http://selinuxproject.org/w/?title=Building_the_XSELinux_Function_Test_Application&limit=500&action=history&feed=atom Building the XSELinux Function Test Application - Revision history 2024-03-28T12:00:19Z Revision history for this page on the wiki MediaWiki 1.23.13 http://selinuxproject.org/w/?title=Building_the_XSELinux_Function_Test_Application&diff=914&oldid=prev RichardHaines at 15:38, 15 March 2010 2010-03-15T15:38:49Z <p></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 15:38, 15 March 2010</td> </tr><tr><td colspan="2" class="diff-lineno">Line 2:</td> <td colspan="2" class="diff-lineno">Line 2:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The &lt;tt&gt;X-setest&lt;/tt&gt; application allows a user to execute all of the SELinuxGet/Set.. functions that are integrated with the X-Windows object manager. The application is shown in [http://taiga.selinuxproject.org/~rhaines/diagrams/X-setest.png Figure 1] and should be easy to drive.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The &lt;tt&gt;X-setest&lt;/tt&gt; application allows a user to execute all of the SELinuxGet/Set.. functions that are integrated with the X-Windows object manager. The application is shown in [http://taiga.selinuxproject.org/~rhaines/diagrams/X-setest.png Figure 1] and should be easy to drive.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This application does not require any specific policy module to run, however it will require permissions to be granted if you want to obtain information when running in other domains than the default. This has been tested with the Reference Policy once the X-windows object manager is running by setting the &lt;tt&gt;xserver_object_manager&lt;/tt&gt; boolean to &lt;tt&gt;TRUE&lt;/tt&gt;. Important note - The new &lt;tt&gt;x_keyboard&lt;/tt&gt; and &lt;tt&gt;x_pointer&lt;/tt&gt; object classes and their permissions must be be available. Red Hat F-12 <del class="diffchange diffchange-inline">builds </del>from <del class="diffchange diffchange-inline">release XX </del>will have these added.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This application does not require any specific policy module to run, however it will require permissions to be granted if you want to obtain information when running in other domains than the default. This has been tested with the Reference Policy once the X-windows object manager is running by setting the &lt;tt&gt;xserver_object_manager&lt;/tt&gt; boolean to &lt;tt&gt;TRUE&lt;/tt&gt;. Important note - The new &lt;tt&gt;x_keyboard&lt;/tt&gt; and &lt;tt&gt;x_pointer&lt;/tt&gt; object classes and their permissions must be be available. Red Hat F-12 <ins class="diffchange diffchange-inline">policy RPMs </ins>from <ins class="diffchange diffchange-inline">&lt;tt&gt;selinux-policy-3.6.32-100.fc12.noarch.rpm&lt;/tt&gt; </ins>will have these added.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The [[Experimenting With X-Windows#Calling the XSELinux Functions |Calling the XSELinux Functions]] section explains some of the issues around error handling and the source code has plenty of comments. &#160;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The [[Experimenting With X-Windows#Calling the XSELinux Functions |Calling the XSELinux Functions]] section explains some of the issues around error handling and the source code has plenty of comments. &#160;</div></td></tr> <tr><td colspan="2" class="diff-lineno">Line 18:</td> <td colspan="2" class="diff-lineno">Line 18:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* &lt;tt&gt;libX11&lt;/tt&gt;, &lt;tt&gt;libX11-common&lt;/tt&gt;, &lt;tt&gt;libX11-devel&lt;/tt&gt; - These are standard Xlib packages.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* &lt;tt&gt;libX11&lt;/tt&gt;, &lt;tt&gt;libX11-common&lt;/tt&gt;, &lt;tt&gt;libX11-devel&lt;/tt&gt; - These are standard Xlib packages.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* &lt;tt&gt;libXi&lt;/tt&gt;, &lt;tt&gt;libXi-devel&lt;/tt&gt; - These are required for retrieving Xdevice information.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* &lt;tt&gt;libXi&lt;/tt&gt;, &lt;tt&gt;libXi-devel&lt;/tt&gt; - These are required for retrieving Xdevice information.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* The &lt;tt&gt;XSELinuxOMFunctions.c&lt;/tt&gt; and &lt;tt&gt;Xlib-selinux.h&lt;/tt&gt; files that are located in the &lt;tt&gt;./x-windows/x-common&lt;/tt&gt; directory. <del class="diffchange diffchange-inline">The contents of these files are shown in the [[Experimenting With X-Windows#Building the X-Windows Select and Paste Examples |Building the X-select and X-paste Applications]] section.