3
# $Xorg: SecurityPolicy,v 1.3 2000/08/17 19:47:56 cpqbld Exp $
5
# The site policy fields are interpreted by the XC-QUERY-SECURITY-1
6
# authorization protocol. The values are arbitrary and site-specific.
7
# Refer to the Security Extension Specification for the usage of the policies.
12
# Property access rules:
13
# property <property> <window> <permissions>
14
# <window> ::= any | root | <propertyselector>
15
# <propertyselector> ::= <property> | <property>=<value>
16
# <permissions> :== [ <operation> | <action> | <space> ]*
17
# <operation> :== r | w | d
21
# <action> :== a | i | e
26
# Allow reading of application resources, but not writing.
27
property RESOURCE_MANAGER root ar iw
28
property SCREEN_RESOURCES root ar iw
30
# Ignore attempts to use cut buffers. Giving errors causes apps to crash,
31
# and allowing access may give away too much information.
32
property CUT_BUFFER0 root irw
33
property CUT_BUFFER1 root irw
34
property CUT_BUFFER2 root irw
35
property CUT_BUFFER3 root irw
36
property CUT_BUFFER4 root irw
37
property CUT_BUFFER5 root irw
38
property CUT_BUFFER6 root irw
39
property CUT_BUFFER7 root irw
41
# If you are using Motif, you probably want these.
42
property _MOTIF_DEFAULT_BINDINGS root ar iw
43
property _MOTIF_DRAG_WINDOW root ar iw
44
property _MOTIF_DRAG_TARGETS any ar iw
45
property _MOTIF_DRAG_ATOMS any ar iw
46
property _MOTIF_DRAG_ATOM_PAIRS any ar iw
48
# If you are running CDE you also need these
49
property _MOTIF_WM_INFO root arw
50
property TT_SESSION root irw
51
property WM_ICON_SIZE root irw
52
property "SDT Pixel Set" any irw
54
# The next two rules let xwininfo -tree work when untrusted.
55
property WM_NAME any ar
57
# Allow read of WM_CLASS, but only for windows with WM_NAME.
58
# This might be more restrictive than necessary, but demonstrates
59
# the <required property> facility, and is also an attempt to
60
# say "top level windows only."
61
property WM_CLASS WM_NAME ar
63
# These next three let xlsclients work untrusted. Think carefully
64
# before including these; giving away the client machine name and command
65
# may be exposing too much.
66
property WM_STATE WM_NAME ar
67
property WM_CLIENT_MACHINE WM_NAME ar
68
property WM_COMMAND WM_NAME ar
70
# To let untrusted clients use the standard colormaps created by
71
# xstdcmap, include these lines.
72
property RGB_DEFAULT_MAP root ar
73
property RGB_BEST_MAP root ar
74
property RGB_RED_MAP root ar
75
property RGB_GREEN_MAP root ar
76
property RGB_BLUE_MAP root ar
77
property RGB_GRAY_MAP root ar
79
# To let untrusted clients use the color management database created
80
# by xcmsdb, include these lines.
81
property XDCCC_LINEAR_RGB_CORRECTION root ar
82
property XDCCC_LINEAR_RGB_MATRICES root ar
83
property XDCCC_GRAY_SCREENWHITEPOINT root ar
84
property XDCCC_GRAY_CORRECTION root ar
86
# To let untrusted clients use the overlay visuals that many vendors
87
# support, include this line.
88
property SERVER_OVERLAY_VISUALS root ar