Trusted Extensions Developer's Guide

Exit Print View

Updated: July 2014
 
 

Trusted X Window System Security Policy

Window, property, and pixmap objects have a user ID, a client ID, and a sensitivity label. Graphic contexts, fonts, and cursors have a client ID only. The connection between the client and the X Window Server has a user ID, an X Window Server ID, and a sensitivity label.

The user ID is the ID of the client that created the object. The client ID is related to the connection number to which the client that creates the object is connected.

The DAC policy requires a client to own an object to perform any operations on that object. A client owns an object when the client's user ID equals the object's ID. For a connection request, the user ID of the client must be in the access control list (ACL) of the owner of the X Window Server workstation. Or, the client must assert the Trusted Path attribute.

    The MAC policy is write-equal for windows and pixmaps, and read-equal for naming windows. The MAC policy is read-down for properties. The sensitivity label is set to the sensitivity label of the creating client. The following shows the MAC policy for these actions:

  • Modify, create, or delete – The sensitivity label of the client must equal the object's sensitivity label.

  • Name, read, or retrieve – The client's sensitivity label must dominate the object's sensitivity label.

  • Connection request – The sensitivity label of the client must be dominated by the session clearance of the owner of the X Window Server workstation, or the client must assert the Trusted Path attribute.

Windows can have properties that contain information to be shared among clients. Window properties are created at the sensitivity label at which the application is running, so access to the property data is segregated by its sensitivity label. Clients can create properties, store data in a property on a window, and retrieve the data from a property subject to MAC and DAC restrictions. To specify properties that are not polyinstantiated, update the /usr/lib/xorg/TrustedExtensionsPolicy file.

    These sections describe the security policy for the following:

  • Root window

  • Client windows

  • Override-redirect windows

  • Keyboard, pointer, and server control

  • Selection Manager

  • Default window resources

  • Moving data between windows