</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* The &lt;tt&gt;<ins class="diffchange diffchange-inline">[http://taiga.selinuxproject.org/~rhaines/notebook-source/x-windows/x-common/</ins>XSELinuxOMFunctions.c <ins class="diffchange diffchange-inline">XSELinuxOMFunctions.c]</ins>&lt;/tt&gt; and &lt;tt&gt;<ins class="diffchange diffchange-inline">[http://taiga.selinuxproject.org/~rhaines/notebook-source/x-windows/x-common/</ins>Xlib-selinux.h <ins class="diffchange diffchange-inline">Xlib-selinux.h]</ins>&lt;/tt&gt; files that are located in the &lt;tt&gt;./x-windows/x-common&lt;/tt&gt; directory. &#160;</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>&#160;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">* </ins>The application source code &lt;tt&gt;[http://taiga.selinuxproject.org/~rhaines/notebook-source/x-windows/x-setest/X-setest.c X-setest.c]<ins class="diffchange diffchange-inline">&lt;/tt&gt; that is located in the &lt;tt&gt;./x-windows/x-setest&lt;/tt&gt; directory.</ins></div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The application source code <del class="diffchange diffchange-inline">is available at </del>&lt;tt&gt;<del class="diffchange diffchange-inline">./x-windows/x-setest/X-setest.c&lt;/tt&gt; and is as follows:</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>&#160;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[http://taiga.selinuxproject.org/~rhaines/notebook-source/x-windows/x-setest/X-setest.c <del class="diffchange diffchange-inline">&#160; </del>X-setest.c]</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The &lt;tt&gt;X-setest&lt;/tt&gt; application can be built using the following command:</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The &lt;tt&gt;X-setest&lt;/tt&gt; application can be built using the following command:</div></td></tr> </table> RichardHaines http://selinuxproject.org/w/?title=Building_the_XSELinux_Function_Test_Application&diff=908&oldid=prev RichardHaines at 16:58, 14 March 2010 2010-03-14T16:58:35Z <p></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 16:58, 14 March 2010</td> </tr><tr><td colspan="2" class="diff-lineno">Line 1:</td> <td colspan="2" class="diff-lineno">Line 1:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>= Building the XSELinux Function Test Application =</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>= Building the XSELinux Function Test Application =</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The &lt;tt&gt;X-setest&lt;/tt&gt; application allows a user to execute all of the SELinuxGet/Set.. functions that are integrated with the X-Windows object manager. The application is shown in <del class="diffchange diffchange-inline">[</del>[http://taiga.selinuxproject.org/~rhaines/diagrams/X-setest.png Figure 1<del class="diffchange diffchange-inline">]</del>] and should be easy to drive.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The &lt;tt&gt;X-setest&lt;/tt&gt; application allows a user to execute all of the SELinuxGet/Set.. functions that are integrated with the X-Windows object manager. The application is shown in [http://taiga.selinuxproject.org/~rhaines/diagrams/X-setest.png Figure 1] and should be easy to drive.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This application does not require any specific policy module to run, however it will require permissions to be granted if you want to obtain information when running in other domains than the default. This has been tested with the Reference Policy once the X-windows object manager is running by setting the &lt;tt&gt;xserver_object_manager&lt;/tt&gt; boolean to &lt;tt&gt;TRUE&lt;/tt&gt;. Important note - The new &lt;tt&gt;x_keyboard&lt;/tt&gt; and &lt;tt&gt;x_pointer&lt;/tt&gt; object classes and their permissions must be be available. Red Hat F-12 builds from release XX will have these added.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This application does not require any specific policy module to run, however it will require permissions to be granted if you want to obtain information when running in other domains than the default. This has been tested with the Reference Policy once the X-windows object manager is running by setting the &lt;tt&gt;xserver_object_manager&lt;/tt&gt; boolean to &lt;tt&gt;TRUE&lt;/tt&gt;. Important note - The new &lt;tt&gt;x_keyboard&lt;/tt&gt; and &lt;tt&gt;x_pointer&lt;/tt&gt; object classes and their permissions must be be available. Red Hat F-12 builds from release XX will have these added.