xserver: Branch 'XACE-SELINUX' - 8 commits
Eamon Walsh
ewalsh at kemper.freedesktop.org
Wed Jan 24 21:48:17 EET 2007
Xext/XSELinuxConfig | 167 +++++++++++++++++++++++------------
Xext/xselinux.c | 143 ++++++++++++-----------------
dix/dispatch.c | 2
hw/xfree86/doc/man/xorg.conf.man.pre | 2
4 files changed, 178 insertions(+), 136 deletions(-)
New commits:
diff-tree 88f89b9ac1b92a0916c46488350ff68c3ffdd490 (from 2fb8b7f8199c35ae0870cb54b40ee28a4e01d479)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Jan 19 19:15:49 2007 -0500
Policy updates: use x prefix in property and ext types.
diff --git a/Xext/XSELinuxConfig b/Xext/XSELinuxConfig
index e45fdcc..38b7831 100644
--- a/Xext/XSELinuxConfig
+++ b/Xext/XSELinuxConfig
@@ -19,58 +19,58 @@ nonlocal_context system_u:object_r:rem
# any position (it need not be the last property rule listed).
#
# Properties set by typical clients: WM, _NET_WM, etc.
-property WM_NAME client_property_t
-property WM_CLASS client_property_t
-property WM_ICON_NAME client_property_t
-property WM_HINTS client_property_t
-property WM_NORMAL_HINTS client_property_t
-property WM_COMMAND client_property_t
-property WM_CLIENT_MACHINE client_property_t
-property WM_LOCALE_NAME client_property_t
-property WM_CLIENT_LEADER client_property_t
-property WM_STATE client_property_t
-property WM_PROTOCOLS client_property_t
-property WM_WINDOW_ROLE client_property_t
-property WM_TRANSIENT_FOR client_property_t
-property _NET_WM_NAME client_property_t
-property _NET_WM_ICON client_property_t
-property _NET_WM_ICON_NAME client_property_t
-property _NET_WM_PID client_property_t
-property _NET_WM_STATE client_property_t
-property _NET_WM_DESKTOP client_property_t
-property _NET_WM_SYNC_REQUEST_COUNTER client_property_t
-property _NET_WM_WINDOW_TYPE client_property_t
-property _NET_WM_USER_TIME client_property_t
-property _MOTIF_DRAG_RECEIVER_INFO client_property_t
-property XdndAware client_property_t
+property WM_NAME client_xproperty_t
+property WM_CLASS client_xproperty_t
+property WM_ICON_NAME client_xproperty_t
+property WM_HINTS client_xproperty_t
+property WM_NORMAL_HINTS client_xproperty_t
+property WM_COMMAND client_xproperty_t
+property WM_CLIENT_MACHINE client_xproperty_t
+property WM_LOCALE_NAME client_xproperty_t
+property WM_CLIENT_LEADER client_xproperty_t
+property WM_STATE client_xproperty_t
+property WM_PROTOCOLS client_xproperty_t
+property WM_WINDOW_ROLE client_xproperty_t
+property WM_TRANSIENT_FOR client_xproperty_t
+property _NET_WM_NAME client_xproperty_t
+property _NET_WM_ICON client_xproperty_t
+property _NET_WM_ICON_NAME client_xproperty_t
+property _NET_WM_PID client_xproperty_t
+property _NET_WM_STATE client_xproperty_t
+property _NET_WM_DESKTOP client_xproperty_t
+property _NET_WM_SYNC_REQUEST_COUNTER client_xproperty_t
+property _NET_WM_WINDOW_TYPE client_xproperty_t
+property _NET_WM_USER_TIME client_xproperty_t
+property _MOTIF_DRAG_RECEIVER_INFO client_xproperty_t
+property XdndAware client_xproperty_t
# Properties written by xrdb
-property RESOURCE_MANAGER rm_property_t
-property SCREEN_RESOURCES rm_property_t
+property RESOURCE_MANAGER rm_xproperty_t
+property SCREEN_RESOURCES rm_xproperty_t
# Properties written by window managers
-property _MIT_PRIORITY_COLORS wm_property_t
+property _MIT_PRIORITY_COLORS wm_xproperty_t
# Properties used for security labeling
-property _SELINUX_CLIENT_CONTEXT seclabel_property_t
