IABSD.fr/xenocara/xserver/Xext/SecurityPolicy

Branch : - branch - master - tag -

• Show log

  Commit

• Author : matthieu
  Date : 2006-11-26 18:13:41
  Hash : 889b8606
  Message : Importing xserver from X.Org 7.2RC2

• xserver/Xext/SecurityPolicy

• version-1 
  
  # $Xorg: SecurityPolicy,v 1.3 2000/08/17 19:47:56 cpqbld Exp $
  
  # The site policy fields are interpreted by the XC-QUERY-SECURITY-1
  # authorization protocol.  The values are arbitrary and site-specific.
  # Refer to the Security Extension Specification for the usage of the policies.
  #sitepolicy A
  #sitepolicy B
  #sitepolicy C
  
  # Property access rules:
  # property <property> <window> <permissions>
  # <window> ::= any | root | <propertyselector>
  # <propertyselector> ::= <property> | <property>=<value>
  # <permissions> :== [ <operation> | <action> | <space> ]*
  # <operation> :== r | w | d
  #	r	read
  #	w	write
  #	d	delete
  # <action> :== a | i | e
  #	a	allow
  #	i	ignore
  #	e	error
  
  # Allow reading of application resources, but not writing.
  property RESOURCE_MANAGER	root	ar iw
  property SCREEN_RESOURCES	root	ar iw
  
  # Ignore attempts to use cut buffers.  Giving errors causes apps to crash,
  # and allowing access may give away too much information.
  property CUT_BUFFER0	root	irw
  property CUT_BUFFER1	root	irw
  property CUT_BUFFER2	root	irw
  property CUT_BUFFER3	root	irw
  property CUT_BUFFER4	root	irw
  property CUT_BUFFER5	root	irw
  property CUT_BUFFER6	root	irw
  property CUT_BUFFER7	root	irw
  
  # If you are using Motif, you probably want these.
  property _MOTIF_DEFAULT_BINDINGS	root	ar iw
  property _MOTIF_DRAG_WINDOW	root	ar iw
  property _MOTIF_DRAG_TARGETS	any 	ar iw
  property _MOTIF_DRAG_ATOMS	any 	ar iw
  property _MOTIF_DRAG_ATOM_PAIRS	any 	ar iw
  
  # If you are running CDE you also need these
  property _MOTIF_WM_INFO		root	arw
  property TT_SESSION		root	irw
  property WM_ICON_SIZE		root	irw
  property "SDT Pixel Set"	any	irw
  
  # The next two rules let xwininfo -tree work when untrusted.
  property WM_NAME	any	ar
  
  # Allow read of WM_CLASS, but only for windows with WM_NAME.
  # This might be more restrictive than necessary, but demonstrates
  # the <required property> facility, and is also an attempt to
  # say "top level windows only."
  property WM_CLASS	WM_NAME	ar
  
  # These next three let xlsclients work untrusted.  Think carefully
  # before including these; giving away the client machine name and command
  # may be exposing too much.
  property WM_STATE	WM_NAME	ar
  property WM_CLIENT_MACHINE	WM_NAME	ar
  property WM_COMMAND	WM_NAME	ar
  
  # To let untrusted clients use the standard colormaps created by
  # xstdcmap, include these lines.
  property RGB_DEFAULT_MAP	root	ar
  property RGB_BEST_MAP	root	ar
  property RGB_RED_MAP	root	ar
  property RGB_GREEN_MAP	root	ar
  property RGB_BLUE_MAP	root	ar
  property RGB_GRAY_MAP	root	ar
  
  # To let untrusted clients use the color management database created
  # by xcmsdb, include these lines.
  property XDCCC_LINEAR_RGB_CORRECTION	root	ar
  property XDCCC_LINEAR_RGB_MATRICES	root	ar
  property XDCCC_GRAY_SCREENWHITEPOINT	root	ar
  property XDCCC_GRAY_CORRECTION	root	ar
  
  # To let untrusted clients use the overlay visuals that many vendors
  # support, include this line.
  property SERVER_OVERLAY_VISUALS	root	ar