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The [[Experimenting <del class="diffchange diffchange-inline">with </del>X-Windows#Calling the XSELinux Functions|Calling the XSELinux Functions]] section explains some of the issues around error handling and the source code has plenty of comments. &#160;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The [[Experimenting <ins class="diffchange diffchange-inline">With </ins>X-Windows#Calling the XSELinux Functions |Calling the XSELinux Functions]] section explains some of the issues around error handling and the source code has plenty of comments. &#160;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The functions 12, 13, 19, 20 &amp; 22 return an &lt;tt&gt;XError&lt;/tt&gt; of &lt;tt&gt;BadAlloc&lt;/tt&gt; when access is denied and generates a &lt;tt&gt;USER_AVC&lt;/tt&gt; entry in the audit.log. Note however, &lt;tt&gt;XErrors&lt;/tt&gt; are checked first and are not logged in audit.log, only USER_AVC errors will be logged</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The functions 12, 13, 19, 20 &amp; 22 return an &lt;tt&gt;XError&lt;/tt&gt; of &lt;tt&gt;BadAlloc&lt;/tt&gt; when access is denied and generates a &lt;tt&gt;USER_AVC&lt;/tt&gt; entry in the audit.log. Note however, &lt;tt&gt;XErrors&lt;/tt&gt; are checked first and are not logged in audit.log, only USER_AVC errors will be logged</div></td></tr> <tr><td colspan="2" class="diff-lineno">Line 18:</td> <td colspan="2" class="diff-lineno">Line 18:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* &lt;tt&gt;libX11&lt;/tt&gt;, &lt;tt&gt;libX11-common&lt;/tt&gt;, &lt;tt&gt;libX11-devel&lt;/tt&gt; - These are standard Xlib packages.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* &lt;tt&gt;libX11&lt;/tt&gt;, &lt;tt&gt;libX11-common&lt;/tt&gt;, &lt;tt&gt;libX11-devel&lt;/tt&gt; - These are standard Xlib packages.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* &lt;tt&gt;libXi&lt;/tt&gt;, &lt;tt&gt;libXi-devel&lt;/tt&gt; - These are required for retrieving Xdevice information.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* &lt;tt&gt;libXi&lt;/tt&gt;, &lt;tt&gt;libXi-devel&lt;/tt&gt; - These are required for retrieving Xdevice information.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* The &lt;tt&gt;XSELinuxOMFunctions.c&lt;/tt&gt; and &lt;tt&gt;Xlib-selinux.h&lt;/tt&gt; files that are located in the &lt;tt&gt;./x-windows/x-common&lt;/tt&gt; directory. The contents of these files are shown in the [[Experimenting <del class="diffchange diffchange-inline">with </del>X-Windows#Building the X-<del class="diffchange diffchange-inline">select </del>and <del class="diffchange diffchange-inline">X-paste Applications</del>|Building the X-select and X-paste Applications]] section.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* The &lt;tt&gt;XSELinuxOMFunctions.c&lt;/tt&gt; and &lt;tt&gt;Xlib-selinux.h&lt;/tt&gt; files that are located in the &lt;tt&gt;./x-windows/x-common&lt;/tt&gt; directory. The contents of these files are shown in the [[Experimenting <ins class="diffchange diffchange-inline">With </ins>X-Windows#Building the X-<ins class="diffchange diffchange-inline">Windows Select </ins>and <ins class="diffchange diffchange-inline">Paste Examples </ins>|Building the X-select and X-paste Applications]] section.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The application source code is available at &lt;tt&gt;./x-windows/x-setest/X-setest.c&lt;/tt&gt; and is as follows:</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The application source code is available at &lt;tt&gt;./x-windows/x-setest/X-setest.c&lt;/tt&gt; and is as follows:</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">[</del>[http://taiga.selinuxproject.org/~rhaines/notebook-source/x-windows/x-setest/X-setest.c&#160; X-setest.c<del class="diffchange diffchange-inline">]</del>]</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>[http://taiga.selinuxproject.org/~rhaines/notebook-source/x-windows/x-setest/X-setest.c&#160; X-setest.c]</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The &lt;tt&gt;X-setest&lt;/tt&gt; application can be built using the following command:</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The &lt;tt&gt;X-setest&lt;/tt&gt; application can be built using the following command:</div></td></tr> </table> RichardHaines http://selinuxproject.org/w/?title=Building_the_XSELinux_Function_Test_Application&diff=906&oldid=prev RichardHaines: New page: = Building the XSELinux Function Test Application = The <tt>X-setest</tt> application allows a user to execute all of the SELinuxGet/Set.. functions that are integrated with the X-Windows ... 