# This file is a part of ALT Linux SeLinux policy.
# Copyright (C) 2013 ALT Linux company

#
# Config file for XSELinux extension
#


#
##
### Rules for X Clients
##
#

#
# The default client rule defines a context to be used for all clients
# connecting to the server from a remote host.
#
client  *                                     generic_u:object_r:x_t:s0


#
##
### Rules for X Properties
##
#

#
# Property rules map a property name to a context.  A default property
# rule indicated by an asterisk should follow all other property rules.
#
# Properties that normal clients may only read
poly_property _SELINUX_*                           generic_u:object_r:x_t:s0

# http://www.x.org/releases/X11R7.7/doc/xorg-docs/icccm/icccm.html#Summary_of_Window_Manager_Property_Types
#
# Window managers should see few window properties.
# If it doesn't, than WM can act in unpredictable behaviour.
# To close some application check WM_PROTOCOLS property, than sends WM_DELETE_WINDOW atom.
# If WM_PROTOCOLS is absent WM just detach apps from X server.
# Application crashed.
property WM_CLASS                                 generic_u:object_r:x_t:s0
property WM_CLIENT_MACHINE                        generic_u:object_r:x_t:s0
property WM_CLIENT_LEADER                         generic_u:object_r:x_t:s0
property WM_COLORMAP_WINDOWS                      generic_u:object_r:x_t:s0
property WM_HINTS                                 generic_u:object_r:x_t:s0
property WM_ICON_NAME                             generic_u:object_r:x_t:s0
property WM_ICON_SIZE                             generic_u:object_r:x_t:s0
property WM_NAME                                  generic_u:object_r:x_t:s0
property WM_NORMAL_HINTS                          generic_u:object_r:x_t:s0
property WM_PROTOCOLS                             generic_u:object_r:x_t:s0
property WM_STATE                                 generic_u:object_r:x_t:s0
property WM_TRANSIENT_FOR                         generic_u:object_r:x_t:s0
property WM_COMMAND                               generic_u:object_r:x_t:s0

# Clipboard and selection properties
poly_property CUT_BUFFER?                          generic_u:object_r:x_t:s0

# Default fallback type
poly_property *                                    generic_u:object_r:x_t:s0


#
##
### Rules for X Extensions
##
#

#
# Extension rules map an extension name to a context.  A default extension
# rule indicated by an asterisk should follow all other extension rules.
#
# Restricted extensions
extension SELinux                             generic_u:object_r:x_t:s0

# Standard extensions
extension *                                   generic_u:object_r:x_t:s0


#
##
### Rules for X Selections
##
#

# Selection rules map a selection name to a context.  A default selection
# rule indicated by an asterisk should follow all other selection rules.
#
# Standard selections
poly_selection PRIMARY          generic_u:object_r:primary_xselection_t:s0
poly_selection CLIPBOARD        generic_u:object_r:clipboard_xselection_t:s0
poly_selection XA_PRIMARY       generic_u:object_r:xa_primary_xselection_t:s0
poly_selection XA_SECONDARY     generic_u:object_r:xa_secondary_xselection_t:s0

# Default fallback type
poly_selection *            generic_u:object_r:undefined_xselection_t:s0


#
##
### Rules for X Events
##
#

#
# Event rules map an event protocol name to a context.  A default event
# rule indicated by an asterisk should follow all other event rules.
#
# Input events
event X11:KeyPress                            generic_u:object_r:x_t:s0
event X11:KeyRelease                          generic_u:object_r:x_t:s0
event X11:ButtonPress                         generic_u:object_r:x_t:s0
event X11:ButtonRelease                       generic_u:object_r:x_t:s0
event X11:MotionNotify                        generic_u:object_r:x_t:s0
event XInputExtension:DeviceKeyPress          generic_u:object_r:x_t:s0
event XInputExtension:DeviceKeyRelease        generic_u:object_r:x_t:s0
event XInputExtension:DeviceButtonPress       generic_u:object_r:x_t:s0
event XInputExtension:DeviceButtonRelease     generic_u:object_r:x_t:s0
event XInputExtension:DeviceMotionNotify      generic_u:object_r:x_t:s0
event XInputExtension:DeviceValuator          generic_u:object_r:x_t:s0
event XInputExtension:ProximityIn             generic_u:object_r:x_t:s0
event XInputExtension:ProximityOut            generic_u:object_r:x_t:s0

# Client message events
event X11:ClientMessage                       generic_u:object_r:x_t:s0
event X11:SelectionNotify                     generic_u:object_r:x_t:s0
event X11:UnmapNotify                         generic_u:object_r:x_t:s0
event X11:ConfigureNotify                     generic_u:object_r:x_t:s0

# Default fallback type
event *                                       generic_u:object_r:x_t:s0

# vim:expandtab ts=4 sw=4 tw=0
