[RFC,selinux-notebook,18/18] x_windows: don't call table 12 a table

Message ID	159650491552.8961.7366503197541412357.stgit@sifl (mailing list archive)
State	Accepted
Headers	show Return-Path: <SRS0=dV66=BO=vger.kernel.org=selinux-owner@kernel.org> Subject: [RFC,selinux-notebook PATCH 18/18] x_windows: don't call table 12 a table From: Paul Moore <paul@paul-moore.com> To: selinux@vger.kernel.org Date: Mon, 03 Aug 2020 21:35:15 -0400 Message-ID: <159650491552.8961.7366503197541412357.stgit@sifl> In-Reply-To: <159650470076.8961.12721446818345626943.stgit@sifl> References: <159650470076.8961.12721446818345626943.stgit@sifl> User-Agent: StGit/0.23 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: selinux-owner@vger.kernel.org Precedence: bulk
Series	markdown conversions and cleanups \| expand [RFC,selinux-notebook,00/18] markdown conversions and cleanups [RFC,selinux-notebook,01/18] build: explicitly enable pandoc pipe_tables [RFC,selinux-notebook,02/18] css: identify table layout hacks [RFC,selinux-notebook,03/18] css: style improvements [RFC,selinux-notebook,04/18] x_windows: fully convert to markdown [RFC,selinux-notebook,05/18] xperm_rules: fully convert to markdown [RFC,selinux-notebook,06/18] xen_statements: fully convert to markdown [RFC,selinux-notebook,07/18] vm_support: fully convert to markdown [RFC,selinux-notebook,08/18] user_statements: fully convert to markdown [RFC,selinux-notebook,09/18] userspace_libraries: fully convert to markdown [RFC,selinux-notebook,10/18] type_statements: fully convert to markdown [RFC,selinux-notebook,11/18] postgresql: update PostgreSQL SELinux Support section [RFC,selinux-notebook,12/18] all: remove all the <br> tags we haven't gotten to yet [RFC,selinux-notebook,13/18] all: unify example formatting (scripts, code, policy, etc) in markdown [RFC,selinux-notebook,15/18] all: consolidate multiple blank lines into one [RFC,selinux-notebook,16/18] kernel_policy_language: convert the footnotes to markdown [RFC,selinux-notebook,17/18] title: assorted updates [RFC,selinux-notebook,18/18] x_windows: don't call table 12 a table

