From cfd890ea58dafbcff529e6bf10f86dac482a42c6 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mon, 26 Aug 2013 08:30:05 -0400
Subject: [PATCH] Add MLS constraints for x_pointer and x_keyboard.

---
 policy/mls | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/policy/mls b/policy/mls
index d21838715..f11e5e2b7 100644
--- a/policy/mls
+++ b/policy/mls
@@ -666,6 +666,42 @@ mlsconstrain x_application_data { paste_after_confirm }
 	( l1 dom l2 );
 
 
+#
+# MLS policy for the x_pointer class
+#
+
+# the x_pointer "read" ops
+mlsconstrain x_pointer { getattr use read getfocus grab }
+	(( l1 dom l2 ) or
+	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
+	 ( t1 == mlsxwinread ));
+
+# the x_pointer "write" ops (implicit single level)
+mlsconstrain x_pointer { setattr write setfocus bell force_cursor freeze manage }
+	(( l1 eq l2 ) or
+	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+	 ( t1 == mlsxwinwritexinput ) or
+	 ( t1 == mlsxwinwrite ));
+
+
+#
+# MLS policy for the x_keyboard class
+#
+
+# the x_keyboard "read" ops
+mlsconstrain x_keyboard { getattr use read getfocus grab }
+	(( l1 dom l2 ) or
+	 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
+	 ( t1 == mlsxwinread ));
+
+# the x_keyboard "write" ops (implicit single level)
+mlsconstrain x_keyboard { setattr write setfocus bell force_cursor freeze manage }
+	(( l1 eq l2 ) or
+	 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+	 ( t1 == mlsxwinwritexinput ) or
+	 ( t1 == mlsxwinwrite ));
+
+
 
 #
 # MLS policy for the dbus class