[RFC,selinux-notebook,18/18] x_windows: don't call table 12 a table
diff mbox series

Message ID 159650491552.8961.7366503197541412357.stgit@sifl
State Accepted
Headers show
Series
  • markdown conversions and cleanups
Related show

Commit Message

Paul Moore Aug. 4, 2020, 1:35 a.m. UTC
From: Richard Haines <richard_c_haines@btinternet.com>

I've removed the Table 12: reference and reworded. This now just looks
like a list.

Also fixed a few minor nits + added a contents list.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 src/x_windows.md |  146 +++++++++++++++++++++++++++++-------------------------
 1 file changed, 79 insertions(+), 67 deletions(-)

Patch
diff mbox series

diff --git a/src/x_windows.md b/src/x_windows.md
index 6fdd39e..74edc62 100644
--- a/src/x_windows.md
+++ b/src/x_windows.md
@@ -1,5 +1,14 @@ 
 # X-Windows SELinux Support
 
+-   [**Infrastructure Overview**](#infrastructure-overview)
+-   [**Polyinstantiation**](#polyinstantiation)
+-   [**Configuration Information**](#configuration-information)
+    -    [**Enable/Disable the OM from Policy Decisions**](#enabledisable-the-om-from-policy-decisions)
+    -    [**Configure OM Enforcement Mode**](#configure-om-enforcement-mode)
+    -    [**Determine OM X-extension Opcode**](#determine-om-x-extension-opcode)
+    -    [**The *x_contexts* File**](#the-x_contexts-file)
+-   [**SELinux Extension Functions**](#selinux-extension-functions)
+
 The SELinux X-Windows (XSELinux) implementation provides fine grained
 access control over the majority of the X-server objects (known as
 resources) using an X-Windows extension acting as the object manager
@@ -53,7 +62,7 @@  information that is required by the OM for labeling certain objects. The
 OM reads its contents using the ***selabel_lookup**(3)* function.
 
 **XSELinux Object Manager** - This is an X-extension for the X-server
-process that mediates all access decisions between the the X-server (via
+process that mediates all access decisions between the X-server (via
 the XACE interface) and the SELinux security server (via *libselinux*).
 The OM is initialised before any X-clients connect to the X-server.
 
@@ -235,21 +244,30 @@  A full description of the *x_contexts* file format is given in the
 
 ## SELinux Extension Functions
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxQueryVersion              | 0                | None       |
+The XSELinux Extension Functions listed below are supported by the object
+manager as X-protocol extensions.
+
+Note that **XSELinuxGet\*** functions return a default context, however
+those with Minor Parameter: 2, 6, 9, 11, 16 and 18 will not return a value
+unless one has been set by the appropriate **XSELinuxSet\*** function (Minor
+Parameter: 1, 5, 8, 10, 15 and 17).
+
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxQueryVersion              | 0               | None                  |
 
 Returns the XSELinux version. Fedora returns 1.1.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxSetDeviceCreateContext    | 1                | Context + Len         |
+
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxSetDeviceCreateContext    | 1               | Context + Len         |
 
 Sets the context for creating a device object (*x_device*).
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetDeviceCreateContext    | 2                | None                  |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetDeviceCreateContext    | 2               | None                  |
 
 Retrieves the context set by *XSELinuxSetDeviceCreateContext*.
 
@@ -259,115 +277,115 @@  Retrieves the context set by *XSELinuxSetDeviceCreateContext*.
 
 Sets the context for creating the specified DeviceID object.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetDeviceContext          | 4                | DeviceID              |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetDeviceContext          | 4               | DeviceID              |
 
 Retrieves the context set by *XSELinuxSetDeviceContext*.
 