+property _SELINUX_CLIENT_CONTEXT seclabel_xproperty_t
# Properties used to communicate screen information
-property XFree86_VT info_property_t
-property XFree86_DDC_EDID1_RAWDATA info_property_t
+property XFree86_VT info_xproperty_t
+property XFree86_DDC_EDID1_RAWDATA info_xproperty_t
# Clipboard and selection properties
-property CUT_BUFFER0 clipboard_property_t
-property CUT_BUFFER1 clipboard_property_t
-property CUT_BUFFER2 clipboard_property_t
-property CUT_BUFFER3 clipboard_property_t
-property CUT_BUFFER4 clipboard_property_t
-property CUT_BUFFER5 clipboard_property_t
-property CUT_BUFFER6 clipboard_property_t
-property CUT_BUFFER7 clipboard_property_t
-property _XT_SELECTION_0 clipboard_property_t
+property CUT_BUFFER0 clipboard_xproperty_t
+property CUT_BUFFER1 clipboard_xproperty_t
+property CUT_BUFFER2 clipboard_xproperty_t
+property CUT_BUFFER3 clipboard_xproperty_t
+property CUT_BUFFER4 clipboard_xproperty_t
+property CUT_BUFFER5 clipboard_xproperty_t
+property CUT_BUFFER6 clipboard_xproperty_t
+property CUT_BUFFER7 clipboard_xproperty_t
+property _XT_SELECTION_0 clipboard_xproperty_t
# Default fallback type
-property default unknown_property_t
+property default unknown_xproperty_t
#
# Extension rules map an extension name to a SELinux type. The type must
@@ -81,63 +81,63 @@ property default unknown_property_t
# any position (it need not be the last extension rule listed).
#
# Standard extensions
-extension BIG-REQUESTS std_ext_t
-extension DOUBLE-BUFFER std_ext_t
-extension Extended-Visual-Information std_ext_t
-extension MIT-SUNDRY-NONSTANDARD std_ext_t
-extension SHAPE std_ext_t
-extension SYNC std_ext_t
-extension XC-MISC std_ext_t
-extension XFIXES std_ext_t
-extension XFree86-Misc std_ext_t
-extension XpExtension std_ext_t
+extension BIG-REQUESTS std_xext_t
+extension DOUBLE-BUFFER std_xext_t
+extension Extended-Visual-Information std_xext_t
+extension MIT-SUNDRY-NONSTANDARD std_xext_t
+extension SHAPE std_xext_t
+extension SYNC std_xext_t
+extension XC-MISC std_xext_t
+extension XFIXES std_xext_t
+extension XFree86-Misc std_xext_t
+extension XpExtension std_xext_t
# Screen management and multihead extensions
-extension RANDR output_ext_t
-extension XINERAMA std_ext_t
+extension RANDR output_xext_t
+extension XINERAMA std_xext_t
# Input extensions
-extension XInputExtension input_ext_t
-extension XKEYBOARD input_ext_t
+extension XInputExtension input_xext_t
+extension XKEYBOARD input_xext_t
# Screensaver, power management extensions
-extension DPMS screensaver_ext_t
-extension MIT-SCREEN-SAVER screensaver_ext_t
+extension DPMS screensaver_xext_t
+extension MIT-SCREEN-SAVER screensaver_xext_t
# Fonting extensions
-extension FontCache font_ext_t
-extension XFree86-Bigfont font_ext_t
+extension FontCache font_xext_t
+extension XFree86-Bigfont font_xext_t
# Shared memory extensions
-extension MIT-SHM shmem_ext_t
+extension MIT-SHM shmem_xext_t
# Accelerated graphics, OpenGL, direct rendering extensions
-extension DAMAGE accelgraphics_ext_t
-extension GLX accelgraphics_ext_t
-extension NV-CONTROL accelgraphics_ext_t
-extension NV-GLX accelgraphics_ext_t
-extension NVIDIA-GLX accelgraphics_ext_t
-extension RENDER std_ext_t
-extension XFree86-DGA accelgraphics_ext_t
+extension DAMAGE accelgraphics_xext_t
+extension GLX accelgraphics_xext_t
