAKEEVENT 15 140*4882a593Smuzhiyun #define SECCLASS_X_RESOURCE 16 141*4882a593Smuzhiyun 142*4882a593Smuzhiyun #ifdef _XSELINUX_NEED_FLASK_MAP 143*4882a593Smuzhiyun /* Mapping from DixAccess bits to Flask permissions */ 144*4882a593Smuzhiyun static struct security_class_mapping map[] = { 145*4882a593Smuzhiyun {"x_drawable", 146*4882a593Smuzhiyun {"read", /* DixReadAccess */ 147*4882a593Smuzhiyun "write", /* DixWriteAccess */ 148*4882a593Smuzhiyun "destroy", /* DixDestroyAccess */ 149*4882a593Smuzhiyun "create", /* DixCreateAccess */ 150*4882a593Smuzhiyun "getattr", /* DixGetAttrAccess */ 151*4882a593Smuzhiyun "setattr", /* DixSetAttrAccess */ 152*4882a593Smuzhiyun "list_property", /* DixListPropAccess */ 153*4882a593Smuzhiyun "get_property", /* DixGetPropAccess */ 154*4882a593Smuzhiyun "set_property", /* DixSetPropAccess */ 155*4882a593Smuzhiyun "", /* DixGetFocusAccess */ 156*4882a593Smuzhiyun "", /* DixSetFocusAccess */ 157*4882a593Smuzhiyun "list_child", /* DixListAccess */ 158*4882a593Smuzhiyun "add_child", /* DixAddAccess */ 159*4882a593Smuzhiyun "remove_child", /* DixRemoveAccess */ 160*4882a593Smuzhiyun "hide", /* DixHideAccess */ 161*4882a593Smuzhiyun "show", /* DixShowAccess */ 162*4882a593Smuzhiyun "blend", /* DixBlendAccess */ 163*4882a593Smuzhiyun "override", /* DixGrabAccess */ 164*4882a593Smuzhiyun "", /* DixFreezeAccess */ 165*4882a593Smuzhiyun "", /* DixForceAccess */ 166*4882a593Smuzhiyun "", /* DixInstallAccess */ 167*4882a593Smuzhiyun "", /* DixUninstallAccess */ 168*4882a593Smuzhiyun "send", /* DixSendAccess */ 169*4882a593Smuzhiyun "receive", /* DixReceiveAccess */ 170*4882a593Smuzhiyun "", /* DixUseAccess */ 171*4882a593Smuzhiyun "manage", /* DixManageAccess */ 172*4882a593Smuzhiyun NULL}}, 173*4882a593Smuzhiyun {"x_screen", 174*4882a593Smuzhiyun {"", /* DixReadAccess */ 175*4882a593Smuzhiyun "", /* DixWriteAccess */ 176*4882a593Smuzhiyun "", /* DixDestroyAccess */ 177*4882a593Smuzhiyun "", /* DixCreateAccess */ 178*4882a593Smuzhiyun "getattr", /* DixGetAttrAccess */ 179*4882a593Smuzhiyun "setattr", /* DixSetAttrAccess */ 180*4882a593Smuzhiyun "saver_getattr", /* DixListPropAccess */ 181*4882a593Smuzhiyun "saver_setattr", /* DixGetPropAccess */ 182*4882a593Smuzhiyun "", /* DixSetPropAccess */ 183*4882a593Smuzhiyun "", /* DixGetFocusAccess */ 184*4882a593Smuzhiyun "", /* DixSetFocusAccess */ 185*4882a593Smuzhiyun "", /* DixListAccess */ 186*4882a593Smuzhiyun "", /* DixAddAccess */ 187*4882a593Smuzhiyun "", /* DixRemoveAccess */ 188*4882a593Smuzhiyun "hide_cursor", /* DixHideAccess */ 189*4882a593Smuzhiyun "show_cursor", /* DixShowAccess */ 