3 # $XConsortium: SecurityPolicy /main/3 1996/12/20 20:27:48 swick $
5 # The site policy fields are interpreted by the XC-QUERY-SECURITY-1
6 # authorization protocol. The values are arbitrary and site-specific.
7 # Refer to the Security Extension Specification for the usage of the policies.
12 # Property access rules:
13 # property <property> <window> <permissions>
14 # <window> ::= any | root | <propertyselector>
15 # <propertyselector> ::= <property> | <property>=<value>
16 # <permissions> :== [ <operation> | <action> | <space> ]*
17 # <operation> :== r | w | d
21 # <action> :== a | i | e
26 # Allow reading of application resources, but not writing.
27 property RESOURCE_MANAGER root ar iw
28 property SCREEN_RESOURCES root ar iw
30 # Ignore attempts to use cut buffers. Giving errors causes apps to crash,
31 # and allowing access may give away too much information.
32 property CUT_BUFFER0 root irw
33 property CUT_BUFFER1 root irw
34 property CUT_BUFFER2 root irw
35 property CUT_BUFFER3 root irw
36 property CUT_BUFFER4 root irw
37 property CUT_BUFFER5 root irw
38 property CUT_BUFFER6 root irw
39 property CUT_BUFFER7 root irw
41 # If you are using Motif, you probably want these.
42 property _MOTIF_DEFAULT_BINDINGS root ar iw
43 property _MOTIF_DRAG_WINDOW root ar iw
44 property _MOTIF_DRAG_TARGETS any ar iw
45 property _MOTIF_DRAG_ATOMS any ar iw
46 property _MOTIF_DRAG_ATOM_PAIRS any ar iw
48 # If you are running CDE you also need these
49 property _MOTIF_WM_INFO root arw
50 property TT_SESSION root irw
51 property WM_ICON_SIZE root irw
52 property "SDT Pixel Set" any irw
54 # The next two rules let xwininfo -tree work when untrusted.
55 property WM_NAME any ar
57 # Allow read of WM_CLASS, but only for windows with WM_NAME.
58 # This might be more restrictive than necessary, but demonstrates
59 # the <required property> facility, and is also an attempt to
60 # say "top level windows only."
61 property WM_CLASS WM_NAME ar
63 # These next three let xlsclients work untrusted. Think carefully
64 # before including these; giving away the client machine name and command
65 # may be exposing too much.
66 property WM_STATE WM_NAME ar
67 property WM_CLIENT_MACHINE WM_NAME ar
68 property WM_COMMAND WM_NAME ar
70 # To let untrusted clients use the standard colormaps created by
71 # xstdcmap, include these lines.
72 property RGB_DEFAULT_MAP root ar
73 property RGB_BEST_MAP root ar
74 property RGB_RED_MAP root ar
75 property RGB_GREEN_MAP root ar
76 property RGB_BLUE_MAP root ar
77 property RGB_GRAY_MAP root ar
79 # To let untrusted clients use the color management database created
80 # by xcmsdb, include these lines.
81 property XDCCC_LINEAR_RGB_CORRECTION root ar
82 property XDCCC_LINEAR_RGB_MATRICES root ar
83 property XDCCC_GRAY_SCREENWHITEPOINT root ar
84 property XDCCC_GRAY_CORRECTION root ar
86 # To let untrusted clients use the overlay visuals that many vendors
87 # support, include this line.
88 property SERVER_OVERLAY_VISUALS root ar