rpms/selinux-policy/devel policy-20080509.patch, 1.13, 1.14 selinux-policy.spec, 1.671, 1.672

[Daniel J Walsh (dwalsh)]

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5057

Modified Files:
	policy-20080509.patch selinux-policy.spec 
Log Message:
* Thu Jun 12 2008 Dan Walsh <dwalsh at redhat.com> 3.4.2-3
- Prevent applications from reading x_device


policy-20080509.patch:

Index: policy-20080509.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080509.patch,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- policy-20080509.patch	12 Jun 2008 18:26:59 -0000	1.13
+++ policy-20080509.patch	12 Jun 2008 19:57:12 -0000	1.14
@@ -25914,7 +25914,7 @@
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.4.2/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2008-05-19 10:26:38.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/services/xserver.if	2008-06-12 12:10:32.884486000 -0400
++++ serefpolicy-3.4.2/policy/modules/services/xserver.if	2008-06-12 14:55:38.413681000 -0400
 @@ -16,7 +16,8 @@
  	gen_require(`
  		type xkb_var_lib_t, xserver_exec_t, xserver_log_t;
@@ -26151,8 +26151,12 @@
  
  	fs_search_auto_mountpoints($1_iceauth_t)
  
-@@ -470,31 +472,9 @@
- 	allow $1_x_domain $1_xserver_t:x_device { read getattr use setattr setfocus grab bell };
+@@ -467,34 +469,12 @@
+ 	#
+ 
+ 	# Device rules
+-	allow $1_x_domain $1_xserver_t:x_device { read getattr use setattr setfocus grab bell };
++	allow $1_x_domain $1_xserver_t:x_device { getattr use setattr setfocus grab bell };
  
  	allow $1_xserver_t { input_xevent_t $1_input_xevent_type }:x_event send;
 +	allow $2 $1_input_xevent_type:x_event send;
@@ -26266,7 +26270,7 @@
 +	# manage: xhost X11:ChangeHosts
 +	# freeze: metacity X11:GrabKey
 +	# force_cursor: metacity X11:GrabPointer
-+	allow $3 $1_xserver_t:x_device { read manage freeze force_cursor };
++	allow $3 $1_xserver_t:x_device { manage freeze force_cursor };
 +	allow $3 $1_xserver_t:x_device { getfocus setfocus grab use getattr setattr bell };
 +
 +	# gnome-settings-daemon XKEYBOARD:SetControls


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.671
retrieving revision 1.672
diff -u -r1.671 -r1.672
--- selinux-policy.spec	12 Jun 2008 18:44:52 -0000	1.671
+++ selinux-policy.spec	12 Jun 2008 19:57:12 -0000	1.672
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.4.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -375,6 +375,9 @@
 %endif
 
 %changelog
+* Thu Jun 12 2008 Dan Walsh <dwalsh at redhat.com> 3.4.2-3
+- Prevent applications from reading x_device
+
 * Thu Jun 12 2008 Dan Walsh <dwalsh at redhat.com> 3.4.2-2
 - Add /var/lib/selinux context