+extension NV-CONTROL accelgraphics_xext_t
+extension NV-GLX accelgraphics_xext_t
+extension NVIDIA-GLX accelgraphics_xext_t
+extension RENDER std_xext_t
+extension XFree86-DGA accelgraphics_xext_t
# Debugging, testing, and recording extensions
-extension RECORD debug_ext_t
-extension X-Resource debug_ext_t
-extension XTEST debug_ext_t
+extension RECORD debug_xext_t
+extension X-Resource debug_xext_t
+extension XTEST debug_xext_t
# Extensions just for window managers
-extension TOG-CUP windowmgr_ext_t
+extension TOG-CUP windowmgr_xext_t
# Security-related extensions
-extension SECURITY security_ext_t
-extension SELinux security_ext_t
-extension XAccessControlExtension security_ext_t
-extension XC-APPGROUP security_ext_t
+extension SECURITY security_xext_t
+extension SELinux security_xext_t
+extension XAccessControlExtension security_xext_t
+extension XC-APPGROUP security_xext_t
# Video extensions
-extension XFree86-VidModeExtension video_ext_t
-extension XVideo video_ext_t
-extension XVideo-MotionCompensation video_ext_t
+extension XFree86-VidModeExtension video_xext_t
+extension XVideo video_xext_t
+extension XVideo-MotionCompensation video_xext_t
# Default fallback type
-extension default unknown_ext_t
+extension default unknown_xext_t
diff-tree 2fb8b7f8199c35ae0870cb54b40ee28a4e01d479 (from 700fccf863593cbea1691789f1f1cafc08a32fee)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Jan 19 19:14:51 2007 -0500
Split ObjectSIDByLabel into two functions since property labeling now
involves an additional compute_create lookup.
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index a6e0213..5b77269 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -314,36 +314,75 @@ IDPerm(ClientPtr sclient,
}
/*
- * ObjectSIDByLabel - get SID for an extension or property.
+ * GetPropertySID - compute SID for a property object.
*
* Arguments:
- * class: should be SECCLASS_XEXTENSION or SECCLASS_PROPERTY.
- * name: name of the extension or property.
+ * basecontext: context of client owning the property.
+ * name: name of the property.
*
* Returns: proper SID for the object or NULL on error.
*/
static security_id_t
-ObjectSIDByLabel(security_context_t basecontext, security_class_t class,
- const char *name)
+GetPropertySID(security_context_t base, const char *name)
+{
+ security_context_t new, result;
+ context_t con;
+ security_id_t sid = NULL;
+ char **ptr, *type = NULL;
+
+ /* make a new context-manipulation object */
+ con = context_new(base);
+ if (!con)
+ goto out;
+
+ /* look in the mappings of names to types */
+ for (ptr = propertyTypes; *ptr; ptr+=2)
+ if (!strcmp(*ptr, name))
+ break;
+ type = ptr[1];
+
+ /* set the role and type in the context (user unchanged) */
+ if (context_type_set(con, type) ||
+ context_role_set(con, "object_r"))
+ goto out2;
+
+ /* get a context string from the context-manipulation object */
+ new = context_str(con);
+ if (!new)
+ goto out2;
+
+ /* perform a transition to obtain the final context */
+ if (security_compute_create(base, new, SECCLASS_PROPERTY, &result) < 0)
+ goto out2;
+
+ /* get a SID for the context */
+ avc_context_to_sid(result, &sid);
+ freecon(result);
+ out2:
+ context_free(con);
+ out:
+ return sid;
+}
+
+/*
+ * GetExtensionSID - compute SID for an extension object.
+ *
+ * Arguments:
+ * name: name of the extension.
+ *
+ * Returns: proper SID for the object or NULL on error.