diff --git a/src/x_windows.md b/src/x_windows.md index 6fdd39e..74edc62 100644 --- a/src/x_windows.md +++ b/src/x_windows.md @@ -1,5 +1,14 @@ # X-Windows SELinux Support +- [**Infrastructure Overview**](#infrastructure-overview) +- [**Polyinstantiation**](#polyinstantiation) +- [**Configuration Information**](#configuration-information) + - [**Enable/Disable the OM from Policy Decisions**](#enabledisable-the-om-from-policy-decisions) + - [**Configure OM Enforcement Mode**](#configure-om-enforcement-mode) + - [**Determine OM X-extension Opcode**](#determine-om-x-extension-opcode) + - [**The *x_contexts* File**](#the-x_contexts-file) +- [**SELinux Extension Functions**](#selinux-extension-functions) + The SELinux X-Windows (XSELinux) implementation provides fine grained access control over the majority of the X-server objects (known as resources) using an X-Windows extension acting as the object manager @@ -53,7 +62,7 @@ information that is required by the OM for labeling certain objects. The OM reads its contents using the ***selabel_lookup**(3)* function. **XSELinux Object Manager** - This is an X-extension for the X-server -process that mediates all access decisions between the the X-server (via +process that mediates all access decisions between the X-server (via the XACE interface) and the SELinux security server (via *libselinux*). The OM is initialised before any X-clients connect to the X-server. @@ -235,21 +244,30 @@ A full description of the *x_contexts* file format is given in the ## SELinux Extension Functions -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxQueryVersion | 0 | None | +The XSELinux Extension Functions listed below are supported by the object +manager as X-protocol extensions. + +Note that **XSELinuxGet\*** functions return a default context, however +those with Minor Parameter: 2, 6, 9, 11, 16 and 18 will not return a value +unless one has been set by the appropriate **XSELinuxSet\*** function (Minor +Parameter: 1, 5, 8, 10, 15 and 17). + +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxQueryVersion | 0 | None | Returns the XSELinux version. Fedora returns 1.1. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxSetDeviceCreateContext | 1 | Context + Len | + +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxSetDeviceCreateContext | 1 | Context + Len | Sets the context for creating a device object (*x_device*). -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxGetDeviceCreateContext | 2 | None | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxGetDeviceCreateContext | 2 | None | Retrieves the context set by *XSELinuxSetDeviceCreateContext*. @@ -259,115 +277,115 @@ Retrieves the context set by *XSELinuxSetDeviceCreateContext*. Sets the context for creating the specified DeviceID object. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxGetDeviceContext | 4 | DeviceID | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxGetDeviceContext | 4 | DeviceID | Retrieves the context set by *XSELinuxSetDeviceContext*. -| Function Name | Minor Parameters | Opcode | +| Function Name | Minor Parameter | Opcode | | --------------------------------- | ---------------- | --------------------- | | XSELinuxSetWindowCreateContext | 5 | Context + Len | Set the context for creating a window object (*x_window*). -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxGetWindowCreateContext | 6 | None | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxGetWindowCreateContext | 6 | None | Retrieves the context set by *XSELinuxSetWindowCreateContext*. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxGetWindowContext | 7 | WindowID | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxGetWindowContext | 7 | WindowID | Retrieves the specified WindowID context. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxSetPropertyCreateContext | 8 | Context | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxSetPropertyCreateContext | 8 | Context | Sets the context for creating a property object (*x_property*). -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxGetPropertyCreateContext | 9 | None | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxGetPropertyCreateContext | 9 | None | Retrieves the context set by *XSELinuxSetPropertyCreateContext*. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxSetPropertyUseContext | 10 | Context + Len | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxSetPropertyUseContext | 10 | Context + Len | Sets the context of the property object to be retrieved when polyinstantiation is being used. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxGetPropertyUseContext | 11 | None | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxGetPropertyUseContext | 11 | None | Retrieves the property object context set by *SELinuxSetPropertyUseContext*. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxGetPropertyContext | 12 | WindowID + AtomID | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxGetPropertyContext | 12 | WindowID + AtomID | Retrieves the context of the property atom object. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxGetPropertyDataContext | 13 | WindowID + AtomID | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxGetPropertyDataContext | 13 | WindowID + AtomID | Retrieves the context of the property atom data. -| Function Name | Minor Parameters | Opcode | +| Function Name | Minor Parameter | Opcode | | --------------------------------- | ---------------- | --------------------- | | XSELinuxListProperties | 14 | WindowID | Lists the object and data contexts of properties associated with the selected WindowID. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxSetSelectionCreateContext | 15 | Context + Len | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxSetSelectionCreateContext | 15 | Context + Len | Sets the context to be used for creating a selection object. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxGetSelectionCreateContext | 16 | None | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxGetSelectionCreateContext | 16 | None | Retrieves the context set by *SELinuxSetSelectionCreateContext*. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxSetSelectionUseContext | 17 | Context + Len | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxSetSelectionUseContext | 17 | Context + Len | Sets the context of the selection object to be retrieved when polyinstantiation is being used. See the *XSELinuxListSelections* function for an example. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxGetSelectionUseContext | 18 | None | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxGetSelectionUseContext | 18 | None | Retrieves the selection object context set by *SELinuxSetSelectionUseContext*. -| Function Name | Minor Parameters | Opcode | +| Function Name | Minor Parameter | Opcode | | --------------------------------- | ---------------- | --------------------- | | XSELinuxGetSelectionContext | 19 | AtomID | Retrieves the context of the specified selection atom object. -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxGetSelectionDataContext | 20 | AtomID | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxGetSelectionDataContext | 20 | AtomID | Retrieves the context of the selection data from the current selection owner (*x_application_data* object). -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxListSelections | 21 | None | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxListSelections | 21 | None | Lists the selection atom object and data contexts associated with this display. The main difference in the listings is that when (for example) the *PRIMARY* @@ -391,18 +409,12 @@ Atom: PRIMARY - Labels for client 2: - Object Context: *system_u:object_r:x_select_paste2_t* - Data Context: *system_u:object_r:x_select_paste2_t* -| Function Name | Minor Parameters | Opcode | -| --------------------------------- | ---------------- | --------------------- | -| XSELinuxGetClientContext | 22 | ResourceID | +| Function Name | Minor Parameter | Opcode | +| --------------------------------- | --------------- | --------------------- | +| XSELinuxGetClientContext | 22 | ResourceID | Retrieves the client context of the specified ResourceID. -**Table 12: The XSELinux Extension Functions** - *Supported by the object -manager as X-protocol extensions. Note that some functions will return -the default contexts, while others (2, 6, 9, 11, 16, 18) will not return -a value unless one has been set the the appropriate function (1, 5, 8, -10, 15, 17) by an SELinux-aware application.* -  ---

[RFC,selinux-notebook,18/18] x_windows: don't call table 12 a table

Commit Message

Patch