190*4882a593Smuzhiyun "saver_hide", /* DixBlendAccess */ 191*4882a593Smuzhiyun "saver_show", /* DixGrabAccess */ 192*4882a593Smuzhiyun NULL}}, 193*4882a593Smuzhiyun {"x_gc", 194*4882a593Smuzhiyun {"", /* DixReadAccess */ 195*4882a593Smuzhiyun "", /* DixWriteAccess */ 196*4882a593Smuzhiyun "destroy", /* DixDestroyAccess */ 197*4882a593Smuzhiyun "create", /* DixCreateAccess */ 198*4882a593Smuzhiyun "getattr", /* DixGetAttrAccess */ 199*4882a593Smuzhiyun "setattr", /* DixSetAttrAccess */ 200*4882a593Smuzhiyun "", /* DixListPropAccess */ 201*4882a593Smuzhiyun "", /* DixGetPropAccess */ 202*4882a593Smuzhiyun "", /* DixSetPropAccess */ 203*4882a593Smuzhiyun "", /* DixGetFocusAccess */ 204*4882a593Smuzhiyun "", /* DixSetFocusAccess */ 205*4882a593Smuzhiyun "", /* DixListAccess */ 206*4882a593Smuzhiyun "", /* DixAddAccess */ 207*4882a593Smuzhiyun "", /* DixRemoveAccess */ 208*4882a593Smuzhiyun "", /* DixHideAccess */ 209*4882a593Smuzhiyun "", /* DixShowAccess */ 210*4882a593Smuzhiyun "", /* DixBlendAccess */ 211*4882a593Smuzhiyun "", /* DixGrabAccess */ 212*4882a593Smuzhiyun "", /* DixFreezeAccess */ 213*4882a593Smuzhiyun "", /* DixForceAccess */ 214*4882a593Smuzhiyun "", /* DixInstallAccess */ 215*4882a593Smuzhiyun "", /* DixUninstallAccess */ 216*4882a593Smuzhiyun "", /* DixSendAccess */ 217*4882a593Smuzhiyun "", /* DixReceiveAccess */ 218*4882a593Smuzhiyun "use", /* DixUseAccess */ 219*4882a593Smuzhiyun NULL}}, 220*4882a593Smuzhiyun {"x_font", 221*4882a593Smuzhiyun {"", /* DixReadAccess */ 222*4882a593Smuzhiyun "", /* DixWriteAccess */ 223*4882a593Smuzhiyun "destroy", /* DixDestroyAccess */ 224*4882a593Smuzhiyun "create", /* DixCreateAccess */ 225*4882a593Smuzhiyun "getattr", /* DixGetAttrAccess */ 226*4882a593Smuzhiyun "", /* DixSetAttrAccess */ 227*4882a593Smuzhiyun "", /* DixListPropAccess */ 228*4882a593Smuzhiyun "", /* DixGetPropAccess */ 229*4882a593Smuzhiyun "", /* DixSetPropAccess */ 230*4882a593Smuzhiyun "", /* DixGetFocusAccess */ 231*4882a593Smuzhiyun "", /* DixSetFocusAccess */ 232*4882a593Smuzhiyun "", /* DixListAccess */ 233*4882a593Smuzhiyun "add_glyph", /* DixAddAccess */ 234*4882a593Smuzhiyun "remove_glyph", /* DixRemoveAccess */ 235*4882a593Smuzhiyun "", /* DixHideAccess */ 236*4882a593Smuzhiyun "", /* DixShowAccess */ 237*4882a593Smuzhiyun "", /* DixBlendAccess */ 238*4882a593Smuzhiyun "", /* DixGrabAccess */ 239*4882a593Smuzhiyun "", /* DixFreezeAccess */ 240*4882a593Smuzhiyun "", /* DixForceAccess */ 241*4882a593Smuzhiyun "", /* DixInstallAccess */ 242*4882a593Smuzhiyun "", /* DixUninstallAccess */ 243*4882a593Smuzhiyun "", /* DixSendAccess */ 244*4882a593Smuzhiyun "", /* DixReceiveAccess */ 245*4882a593Smuzhiyun "use", /* DixUseAccess */ 246*4882a593Smuzhiyun NULL}}, 247*4882a593Smuzhiyun {"x_colormap", 248*4882a593Smuzhiyun {"read", /* DixReadAccess */ 249*4882a593Smuzhiyun "write", /* DixWriteAccess */ 250*4882a593Smuzhiyun "destroy", /* DixDestroyAccess */ 251*4882a593Smuzhiyun "create", /* DixCreateAccess */ 252*4882a593Smuzhiyun "getattr", /* DixGetAttrAccess */ 253*4882a593Smuzhiyun "", /* DixSetAttrAccess */ 254*4882a593Smuzhiyun "", /* DixListPropAccess */ 255*4882a593Smuzhiyun "", /* DixGetPropAccess */ 256*4882a593Smuzhiyun "", /* DixSetPropAccess */ 257*4882a593Smuzhiyun "", /* DixGetFocusAccess */ 258*4882a593Smuzhiyun "", /* DixSetFocusAccess */ 259*4882a593Smuzhiyun "", /* DixListAccess */ 260*4882a593Smuzhiyun "add_color", /* DixAddAccess */ 261*4882a593Smuzhiyun "remove_color", /* DixRemoveAccess */ 262*4882a593Smuzhiyun "", /* DixHideAccess */ 263*4882a593Smuzhiyun "", /* DixShowAccess */ 264*4882a593Smuzhiyun "", /* DixBlendAccess */ 265*4882a593Smuzhiyun "", /* DixGrabAccess */ 266*4882a593Smuzhiyun "", /* DixFreezeAccess */ 267*4882a593Smuzhiyun "", /* DixForceAccess */ 268*4882a593Smuzhiyun "install", /* DixInstallAccess */ 269*4882a593Smuzhiyun "uninstall", /* DixUninstallAccess */ 270*4882a593Smuzhiyun "", /* DixSendAccess */ 271*4882a593Smuzhiyun "", /* DixReceiveAccess */ 272*4882a593Smuzhiyun "use", /* DixUseAccess */ 273*4882a593Smuzhiyun NULL}}, 274*4882a593Smuzhiyun {"x_property", 275*4882a593Smuzhiyun {"read", /* DixReadAccess */ 276*4882a593Smuzhiyun "write", /* DixWriteAccess */ 277*4882a593Smuzhiyun "destroy", /* DixDestroyAccess */ 278*4882a593Smuzhiyun "create", /* DixCreateAccess */ 279*4882a593Smuzhiyun "getattr", /* DixGetAttrAccess */ 280*4882a593Smuzhiyun "setattr", /* DixSetAttrAccess */ 281*4882a593Smuzhiyun "", /* DixListPropAccess */ 282*4882a593Smuzhiyun "", /* DixGetPropAccess */ 283*4882a593Smuzhiyun "", /* DixSetPropAccess */ 284*4882a593Smuzhiyun "", /* DixGetFocusAccess */ 285*4882a593Smuzhiyun "", /* DixSetFocusAccess */ 286*4882a593Smuzhiyun "", /* DixListAccess */ 287*4882a593Smuzhiyun "", /* DixAddAccess */ 288*4882a593Smuzhiyun "", /* DixRemoveAccess */ 289*4882a593Smuzhiyun "", /* DixHideAccess */ 290*4882a593Smuzhiyun "", /* DixShowAccess */ 291*4882a593Smuzhiyun "write", /* DixBlendAccess */ 292*4882a593Smuzhiyun NULL}}, 293*4882a593Smuzhiyun {"x_selection", 294*4882a593Smuzhiyun {"read", /* DixReadAccess */ 295*4882a593Smuzhiyun "", /* DixWriteAccess */ 296*4882a593Smuzhiyun "", /* DixDestroyAccess */ 297*4882a593Smuzhiyun "setattr", /* DixCreateAccess */ 