2010-03-14T16:17:55Z <p>New page: = Building the XSELinux Function Test Application = The &lt;tt&gt;X-setest&lt;/tt&gt; application allows a user to execute all of the SELinuxGet/Set.. functions that are integrated with the X-Windows ...</p> <p><b>New page</b></p><div>= Building the XSELinux Function Test Application =<br /> The &lt;tt&gt;X-setest&lt;/tt&gt; application allows a user to execute all of the SELinuxGet/Set.. functions that are integrated with the X-Windows object manager. The application is shown in [[http://taiga.selinuxproject.org/~rhaines/diagrams/X-setest.png Figure 1]] and should be easy to drive.<br /> <br /> This application does not require any specific policy module to run, however it will require permissions to be granted if you want to obtain information when running in other domains than the default. This has been tested with the Reference Policy once the X-windows object manager is running by setting the &lt;tt&gt;xserver_object_manager&lt;/tt&gt; boolean to &lt;tt&gt;TRUE&lt;/tt&gt;. Important note - The new &lt;tt&gt;x_keyboard&lt;/tt&gt; and &lt;tt&gt;x_pointer&lt;/tt&gt; object classes and their permissions must be be available. Red Hat F-12 builds from release XX will have these added.<br /> <br /> The [[Experimenting with X-Windows#Calling the XSELinux Functions|Calling the XSELinux Functions]] section explains some of the issues around error handling and the source code has plenty of comments. <br /> <br /> The functions 12, 13, 19, 20 &amp; 22 return an &lt;tt&gt;XError&lt;/tt&gt; of &lt;tt&gt;BadAlloc&lt;/tt&gt; when access is denied and generates a &lt;tt&gt;USER_AVC&lt;/tt&gt; entry in the audit.log. Note however, &lt;tt&gt;XErrors&lt;/tt&gt; are checked first and are not logged in audit.log, only USER_AVC errors will be logged<br /> <br /> When entering Atom names, the application will check if they are valid, however they are NOT checked to see if they are valid for the specific function (e.g. &lt;tt&gt;PRIMARY&lt;/tt&gt; can be entered for a &lt;tt&gt;GetProperty...&lt;/tt&gt; function, but it will fail with &lt;tt&gt;BadMatch&lt;/tt&gt;).<br /> <br /> Window and Resource IDs entered are not checked by the application and if incorrect the function will fail with &lt;tt&gt;BadMatch&lt;/tt&gt;. <br /> <br /> The '&lt;tt&gt;o&lt;/tt&gt;' option allows an output file to be specified to log the session, only minimum information is then displayed on the screen.<br /> <br /> The application requires the following to be installed if recompiled:<br /> <br /> * &lt;tt&gt;libX11&lt;/tt&gt;, &lt;tt&gt;libX11-common&lt;/tt&gt;, &lt;tt&gt;libX11-devel&lt;/tt&gt; - These are standard Xlib packages.<br /> * &lt;tt&gt;libXi&lt;/tt&gt;, &lt;tt&gt;libXi-devel&lt;/tt&gt; - These are required for retrieving Xdevice information.<br /> * The &lt;tt&gt;XSELinuxOMFunctions.c&lt;/tt&gt; and &lt;tt&gt;Xlib-selinux.h&lt;/tt&gt; files that are located in the &lt;tt&gt;./x-windows/x-common&lt;/tt&gt; directory. The contents of these files are shown in the [[Experimenting with X-Windows#Building the X-select and X-paste Applications|Building the X-select and X-paste Applications]] section.<br /> <br /> The application source code is available at &lt;tt&gt;./x-windows/x-setest/X-setest.c&lt;/tt&gt; and is as follows:<br /> <br /> [[http://taiga.selinuxproject.org/~rhaines/notebook-source/x-windows/x-setest/X-setest.c X-setest.c]]<br /> <br /> The &lt;tt&gt;X-setest&lt;/tt&gt; application can be built using the following command:<br /> &lt;pre&gt;<br /> gcc X-setest.c ../x-common/XSELinuxOMFunctions.c -o X-setest -l selinux -l X11 -l Xi<br /> &lt;/pre&gt;<br /> <br /> The &lt;tt&gt;X-setest&lt;/tt&gt; application can be called as follows:<br /> &lt;pre&gt;<br /> # Output all information to the screen:<br /> X-setest<br /> <br /> # Output all information to a specified file [log_file_name],<br /> # with minimum information displayed on the screen:<br /> X-setest [log_file_name]<br /> &lt;/pre&gt;</div> RichardHaines