-| Function Name                     | Minor Parameters | Opcode                |
+| Function Name                     | Minor Parameter | Opcode                |
 | --------------------------------- | ---------------- | --------------------- |
 | XSELinuxSetWindowCreateContext    | 5                | Context + Len         |
 
 Set the context for creating a window object (*x_window*).
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetWindowCreateContext    | 6                | None                  |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetWindowCreateContext    | 6               | None                  |
 
 Retrieves the context set by *XSELinuxSetWindowCreateContext*.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetWindowContext          | 7                | WindowID              |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetWindowContext          | 7               | WindowID              |
 
 Retrieves the specified WindowID context.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxSetPropertyCreateContext  | 8                | Context               |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxSetPropertyCreateContext  | 8               | Context               |
 
 Sets the context for creating a property object (*x_property*).
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetPropertyCreateContext  | 9                | None                  |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetPropertyCreateContext  | 9               | None                  |
 
 Retrieves the context set by *XSELinuxSetPropertyCreateContext*.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxSetPropertyUseContext     | 10               | Context + Len         |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxSetPropertyUseContext     | 10              | Context + Len         |
 
 Sets the context of the property object to be retrieved when polyinstantiation
 is being used.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetPropertyUseContext     | 11               | None                  |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetPropertyUseContext     | 11              | None                  |
 
 Retrieves the property object context set by *SELinuxSetPropertyUseContext*.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetPropertyContext        | 12               | WindowID + AtomID     |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetPropertyContext        | 12              | WindowID + AtomID     |
 
 Retrieves the context of the property atom object.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetPropertyDataContext    | 13               | WindowID + AtomID     |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetPropertyDataContext    | 13              | WindowID + AtomID     |
 
 Retrieves the context of the property atom data.
 
-| Function Name                     | Minor Parameters | Opcode                |
+| Function Name                     | Minor Parameter | Opcode                |
 | --------------------------------- | ---------------- | --------------------- |
 | XSELinuxListProperties            | 14               | WindowID              |
 
 Lists the object and data contexts of properties associated with the selected
 WindowID.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxSetSelectionCreateContext | 15               | Context + Len         |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxSetSelectionCreateContext | 15              | Context + Len         |
 
 Sets the context to be used for creating a selection object.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetSelectionCreateContext | 16               | None                  |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetSelectionCreateContext | 16              | None                  |
 
 Retrieves the context set by *SELinuxSetSelectionCreateContext*.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxSetSelectionUseContext    | 17               | Context + Len         |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxSetSelectionUseContext    | 17              | Context + Len         |
 
 Sets the context of the selection object to be retrieved when polyinstantiation
 is being used. See the *XSELinuxListSelections* function for an example.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetSelectionUseContext    | 18               | None                  |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetSelectionUseContext    | 18              | None                  |
 
 Retrieves the selection object context set by *SELinuxSetSelectionUseContext*.
 
-| Function Name                     | Minor Parameters | Opcode                |
+| Function Name                     | Minor Parameter | Opcode                |
 | --------------------------------- | ---------------- | --------------------- |
 | XSELinuxGetSelectionContext       | 19               | AtomID                |
 
 Retrieves the context of the specified selection atom object.
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetSelectionDataContext   | 20               | AtomID                |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetSelectionDataContext   | 20              | AtomID                |
 
 Retrieves the context of the selection data from the current selection owner
 (*x_application_data* object).
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxListSelections            | 21               | None                  |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxListSelections            | 21              | None                  |
 
 Lists the selection atom object and data contexts associated with this display.
 The main difference in the listings is that when (for example) the *PRIMARY*
@@ -391,18 +409,12 @@  Atom: PRIMARY - Labels for client 2:
 - Object Context: *system_u:object_r:x_select_paste2_t*
 - Data Context: *system_u:object_r:x_select_paste2_t*
 
-| Function Name                     | Minor Parameters | Opcode                |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetClientContext          | 22               | ResourceID            |
+| Function Name                     | Minor Parameter | Opcode                |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetClientContext          | 22              | ResourceID            |
 
 Retrieves the client context of the specified ResourceID.
 
-**Table 12: The XSELinux Extension Functions** - *Supported by the object
-manager as X-protocol extensions. Note that some functions will return
-the default contexts, while others (2, 6, 9, 11, 16, 18) will not return
-a value unless one has been set the the appropriate function (1, 5, 8,
-10, 15, 17) by an SELinux-aware application.*
-
 <!-- %CUTHERE% -->
 
 ---