298*4882a593Smuzhiyun "getattr", /* DixGetAttrAccess */ 299*4882a593Smuzhiyun "setattr", /* DixSetAttrAccess */ 300*4882a593Smuzhiyun NULL}}, 301*4882a593Smuzhiyun {"x_cursor", 302*4882a593Smuzhiyun {"read", /* DixReadAccess */ 303*4882a593Smuzhiyun "write", /* DixWriteAccess */ 304*4882a593Smuzhiyun "destroy", /* DixDestroyAccess */ 305*4882a593Smuzhiyun "create", /* DixCreateAccess */ 306*4882a593Smuzhiyun "getattr", /* DixGetAttrAccess */ 307*4882a593Smuzhiyun "setattr", /* DixSetAttrAccess */ 308*4882a593Smuzhiyun "", /* DixListPropAccess */ 309*4882a593Smuzhiyun "", /* DixGetPropAccess */ 310*4882a593Smuzhiyun "", /* DixSetPropAccess */ 311*4882a593Smuzhiyun "", /* DixGetFocusAccess */ 312*4882a593Smuzhiyun "", /* DixSetFocusAccess */ 313*4882a593Smuzhiyun "", /* DixListAccess */ 314*4882a593Smuzhiyun "", /* DixAddAccess */ 315*4882a593Smuzhiyun "", /* DixRemoveAccess */ 316*4882a593Smuzhiyun "", /* DixHideAccess */ 317*4882a593Smuzhiyun "", /* DixShowAccess */ 318*4882a593Smuzhiyun "", /* DixBlendAccess */ 319*4882a593Smuzhiyun "", /* DixGrabAccess */ 320*4882a593Smuzhiyun "", /* DixFreezeAccess */ 321*4882a593Smuzhiyun "", /* DixForceAccess */ 322*4882a593Smuzhiyun "", /* DixInstallAccess */ 323*4882a593Smuzhiyun "", /* DixUninstallAccess */ 324*4882a593Smuzhiyun "", /* DixSendAccess */ 325*4882a593Smuzhiyun "", /* DixReceiveAccess */ 326*4882a593Smuzhiyun "use", /* DixUseAccess */ 327*4882a593Smuzhiyun NULL}}, 328*4882a593Smuzhiyun {"x_client", 329*4882a593Smuzhiyun {"", /* DixReadAccess */ 330*4882a593Smuzhiyun "", /* DixWriteAccess */ 331*4882a593Smuzhiyun "destroy", /* DixDestroyAccess */ 332*4882a593Smuzhiyun "", /* DixCreateAccess */ 333*4882a593Smuzhiyun "getattr", /* DixGetAttrAccess */ 334*4882a593Smuzhiyun "setattr", /* DixSetAttrAccess */ 335*4882a593Smuzhiyun "", /* DixListPropAccess */ 336*4882a593Smuzhiyun "", /* DixGetPropAccess */ 337*4882a593Smuzhiyun "", /* DixSetPropAccess */ 338*4882a593Smuzhiyun "", /* DixGetFocusAccess */ 339*4882a593Smuzhiyun "", /* DixSetFocusAccess */ 340*4882a593Smuzhiyun "", /* DixListAccess */ 341*4882a593Smuzhiyun "", /* DixAddAccess */ 342*4882a593Smuzhiyun "", /* DixRemoveAccess */ 343*4882a593Smuzhiyun "", /* DixHideAccess */ 344*4882a593Smuzhiyun "", /* DixShowAccess */ 345*4882a593Smuzhiyun "", /* DixBlendAccess */ 346*4882a593Smuzhiyun "", /* DixGrabAccess */ 347*4882a593Smuzhiyun "", /* DixFreezeAccess */ 348*4882a593Smuzhiyun "", /* DixForceAccess */ 349*4882a593Smuzhiyun "", /* DixInstallAccess */ 350*4882a593Smuzhiyun "", /* DixUninstallAccess */ 351*4882a593Smuzhiyun "", /* DixSendAccess */ 352*4882a593Smuzhiyun "", /* DixReceiveAccess */ 353*4882a593Smuzhiyun "", /* DixUseAccess */ 354*4882a593Smuzhiyun "manage", /* DixManageAccess */ 355*4882a593Smuzhiyun NULL}}, 356*4882a593Smuzhiyun {"x_pointer", 357*4882a593Smuzhiyun {"read", /* DixReadAccess */ 358*4882a593Smuzhiyun "write", /* DixWriteAccess */ 359*4882a593Smuzhiyun "destroy", /* DixDestroyAccess */ 360*4882a593Smuzhiyun "create", /* DixCreateAccess */ 361*4882a593Smuzhiyun "getattr", /* DixGetAttrAccess */ 362*4882a593Smuzhiyun "setattr", /* DixSetAttrAccess */ 363*4882a593Smuzhiyun "list_property", /* DixListPropAccess */ 364*4882a593Smuzhiyun "get_property", /* DixGetPropAccess */ 365*4882a593Smuzhiyun "set_property", /* DixSetPropAccess */ 366*4882a593Smuzhiyun "getfocus", /* DixGetFocusAccess */ 367*4882a593Smuzhiyun "setfocus", /* DixSetFocusAccess */ 368*4882a593Smuzhiyun "", /* DixListAccess */ 369*4882a593Smuzhiyun "add", /* DixAddAccess */ 370*4882a593Smuzhiyun "remove", /* DixRemoveAccess */ 371*4882a593Smuzhiyun "", /* DixHideAccess */ 372*4882a593Smuzhiyun "", /* DixShowAccess */ 373*4882a593Smuzhiyun "", /* DixBlendAccess */ 374*4882a593Smuzhiyun "grab", /* DixGrabAccess */ 375*4882a593Smuzhiyun "freeze", /* DixFreezeAccess */ 376*4882a593Smuzhiyun "force_cursor", /* DixForceAccess */ 377*4882a593Smuzhiyun "", /* DixInstallAccess */ 378*4882a593Smuzhiyun "", /* DixUninstallAccess */ 379*4882a593Smuzhiyun "", /* DixSendAccess */ 380*4882a593Smuzhiyun "", /* DixReceiveAccess */ 381*4882a593Smuzhiyun "use", /* DixUseAccess */ 382*4882a593Smuzhiyun "manage", /* DixManageAccess */ 383*4882a593Smuzhiyun "", /* DixDebugAccess */ 384*4882a593Smuzhiyun "bell", /* DixBellAccess */ 385*4882a593Smuzhiyun NULL}}, 386*4882a593Smuzhiyun {"x_keyboard", 387*4882a593Smuzhiyun {"read", /* DixReadAccess */ 388*4882a593Smuzhiyun "write", /* DixWriteAccess */ 389*4882a593Smuzhiyun "destroy", /* DixDestroyAccess */ 390*4882a593Smuzhiyun "create", /* DixCreateAccess */ 391*4882a593Smuzhiyun "getattr", /* DixGetAttrAccess */ 392*4882a593Smuzhiyun "setattr", /* DixSetAttrAccess */ 393*4882a593Smuzhiyun "list_property", /* DixListPropAccess */ 394*4882a593Smuzhiyun "get_property", /* DixGetPropAccess */ 395*4882a593Smuzhiyun "set_property", /* DixSetPropAccess */ 396*4882a593Smuzhiyun "getfocus", /* DixGetFocusAccess */ 397*4882a593Smuzhiyun "setfocus", /* DixSetFocusAccess */ 398*4882a593Smuzhiyun "", /* DixListAccess */ 399*4882a593Smuzhiyun "add", /* DixAddAccess */ 400*4882a593Smuzhiyun "remove", /* DixRemoveAccess */ 401*4882a593Smuzhiyun "", /* DixHideAccess */ 402*4882a593Smuzhiyun "", /* DixShowAccess */ 403*4882a593Smuzhiyun "", /* DixBlendAccess */ 404*4882a593Smuzhiyun "grab", /* DixGrabAccess */ 405*4882a593Smuzhiyun "freeze", /* DixFreezeAccess */ 406*4882a593Smuzhiyun "force_cursor", /* DixForceAccess */ 407*4882a593Smuzhiyun "", /* DixInstallAccess */ 408*4882a593Smuzhiyun "", /* DixUninstallAccess */ 409*4882a593Smuzhiyun "", /* DixSendAccess */ 410*4882a593Smuzhiyun "", /* DixReceiveAccess */ 411*4882a593Smuzhiyun "use", /* DixUseAccess */ 412*4882a593Smuzhiyun "manage", /* DixManageAccess */ 413*4882a593Smuzhiyun "", /* DixDebugAccess */ 414*4882a593Smuzhiyun "bell", /* DixBellAccess */ 415*4882a593Smuzhiyun NULL}}, 416*4882a593Smuzhiyun {"x_server", 417*4882a593Smuzhiyun {"record", /* DixReadAccess */ 418*4882a593Smuzhiyun "", /* DixWriteAccess */ 419*4882a593Smuzhiyun "", /* DixDestroyAccess */ 420*4882a593Smuzhiyun "", /* DixCreateAccess */ 421*4882a593Smuzhiyun "getattr", /* DixGetAttrAccess */ 422*4882a593Smuzhiyun "setattr", /* DixSetAttrAccess */ 423*4882a593Smuzhiyun "", /* DixListPropAccess */ 424*4882a593Smuzhiyun "", /* DixGetPropAccess */ 425*4882a593Smuzhiyun "", /* DixSetPropAccess */ 426*4882a593Smuzhiyun "", /* DixGetFocusAccess */ 427*4882a593Smuzhiyun "", /* DixSetFocusAccess */ 428*4882a593Smuzhiyun "", /* DixListAccess */ 429*4882a593Smuzhiyun "", /* DixAddAccess */ 430*4882a593Smuzhiyun "", /* DixRemoveAccess */ 431*4882a593Smuzhiyun "", /* DixHideAccess */ 432*4882a593Smuzhiyun "", /* DixShowAccess */ 433*4882a593Smuzhiyun "", /* DixBlendAccess */ 434*4882a593Smuzhiyun "grab", /* DixGrabAccess */ 435*4882a593Smuzhiyun "", /* DixFreezeAccess */ 436*4882a593Smuzhiyun "", /* DixForceAccess */ 437*4882a593Smuzhiyun "", /* DixInstallAccess */ 438*4882a593Smuzhiyun "", /* DixUninstallAccess */ 439*4882a593Smuzhiyun "", /* DixSendAccess */ 440*4882a593Smuzhiyun "", /* DixReceiveAccess */ 441*4882a593Smuzhiyun "", /* DixUseAccess */ 442*4882a593Smuzhiyun "manage", /* DixManageAccess */ 443*4882a593Smuzhiyun "debug", /* DixDebugAccess */ 444*4882a593Smuzhiyun NULL}}, 445*4882a593Smuzhiyun {"x_extension", 446*4882a593Smuzhiyun {"", /* DixReadAccess */ 447*4882a593Smuzhiyun "", /* DixWriteAccess */ 448*4882a593Smuzhiyun "", /* DixDestroyAccess */ 449*4882a593Smuzhiyun "", /* DixCreateAccess */ 450*4882a593Smuzhiyun "query", /* DixGetAttrAccess */ 451*4882a593Smuzhiyun "", /* DixSetAttrAccess */ 452*4882a593Smuzhiyun "", /* DixListPropAccess */ 453*4882a593Smuzhiyun "", /* DixGetPropAccess */ 454*4882a593Smuzhiyun "", /* DixSetPropAccess */ 455*4882a593Smuzhiyun "", /* DixGetFocusAccess */ 456*4882a593Smuzhiyun "", /* DixSetFocusAccess */ 457*4882a593Smuzhiyun "", /* DixListAccess */ 458*4882a593Smuzhiyun "", /* DixAddAccess */ 459*4882a593Smuzhiyun "", /* DixRemoveAccess */ 460*4882a593Smuzhiyun "", /* DixHideAccess */ 461*4882a593Smuzhiyun "", /* DixShowAccess */ 462*4882a593Smuzhiyun "", /* DixBlendAccess */ 463*4882a593Smuzhiyun "", /* DixGrabAccess */ 464*4882a593Smuzhiyun "", /* DixFreezeAccess */ 465*4882a593Smuzhiyun "", /* DixForceAccess */ 466*4882a593Smuzhiyun "", /* DixInstallAccess */ 467*4882a593Smuzhiyun "", /* DixUninstallAccess */ 468*4882a593Smuzhiyun "", /* DixSendAccess */ 469*4882a593Smuzhiyun "", /* DixReceiveAccess */ 470*4882a593Smuzhiyun "use", /* DixUseAccess */ 471*4882a593Smuzhiyun NULL}}, 472*4882a593Smuzhiyun {"x_event", 473*4882a593Smuzhiyun {"", /* DixReadAccess */ 474*4882a593Smuzhiyun "", /* DixWriteAccess */ 475*4882a593Smuzhiyun "", /* DixDestroyAccess */ 476*4882a593Smuzhiyun "", /* DixCreateAccess */ 477*4882a593Smuzhiyun "", /* DixGetAttrAccess */ 478*4882a593Smuzhiyun "", /* DixSetAttrAccess */ 479*4882a593Smuzhiyun "", /* DixListPropAccess */ 480*4882a593Smuzhiyun "", /* DixGetPropAccess */ 481*4882a593Smuzhiyun "", /* DixSetPropAccess */ 482*4882a593Smuzhiyun "", /* DixGetFocusAccess */ 483*4882a593Smuzhiyun "", /* DixSetFocusAccess */ 484*4882a593Smuzhiyun "", /* DixListAccess */ 485*4882a593Smuzhiyun "", /* DixAddAccess */ 486*4882a593Smuzhiyun "", /* DixRemoveAccess */ 487*4882a593Smuzhiyun "", /* DixHideAccess */ 488*4882a593Smuzhiyun "", /* DixShowAccess */ 489*4882a593Smuzhiyun "", /* DixBlendAccess */ 490*4882a593Smuzhiyun "", /* DixGrabAccess */ 491*4882a593Smuzhiyun "", /* DixFreezeAccess */ 492*4882a593Smuzhiyun "", /* DixForceAccess */ 493*4882a593Smuzhiyun "", /* DixInstallAccess */ 494*4882a593Smuzhiyun "", /* DixUninstallAccess */ 495*4882a593Smuzhiyun "send", /* DixSendAccess */ 496*4882a593Smuzhiyun "receive", /* DixReceiveAccess */ 497*4882a593Smuzhiyun NULL}}, 498*4882a593Smuzhiyun {"x_synthetic_event", 499*4882a593Smuzhiyun {"", /* DixReadAccess */ 500*4882a593Smuzhiyun "", /* DixWriteAccess */ 501*4882a593Smuzhiyun "", /* DixDestroyAccess */ 502*4882a593Smuzhiyun "", /* DixCreateAccess */ 503*4882a593Smuzhiyun "", /* DixGetAttrAccess */ 504*4882a593Smuzhiyun "", /* DixSetAttrAccess */ 505*4882a593Smuzhiyun "", /* DixListPropAccess */ 506*4882a593Smuzhiyun "", /* DixGetPropAccess */ 507*4882a593Smuzhiyun "", /* DixSetPropAccess */ 508*4882a593Smuzhiyun "", /* DixGetFocusAccess */ 509*4882a593Smuzhiyun "", /* DixSetFocusAccess */ 510*4882a593Smuzhiyun "", /* DixListAccess */ 511*4882a593Smuzhiyun "", /* DixAddAccess */ 512*4882a593Smuzhiyun "", /* DixRemoveAccess */ 513*4882a593Smuzhiyun "", /* DixHideAccess */ 514*4882a593Smuzhiyun "", /* DixShowAccess */ 515*4882a593Smuzhiyun "", /* DixBlendAccess */ 516*4882a593Smuzhiyun "", /* DixGrabAccess */ 517*4882a593Smuzhiyun "", /* DixFreezeAccess */ 518*4882a593Smuzhiyun "", /* DixForceAccess */ 519*4882a593Smuzhiyun "", /* DixInstallAccess */ 520*4882a593Smuzhiyun "", /* DixUninstallAccess */ 521*4882a593Smuzhiyun "send", /* DixSendAccess */ 522*4882a593Smuzhiyun "receive", /* DixReceiveAccess */ 523*4882a593Smuzhiyun NULL}}, 524*4882a593Smuzhiyun {"x_resource", 525*4882a593Smuzhiyun {"read", /* DixReadAccess */ 526*4882a593Smuzhiyun "write", /* DixWriteAccess */ 527*4882a593Smuzhiyun "write", /* DixDestroyAccess */ 528*4882a593Smuzhiyun "write", /* DixCreateAccess */ 529*4882a593Smuzhiyun "read", /* DixGetAttrAccess */ 530*4882a593Smuzhiyun "write", /* DixSetAttrAccess */ 531*4882a593Smuzhiyun "read", /* DixListPropAccess */ 532*4882a593Smuzhiyun "read", /* DixGetPropAccess */ 533*4882a593Smuzhiyun "write", /* DixSetPropAccess */ 534*4882a593Smuzhiyun "read", /* DixGetFocusAccess */ 535*4882a593Smuzhiyun "write", /* DixSetFocusAccess */ 536*4882a593Smuzhiyun "read", /* DixListAccess */ 537*4882a593Smuzhiyun "write", /* DixAddAccess */ 538*4882a593Smuzhiyun "write", /* DixRemoveAccess */ 539*4882a593Smuzhiyun "write", /* DixHideAccess */ 540*4882a593Smuzhiyun "read", /* DixShowAccess */ 541*4882a593Smuzhiyun "read", /* DixBlendAccess */ 542*4882a593Smuzhiyun "write", /* DixGrabAccess */ 543*4882a593Smuzhiyun "write", /* DixFreezeAccess */ 544*4882a593Smuzhiyun "write", /* DixForceAccess */ 545*4882a593Smuzhiyun "write", /* DixInstallAccess */ 546*4882a593Smuzhiyun "write", /* DixUninstallAccess */ 547*4882a593Smuzhiyun "write", /* DixSendAccess */ 548*4882a593Smuzhiyun "read", /* DixReceiveAccess */ 549*4882a593Smuzhiyun "read", /* DixUseAccess */ 550*4882a593Smuzhiyun "write", /* DixManageAccess */ 551*4882a593Smuzhiyun "read", /* DixDebugAccess */ 552*4882a593Smuzhiyun "write", /* DixBellAccess */ 553*4882a593Smuzhiyun NULL}}, 554*4882a593Smuzhiyun {NULL} 555*4882a593Smuzhiyun }; 556*4882a593Smuzhiyun 557*4882a593Smuzhiyun /* x_resource "read" bits from the list above */ 558*4882a593Smuzhiyun #define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \ 559*4882a593Smuzhiyun DixGetPropAccess|DixGetFocusAccess|DixListAccess| \ 560*4882a593Smuzhiyun DixShowAccess|DixBlendAccess|DixReceiveAccess| \ 561*4882a593Smuzhiyun DixUseAccess|DixDebugAccess) 562*4882a593Smuzhiyun 563*4882a593Smuzhiyun #endif /* _XSELINUX_NEED_FLASK_MAP */ 564*4882a593Smuzhiyun #endif /* _XSELINUXINT_H */ 565