Drop the xserver_unprotected interface.
The motivation for this was xdm_t objects not getting cleaned up, so the user session tried to interact with them. But since the default user type is unconfined this problem has gone away for now. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
This commit is contained in:
Eamon Walsh
Chris PeBenito
parent
b624268b9f
commit
5025a463cf
@ -1198,26 +1198,6 @@ interface(`xserver_manage_core_devices',`
|
||||
allow $1 xserver_t:{ x_device x_pointer x_keyboard } *;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Interface to remove protections on an X client domain.
|
||||
## Gives other X client domains full permissions over the target
|
||||
## domain's X objects.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to be unprotected.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`xserver_unprotected',`
|
||||
gen_require(`
|
||||
attribute xserver_unprotected_type;
|
||||
')
|
||||
|
||||
typeattribute $1 xserver_unprotected_type;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Interface to provide X object permissions on a given X server to
|
||||
|
||||
@ -82,7 +82,6 @@ type root_xdrawable_t, xdrawable_type;
|
||||
type root_xcolormap_t, xcolormap_type;
|
||||
|
||||
attribute xserver_unconfined_type;
|
||||
attribute xserver_unprotected_type;
|
||||
|
||||
xserver_object_types_template(root)
|
||||
xserver_object_types_template(user)
|
||||
@ -157,7 +156,6 @@ init_daemon_domain(xdm_t, xdm_exec_t)
|
||||
xserver_object_types_template(xdm)
|
||||
xserver_common_x_domain_template(xdm, xdm_t)
|
||||
xserver_unconfined(xdm_t)
|
||||
xserver_unprotected(xdm_t)
|
||||
|
||||
type xdm_lock_t;
|
||||
files_lock_file(xdm_lock_t)
|
||||
@ -948,20 +946,6 @@ allow x_domain self:x_resource { read write };
|
||||
# can mess with the screensaver
|
||||
allow x_domain xserver_t:x_screen { getattr saver_getattr };
|
||||
|
||||
########################################
|
||||
#
|
||||
# Rules for unprotected access to a domain
|
||||
#
|
||||
|
||||
allow x_domain xserver_unprotected_type:x_drawable *;
|
||||
allow x_domain xserver_unprotected_type:x_gc *;
|
||||
allow x_domain xserver_unprotected_type:x_colormap *;
|
||||
allow x_domain xserver_unprotected_type:x_property *;
|
||||
allow x_domain xserver_unprotected_type:x_cursor *;
|
||||
allow x_domain xserver_unprotected_type:x_client *;
|
||||
allow x_domain xserver_unprotected_type:x_device *;
|
||||
allow x_domain xserver_unprotected_type:x_resource *;
|
||||
|
||||
########################################
|
||||
#
|
||||
# Rules for unconfined access to this module
|
||||
|
||||
Loading…
Reference in New Issue
Block a user