diff options
Diffstat (limited to 'config/appconfig-mcs/x_contexts')
| -rw-r--r-- | config/appconfig-mcs/x_contexts | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/config/appconfig-mcs/x_contexts b/config/appconfig-mcs/x_contexts new file mode 100644 index 000000000..0b3204435 --- /dev/null +++ b/config/appconfig-mcs/x_contexts @@ -0,0 +1,105 @@ +# +# Config file for XSELinux extension +# + + +# +## +### Rules for X Clients +## +# + +# +# The default client rule defines a context to be used for all clients +# connecting to the server from a remote host. +# +client * system_u:object_r:remote_t:s0 + + +# +## +### Rules for X Properties +## +# + +# +# Property rules map a property name to a context. A default property +# rule indicated by an asterisk should follow all other property rules. +# +# Properties that normal clients may only read +property _SELINUX_* system_u:object_r:seclabel_xproperty_t:s0 + +# Clipboard and selection properties +property CUT_BUFFER? system_u:object_r:clipboard_xproperty_t:s0 + +# Default fallback type +property * system_u:object_r:xproperty_t:s0 + + +# +## +### Rules for X Extensions +## +# + +# +# Extension rules map an extension name to a context. A default extension +# rule indicated by an asterisk should follow all other extension rules. +# +# Restricted extensions +extension SELinux system_u:object_r:security_xextension_t:s0 + +# Standard extensions +extension * system_u:object_r:xextension_t:s0 + + +# +## +### Rules for X Selections +## +# + +# Selection rules map a selection name to a context. A default selection +# rule indicated by an asterisk should follow all other selection rules. +# +# Standard selections +selection PRIMARY system_u:object_r:clipboard_xselection_t:s0 +selection CLIPBOARD system_u:object_r:clipboard_xselection_t:s0 + +# Default fallback type +selection * system_u:object_r:xselection_t:s0 + + +# +## +### Rules for X Events +## +# + +# +# Event rules map an event protocol name to a context. A default event +# rule indicated by an asterisk should follow all other event rules. +# +# Input events +event X11:KeyPress system_u:object_r:input_xevent_t:s0 +event X11:KeyRelease system_u:object_r:input_xevent_t:s0 +event X11:ButtonPress system_u:object_r:input_xevent_t:s0 +event X11:ButtonRelease system_u:object_r:input_xevent_t:s0 +event X11:MotionNotify system_u:object_r:input_xevent_t:s0 +event XInputExtension:DeviceKeyPress system_u:object_r:input_xevent_t:s0 +event XInputExtension:DeviceKeyRelease system_u:object_r:input_xevent_t:s0 +event XInputExtension:DeviceButtonPress system_u:object_r:input_xevent_t:s0 +event XInputExtension:DeviceButtonRelease system_u:object_r:input_xevent_t:s0 +event XInputExtension:DeviceMotionNotify system_u:object_r:input_xevent_t:s0 +event XInputExtension:DeviceValuator system_u:object_r:input_xevent_t:s0 +event XInputExtension:ProximityIn system_u:object_r:input_xevent_t:s0 +event XInputExtension:ProximityOut system_u:object_r:input_xevent_t:s0 + +# Client message events +event X11:ClientMessage system_u:object_r:client_xevent_t:s0 +event X11:SelectionNotify system_u:object_r:client_xevent_t:s0 +event X11:UnmapNotify system_u:object_r:client_xevent_t:s0 +event X11:ConfigureNotify system_u:object_r:client_xevent_t:s0 + +# Default fallback type +event * system_u:object_r:xevent_t:s0 |