diff options
author | Chris PeBenito <pebenito@ieee.org> | 2017-08-13 16:21:44 -0400 |
---|---|---|
committer | Luis Ressel <aranea@aixah.de> | 2017-09-09 00:31:19 +0200 |
commit | 55a7d76dd8b6ddc679db0aa67cf3bbbf45fa4b30 (patch) | |
tree | f1b83848b1b9a1e7c068766166c2a8bd81e24756 /policy/modules/services/xserver.if | |
parent | kernel: Module version bump for patch from Nicolas Iooss. (diff) | |
download | hardened-refpolicy-55a7d76dd8b6ddc679db0aa67cf3bbbf45fa4b30.tar.gz hardened-refpolicy-55a7d76dd8b6ddc679db0aa67cf3bbbf45fa4b30.tar.bz2 hardened-refpolicy-55a7d76dd8b6ddc679db0aa67cf3bbbf45fa4b30.zip |
Remove complement and wildcard in allow rules.
Remove complement (~) and wildcard (*) in allow rules so that there are no
unintentional additions when new permissions are declared.
This patch does not add or remove permissions from any rules.
Diffstat (limited to 'policy/modules/services/xserver.if')
-rw-r--r-- | policy/modules/services/xserver.if | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index c0373a44..d14bf3c0 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -1511,7 +1511,7 @@ interface(`xserver_manage_core_devices',` class x_keyboard all_x_keyboard_perms; ') - allow $1 xserver_t:{ x_device x_pointer x_keyboard } *; + allow $1 xserver_t:{ x_device x_pointer x_keyboard } { getattr setattr use read write getfocus setfocus bell force_cursor freeze grab manage list_property get_property set_property add remove create destroy }; ') ######################################## |