+ */
+static security_id_t
+GetExtensionSID(const char *name)
{
security_context_t base, new;
context_t con;
security_id_t sid = NULL;
char **ptr, *type = NULL;
- if (basecontext != NULL)
- {
- /* use the supplied context */
- base = strdup(basecontext);
- if (base == NULL)
- goto out;
- }
- else
- {
- /* get server context */
- if (getcon(&base) < 0)
- goto out;
- }
+ /* get server context */
+ if (getcon(&base) < 0)
+ goto out;
/* make a new context-manipulation object */
con = context_new(base);
@@ -351,8 +390,7 @@ ObjectSIDByLabel(security_context_t base
goto out2;
/* look in the mappings of names to types */
- ptr = (class == SECCLASS_PROPERTY) ? propertyTypes : extensionTypes;
- for (; *ptr; ptr+=2)
+ for (ptr = extensionTypes; *ptr; ptr+=2)
if (!strcmp(*ptr, name))
break;
type = ptr[1];
@@ -368,8 +406,7 @@ ObjectSIDByLabel(security_context_t base
goto out3;
/* get a SID for the context */
- if (avc_context_to_sid(new, &sid) < 0)
- goto out3;
+ avc_context_to_sid(new, &sid);
out3:
context_free(con);
@@ -1028,7 +1065,7 @@ CALLBACK(XSELinuxExtDispatch)
/* XXX there should be a separate callback for this */
if (!EXTENSIONSID(ext))
{
- extsid = ObjectSIDByLabel(NULL, SECCLASS_XEXTENSION, ext->name);
+ extsid = GetExtensionSID(ext->name);
if (!extsid)
return;
EXTENSIONSID(ext) = extsid;
@@ -1071,7 +1108,7 @@ CALLBACK(XSELinuxProperty)
if (!tclient || !HAVESTATE(tclient))
return;
- propsid = ObjectSIDByLabel(SID(tclient)->ctx, SECCLASS_PROPERTY, propname);
+ propsid = GetPropertySID(SID(tclient)->ctx, propname);
if (!propsid)
return;
diff-tree 700fccf863593cbea1691789f1f1cafc08a32fee (from 3a9791b456f35adb252a9059b19265c6c447f1ba)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Jan 19 14:56:38 2007 -0500
Remove the root window context line from the configuration file.
This context will be derived through a type_transition rule instead.
diff --git a/Xext/XSELinuxConfig b/Xext/XSELinuxConfig
index 4958264..e45fdcc 100644
--- a/Xext/XSELinuxConfig
+++ b/Xext/XSELinuxConfig
@@ -9,7 +9,6 @@
# security policy. Only one nonlocal_context rule may be defined.
#
nonlocal_context system_u:object_r:remote_xclient_t:s0
-root_window_context system_u:object_r:root_window_t:s0
#
# Property rules map a property name to a SELinux type. The type must
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 9b5ee10..a6e0213 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -128,9 +128,6 @@ Atom atom_client_ctx;
/* security context for non-local clients */
static char *XSELinuxNonlocalContextDefault = NULL;
-/* security context for the root window */
-static char *XSELinuxRootWindowContext = NULL;
-
/* Selection stuff from dix */
extern Selection *CurrentSelections;
extern int NumCurrentSelections;
@@ -1241,9 +1238,7 @@ static char *XSELinuxKeywords[] = {
"extension",
#define XSELinuxKeywordNonlocalContext 3
"nonlocal_context",
-#define XSELinuxKeywordRootWindowContext 4
- "root_window_context",
-#define XSELinuxKeywordDefault 5
+#define XSELinuxKeywordDefault 4
"default"
};
@@ -1582,39 +1577,6 @@ XSELinuxParseNonlocalContext(char *p)
} /* XSELinuxParseNonlocalContext */
static Bool
-XSELinuxParseRootWindowContext(char *p)
-{
- char *context;
-
- context = XSELinuxParseString(&p);
- if (!context || (strlen(context) == 0))
- {
- return FALSE;
- }
-
- if (XSELinuxRootWindowContext != NULL)
- {
- return FALSE;
- }
-
- /* validate the context */
- if (security_check_context(context))
- {
- return FALSE;
- }
-
- XSELinuxRootWindowContext = (char *)xalloc(strlen(context)+1);
- if (!XSELinuxRootWindowContext)
- {
- ErrorF("XSELinux: out of memory\n");
- return FALSE;
- }
- strcpy(XSELinuxRootWindowContext, context);
-
