This patch adds an event type to the X contexts backend, so that
X Flask module can support labeling events based on their protocol
name.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
---
include/selinux/label.h | 1 +
src/label_x.c | 4 +++-
2 files changed, 4 insertions(+), 1 deletion(-)
Index: libselinux/include/selinux/label.h
===================================================================
--- libselinux/include/selinux/label.h (revision 2660)
+++ libselinux/include/selinux/label.h (working copy)
@@ -111,6 +111,7 @@
#define SELABEL_X_PROP 1
#define SELABEL_X_EXT 2
#define SELABEL_X_CLIENT 3
+#define SELABEL_X_EVENT 4
#ifdef __cplusplus
Index: libselinux/src/label_x.c
===================================================================
--- libselinux/src/label_x.c (revision 2660)
+++ libselinux/src/label_x.c (working copy)
@@ -65,9 +65,11 @@
data->spec_arr[data->nspec].type = SELABEL_X_EXT;
else if (!strcmp(type, "client"))
data->spec_arr[data->nspec].type = SELABEL_X_CLIENT;
+ else if (!strcmp(type, "event"))
+ data->spec_arr[data->nspec].type = SELABEL_X_EVENT;
else {
selinux_log(SELINUX_WARNING,
- "%s: line %d has invalid file type %s\n",
+ "%s: line %d has invalid object type %s\n",
path, lineno, type);
return 0;
}
--
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
Here is a revised version of the patch that adds not one but two
backends, one for X event names and one for X "selections" which
are the clipboard objects used in cut & paste.
This is so the X Flask module can support labeling these objects
based on their names.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
---
include/selinux/label.h | 2 ++
src/label_x.c | 6 +++++-
2 files changed, 7 insertions(+), 1 deletion(-)
Index: libselinux/include/selinux/label.h
===================================================================
--- libselinux/include/selinux/label.h (revision 2660)
+++ libselinux/include/selinux/label.h (working copy)
@@ -111,6 +111,8 @@
#define SELABEL_X_PROP 1
#define SELABEL_X_EXT 2
#define SELABEL_X_CLIENT 3
+#define SELABEL_X_EVENT 4
+#define SELABEL_X_SELN 5
#ifdef __cplusplus
Index: libselinux/src/label_x.c
===================================================================
--- libselinux/src/label_x.c (revision 2660)
+++ libselinux/src/label_x.c (working copy)
@@ -65,9 +65,13 @@
data->spec_arr[data->nspec].type = SELABEL_X_EXT;
else if (!strcmp(type, "client"))
data->spec_arr[data->nspec].type = SELABEL_X_CLIENT;
+ else if (!strcmp(type, "event"))
+ data->spec_arr[data->nspec].type = SELABEL_X_EVENT;
+ else if (!strcmp(type, "selection"))
+ data->spec_arr[data->nspec].type = SELABEL_X_SELN;
else {
selinux_log(SELINUX_WARNING,
- "%s: line %d has invalid file type %s\n",
+ "%s: line %d has invalid object type %s\n",
path, lineno, type);
return 0;
}
--
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
On Fri, 2007-10-19 at 15:39 -0400, Eamon Walsh wrote:
> Here is a revised version of the patch that adds not one but two
> backends, one for X event names and one for X "selections" which
> are the clipboard objects used in cut & paste.
>
> This is so the X Flask module can support labeling these objects
> based on their names.
>
> Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Acked-by: Stephen "I want labeled X on my desk" Smalley <sds@tycho.nsa.gov>
> ---
>
> include/selinux/label.h | 2 ++
> src/label_x.c | 6 +++++-
> 2 files changed, 7 insertions(+), 1 deletion(-)
>
>
> Index: libselinux/include/selinux/label.h
> ===================================================================
> --- libselinux/include/selinux/label.h (revision 2660)
> +++ libselinux/include/selinux/label.h (working copy)
> @@ -111,6 +111,8 @@
> #define SELABEL_X_PROP 1
> #define SELABEL_X_EXT 2
> #define SELABEL_X_CLIENT 3
> +#define SELABEL_X_EVENT 4
> +#define SELABEL_X_SELN 5
>
>
> #ifdef __cplusplus
> Index: libselinux/src/label_x.c
> ===================================================================
> --- libselinux/src/label_x.c (revision 2660)
> +++ libselinux/src/label_x.c (working copy)
> @@ -65,9 +65,13 @@
> data->spec_arr[data->nspec].type = SELABEL_X_EXT;
> else if (!strcmp(type, "client"))
> data->spec_arr[data->nspec].type = SELABEL_X_CLIENT;
> + else if (!strcmp(type, "event"))
> + data->spec_arr[data->nspec].type = SELABEL_X_EVENT;
> + else if (!strcmp(type, "selection"))
> + data->spec_arr[data->nspec].type = SELABEL_X_SELN;
> else {
> selinux_log(SELINUX_WARNING,
> - "%s: line %d has invalid file type %s\n",
> + "%s: line %d has invalid object type %s\n",
> path, lineno, type);
> return 0;
> }
>
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.