Remove complement and wildcard in allow rules.

Remove complement (~) and wildcard (*) in allow rules so that there are no unintentional additions when new permissions are declared. This patch does not add or remove permissions from any rules.
author: Chris PeBenito <pebenito@ieee.org> 2017-08-13 16:21:44 -0400
committer: Luis Ressel <aranea@aixah.de> 2017-09-09 00:31:19 +0200
commit: 55a7d76dd8b6ddc679db0aa67cf3bbbf45fa4b30 (patch)
tree: f1b83848b1b9a1e7c068766166c2a8bd81e24756 /policy/modules/services/xserver.if
parent: kernel: Module version bump for patch from Nicolas Iooss. (diff)
download: hardened-refpolicy-55a7d76dd8b6ddc679db0aa67cf3bbbf45fa4b30.tar.gz
hardened-refpolicy-55a7d76dd8b6ddc679db0aa67cf3bbbf45fa4b30.tar.bz2
hardened-refpolicy-55a7d76dd8b6ddc679db0aa67cf3bbbf45fa4b30.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index c0373a44..d14bf3c0 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -1511,7 +1511,7 @@ interface(`xserver_manage_core_devices',`
 		class x_keyboard all_x_keyboard_perms;
 	')
 
-	allow $1 xserver_t:{ x_device x_pointer x_keyboard } *;
+	allow $1 xserver_t:{ x_device x_pointer x_keyboard } { getattr setattr use read write getfocus setfocus bell force_cursor freeze grab manage list_property get_property set_property add remove create destroy };
 ')
 
 ########################################
author	Chris PeBenito <pebenito@ieee.org>	2017-08-13 16:21:44 -0400
committer	Luis Ressel <aranea@aixah.de>	2017-09-09 00:31:19 +0200
commit	55a7d76dd8b6ddc679db0aa67cf3bbbf45fa4b30 (patch)
tree	f1b83848b1b9a1e7c068766166c2a8bd81e24756 /policy/modules/services/xserver.if
parent	kernel: Module version bump for patch from Nicolas Iooss. (diff)
download	hardened-refpolicy-55a7d76dd8b6ddc679db0aa67cf3bbbf45fa4b30.tar.gz hardened-refpolicy-55a7d76dd8b6ddc679db0aa67cf3bbbf45fa4b30.tar.bz2 hardened-refpolicy-55a7d76dd8b6ddc679db0aa67cf3bbbf45fa4b30.zip