- return TRUE;
-} /* XSELinuxParseRootWindowContext */
-
-static Bool
XSELinuxLoadConfigFile(void)
{
FILE *f;
@@ -1630,7 +1592,6 @@ XSELinuxLoadConfigFile(void)
propertyTypes = extensionTypes = NULL;
XSELinuxPropertyTypeDefault = XSELinuxExtensionTypeDefault = NULL;
XSELinuxNonlocalContextDefault = NULL;
- XSELinuxRootWindowContext = NULL;
#ifndef __UNIXOS2__
f = fopen(XSELINUXCONFIGFILE, "r");
@@ -1671,10 +1632,6 @@ XSELinuxLoadConfigFile(void)
validLine = XSELinuxParseNonlocalContext(p);
break;
- case XSELinuxKeywordRootWindowContext:
- validLine = XSELinuxParseRootWindowContext(p);
- break;
-
default:
validLine = (*p == '\0');
break;
@@ -1706,11 +1663,6 @@ XSELinuxLoadConfigFile(void)
ErrorF("XSELinux: No default context for non-local clients specified\n");
goto out;
}
- else if (XSELinuxRootWindowContext == NULL)
- {
- ErrorF("XSELinux: No context specified for the root window\n");
- goto out;
- }
/* Finally, append the default property and extension types to the
* bottoms of the propertyTypes and extensionTypes arrays, respectively.
@@ -1780,10 +1732,6 @@ XSELinuxFreeConfigData(void)
/* finally, take care of the context for non-local connections */
xfree(XSELinuxNonlocalContextDefault);
XSELinuxNonlocalContextDefault = NULL;
-
- /* ... and for the root window */
- xfree(XSELinuxRootWindowContext);
- XSELinuxRootWindowContext = NULL;
} /* XSELinuxFreeConfigData */
/* Extension dispatch functions */
@@ -1890,10 +1838,6 @@ XSELinuxExtensionInit(INITARGS)
/* Load the config file. If this fails, shut down the server,
* since an unknown security status is worse than no security.
- *
- * Note that this must come before we assign a security state
- * for the serverClient, because the serverClient's root windows
- * are assigned a context based on data in the config file.
*/
if (XSELinuxLoadConfigFile() != TRUE)
{
diff-tree 3a9791b456f35adb252a9059b19265c6c447f1ba (from 43a4376bd72ef1b6486cddb60ad57b2d6169292a)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Jan 19 14:53:09 2007 -0500
Policy updates.
diff --git a/Xext/XSELinuxConfig b/Xext/XSELinuxConfig
index 1c5016e..4958264 100644
--- a/Xext/XSELinuxConfig
+++ b/Xext/XSELinuxConfig
@@ -59,15 +59,16 @@ property _SELINUX_CLIENT_CONTEXT seclabe
property XFree86_VT info_property_t
property XFree86_DDC_EDID1_RAWDATA info_property_t
-# Cut buffers
-property CUT_BUFFER0 cut_buffer_property_t
-property CUT_BUFFER1 cut_buffer_property_t
-property CUT_BUFFER2 cut_buffer_property_t
-property CUT_BUFFER3 cut_buffer_property_t
-property CUT_BUFFER4 cut_buffer_property_t
-property CUT_BUFFER5 cut_buffer_property_t
-property CUT_BUFFER6 cut_buffer_property_t
-property CUT_BUFFER7 cut_buffer_property_t
+# Clipboard and selection properties
+property CUT_BUFFER0 clipboard_property_t
+property CUT_BUFFER1 clipboard_property_t
+property CUT_BUFFER2 clipboard_property_t
+property CUT_BUFFER3 clipboard_property_t
+property CUT_BUFFER4 clipboard_property_t
+property CUT_BUFFER5 clipboard_property_t
+property CUT_BUFFER6 clipboard_property_t
+property CUT_BUFFER7 clipboard_property_t
+property _XT_SELECTION_0 clipboard_property_t
# Default fallback type
property default unknown_property_t
diff-tree 43a4376bd72ef1b6486cddb60ad57b2d6169292a (from parents)
Merge: 4b1c9ac3d13767e395b47e76b37f9f3a569e7be1 d9e079d2a385203fdd18d958cfc19d759cab4ba8
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Dec 22 13:53:55 2006 -0500
Merge branch 'master' into my-XACE-SELINUX
diff-tree d9e079d2a385203fdd18d958cfc19d759cab4ba8 (from e437f357b6850a6c87ca6696870b3abd40e5b8ed)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Dec 22 13:07:09 2006 -0500
Zero out client devPrivates on allocation.
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 51ad07d..d44687e 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -3752,6 +3752,8 @@ InitClientPrivates(ClientPtr client)
client->devPrivates = ppriv;
sizes = clientPrivateSizes;
ptr = (char *)(ppriv + clientPrivateLen);
+ if (ppriv)
+ bzero(ppriv, totalClientSize - sizeof(ClientRec));
for (i = clientPrivateLen; --i >= 0; ppriv++, sizes++)
{
if ( (size = *sizes) )
diff-tree 4b1c9ac3d13767e395b47e76b37f9f3a569e7be1 (from cd71e861830081807e5b93ae89c73c17986c6330)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Dec 22 13:04:50 2006 -0500
Policy updates.
diff --git a/Xext/XSELinuxConfig b/Xext/XSELinuxConfig
index 65f4015..1c5016e 100644
--- a/Xext/XSELinuxConfig
+++ b/Xext/XSELinuxConfig
@@ -19,13 +19,47 @@ root_window_context system_u:object_r:
# property type may not be omitted. The default rule may appear in
# any position (it need not be the last property rule listed).
#
-property WM_NAME wm_property_t
-property WM_CLASS wm_property_t
-property WM_ICON_NAME wm_property_t
-property WM_HINTS wm_property_t
-property WM_NORMAL_HINTS wm_property_t
-property WM_COMMAND wm_property_t
+# Properties set by typical clients: WM, _NET_WM, etc.
+property WM_NAME client_property_t
+property WM_CLASS client_property_t
+property WM_ICON_NAME client_property_t
+property WM_HINTS client_property_t
+property WM_NORMAL_HINTS client_property_t
+property WM_COMMAND client_property_t
+property WM_CLIENT_MACHINE client_property_t
+property WM_LOCALE_NAME client_property_t
+property WM_CLIENT_LEADER client_property_t
+property WM_STATE client_property_t
+property WM_PROTOCOLS client_property_t
+property WM_WINDOW_ROLE client_property_t
+property WM_TRANSIENT_FOR client_property_t
+property _NET_WM_NAME client_property_t
+property _NET_WM_ICON client_property_t
+property _NET_WM_ICON_NAME client_property_t
+property _NET_WM_PID client_property_t
+property _NET_WM_STATE client_property_t
+property _NET_WM_DESKTOP client_property_t
+property _NET_WM_SYNC_REQUEST_COUNTER client_property_t
+property _NET_WM_WINDOW_TYPE client_property_t
+property _NET_WM_USER_TIME client_property_t
+property _MOTIF_DRAG_RECEIVER_INFO client_property_t
+property XdndAware client_property_t
+# Properties written by xrdb
+property RESOURCE_MANAGER rm_property_t
+property SCREEN_RESOURCES rm_property_t
+
+# Properties written by window managers
+property _MIT_PRIORITY_COLORS wm_property_t
+
+# Properties used for security labeling
+property _SELINUX_CLIENT_CONTEXT seclabel_property_t
+
+# Properties used to communicate screen information
+property XFree86_VT info_property_t
+property XFree86_DDC_EDID1_RAWDATA info_property_t
+
+# Cut buffers
property CUT_BUFFER0 cut_buffer_property_t
property CUT_BUFFER1 cut_buffer_property_t
property CUT_BUFFER2 cut_buffer_property_t
@@ -35,6 +69,7 @@ property CUT_BUFFER5 cut_buffer_proper
property CUT_BUFFER6 cut_buffer_property_t
property CUT_BUFFER7 cut_buffer_property_t
+# Default fallback type
property default unknown_property_t
#
@@ -45,40 +80,64 @@ property default unknown_property_t
# extension type may not be omitted. The default rule may appear in
# any position (it need not be the last extension rule listed).
#
+# Standard extensions
extension BIG-REQUESTS std_ext_t
extension DOUBLE-BUFFER std_ext_t
-extension DPMS screensaver_ext_t
extension Extended-Visual-Information std_ext_t
-extension FontCache font_ext_t
-extension GLX std_ext_t
-extension LBX std_ext_t
+extension MIT-SUNDRY-NONSTANDARD std_ext_t
+extension SHAPE std_ext_t
+extension SYNC std_ext_t
+extension XC-MISC std_ext_t
+extension XFIXES std_ext_t
+extension XFree86-Misc std_ext_t
+extension XpExtension std_ext_t
+
+# Screen management and multihead extensions
+extension RANDR output_ext_t
+extension XINERAMA std_ext_t
+
+# Input extensions
+extension XInputExtension input_ext_t
+extension XKEYBOARD input_ext_t
+
+# Screensaver, power management extensions
+extension DPMS screensaver_ext_t
extension MIT-SCREEN-SAVER screensaver_ext_t
+
+# Fonting extensions
+extension FontCache font_ext_t
+extension XFree86-Bigfont font_ext_t
+
+# Shared memory extensions
extension MIT-SHM shmem_ext_t
-extension MIT-SUNDRY-NONSTANDARD std_ext_t
+
+# Accelerated graphics, OpenGL, direct rendering extensions
+extension DAMAGE accelgraphics_ext_t
+extension GLX accelgraphics_ext_t
extension NV-CONTROL accelgraphics_ext_t
extension NV-GLX accelgraphics_ext_t
extension NVIDIA-GLX accelgraphics_ext_t
-extension RANDR std_ext_t
-extension RECORD debug_ext_t
extension RENDER std_ext_t
+extension XFree86-DGA accelgraphics_ext_t
+
+# Debugging, testing, and recording extensions
+extension RECORD debug_ext_t
+extension X-Resource debug_ext_t
+extension XTEST debug_ext_t
+
+# Extensions just for window managers
+extension TOG-CUP windowmgr_ext_t
+
+# Security-related extensions
extension SECURITY security_ext_t
extension SELinux security_ext_t
-extension SHAPE std_ext_t
-extension SYNC sync_ext_t
-extension TOG-CUP windowmgr_ext_t
-extension X-Resource debug_ext_t
extension XAccessControlExtension security_ext_t
-extension XACEUSR security_ext_t
extension XC-APPGROUP security_ext_t
-extension XC-MISC std_ext_t
-extension XFree86-Bigfont font_ext_t
-extension XFree86-DGA accelgraphics_ext_t
-extension XFree86-Misc std_ext_t
+
+# Video extensions
extension XFree86-VidModeExtension video_ext_t
-extension XInputExtension input_ext_t
-extension XKEYBOARD input_ext_t
-extension XpExtension std_ext_t
-extension XTEST debug_ext_t
extension XVideo video_ext_t
extension XVideo-MotionCompensation video_ext_t
+
+# Default fallback type
extension default unknown_ext_t
diff-tree e437f357b6850a6c87ca6696870b3abd40e5b8ed (from d442998e39611be6805ea261f2286a2fd00f49b1)
Author: Alan Coopersmith <alan.coopersmith at sun.com>
Date: Tue Dec 19 16:38:34 2006 -0800
xorg.conf man page should say "XFree86-DGA", not "Xorg-DGA"
diff --git a/hw/xfree86/doc/man/xorg.conf.man.pre b/hw/xfree86/doc/man/xorg.conf.man.pre
index 8d52b2b..bbba211 100644
--- a/hw/xfree86/doc/man/xorg.conf.man.pre
+++ b/hw/xfree86/doc/man/xorg.conf.man.pre
@@ -649,7 +649,7 @@ being
that are passed to the module when it is loaded.
.PP
Example: the extmod module (which contains a miscellaneous group of
-server extensions) can be loaded, with the __xservername__-DGA extension
+server extensions) can be loaded, with the XFree86-DGA extension
disabled by using the following entry:
.PP
.RS 4
More information about the xorg-commit
mailing list