From: Paul Moore <paul@paul-moore.com>
To: selinux@vger.kernel.org
Subject: [RFC,selinux-notebook PATCH 18/18] x_windows: don't call table 12 a table
Date: Mon, 03 Aug 2020 21:35:15 -0400 [thread overview]
Message-ID: <159650491552.8961.7366503197541412357.stgit@sifl> (raw)
In-Reply-To: <159650470076.8961.12721446818345626943.stgit@sifl>
From: Richard Haines <richard_c_haines@btinternet.com>
I've removed the Table 12: reference and reworded. This now just looks
like a list.
Also fixed a few minor nits + added a contents list.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
src/x_windows.md | 146 +++++++++++++++++++++++++++++-------------------------
1 file changed, 79 insertions(+), 67 deletions(-)
diff --git a/src/x_windows.md b/src/x_windows.md
index 6fdd39e..74edc62 100644
--- a/src/x_windows.md
+++ b/src/x_windows.md
@@ -1,5 +1,14 @@
# X-Windows SELinux Support
+- [**Infrastructure Overview**](#infrastructure-overview)
+- [**Polyinstantiation**](#polyinstantiation)
+- [**Configuration Information**](#configuration-information)
+ - [**Enable/Disable the OM from Policy Decisions**](#enabledisable-the-om-from-policy-decisions)
+ - [**Configure OM Enforcement Mode**](#configure-om-enforcement-mode)
+ - [**Determine OM X-extension Opcode**](#determine-om-x-extension-opcode)
+ - [**The *x_contexts* File**](#the-x_contexts-file)
+- [**SELinux Extension Functions**](#selinux-extension-functions)
+
The SELinux X-Windows (XSELinux) implementation provides fine grained
access control over the majority of the X-server objects (known as
resources) using an X-Windows extension acting as the object manager
@@ -53,7 +62,7 @@ information that is required by the OM for labeling certain objects. The
OM reads its contents using the ***selabel_lookup**(3)* function.
**XSELinux Object Manager** - This is an X-extension for the X-server
-process that mediates all access decisions between the the X-server (via
+process that mediates all access decisions between the X-server (via
the XACE interface) and the SELinux security server (via *libselinux*).
The OM is initialised before any X-clients connect to the X-server.
@@ -235,21 +244,30 @@ A full description of the *x_contexts* file format is given in the
## SELinux Extension Functions
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxQueryVersion | 0 | None |
+The XSELinux Extension Functions listed below are supported by the object
+manager as X-protocol extensions.
+
+Note that **XSELinuxGet\*** functions return a default context, however
+those with Minor Parameter: 2, 6, 9, 11, 16 and 18 will not return a value
+unless one has been set by the appropriate **XSELinuxSet\*** function (Minor
+Parameter: 1, 5, 8, 10, 15 and 17).
+
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxQueryVersion | 0 | None |
Returns the XSELinux version. Fedora returns 1.1.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxSetDeviceCreateContext | 1 | Context + Len |
+
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxSetDeviceCreateContext | 1 | Context + Len |
Sets the context for creating a device object (*x_device*).
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetDeviceCreateContext | 2 | None |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetDeviceCreateContext | 2 | None |
Retrieves the context set by *XSELinuxSetDeviceCreateContext*.
@@ -259,115 +277,115 @@ Retrieves the context set by *XSELinuxSetDeviceCreateContext*.
Sets the context for creating the specified DeviceID object.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetDeviceContext | 4 | DeviceID |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetDeviceContext | 4 | DeviceID |
Retrieves the context set by *XSELinuxSetDeviceContext*.
-| Function Name | Minor Parameters | Opcode |
+| Function Name | Minor Parameter | Opcode |
| --------------------------------- | ---------------- | --------------------- |
| XSELinuxSetWindowCreateContext | 5 | Context + Len |
Set the context for creating a window object (*x_window*).
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetWindowCreateContext | 6 | None |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetWindowCreateContext | 6 | None |
Retrieves the context set by *XSELinuxSetWindowCreateContext*.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetWindowContext | 7 | WindowID |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetWindowContext | 7 | WindowID |
Retrieves the specified WindowID context.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxSetPropertyCreateContext | 8 | Context |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxSetPropertyCreateContext | 8 | Context |
Sets the context for creating a property object (*x_property*).
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetPropertyCreateContext | 9 | None |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetPropertyCreateContext | 9 | None |
Retrieves the context set by *XSELinuxSetPropertyCreateContext*.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxSetPropertyUseContext | 10 | Context + Len |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxSetPropertyUseContext | 10 | Context + Len |
Sets the context of the property object to be retrieved when polyinstantiation
is being used.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetPropertyUseContext | 11 | None |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetPropertyUseContext | 11 | None |
Retrieves the property object context set by *SELinuxSetPropertyUseContext*.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetPropertyContext | 12 | WindowID + AtomID |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetPropertyContext | 12 | WindowID + AtomID |
Retrieves the context of the property atom object.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetPropertyDataContext | 13 | WindowID + AtomID |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetPropertyDataContext | 13 | WindowID + AtomID |
Retrieves the context of the property atom data.
-| Function Name | Minor Parameters | Opcode |
+| Function Name | Minor Parameter | Opcode |
| --------------------------------- | ---------------- | --------------------- |
| XSELinuxListProperties | 14 | WindowID |
Lists the object and data contexts of properties associated with the selected
WindowID.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxSetSelectionCreateContext | 15 | Context + Len |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxSetSelectionCreateContext | 15 | Context + Len |
Sets the context to be used for creating a selection object.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetSelectionCreateContext | 16 | None |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetSelectionCreateContext | 16 | None |
Retrieves the context set by *SELinuxSetSelectionCreateContext*.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxSetSelectionUseContext | 17 | Context + Len |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxSetSelectionUseContext | 17 | Context + Len |
Sets the context of the selection object to be retrieved when polyinstantiation
is being used. See the *XSELinuxListSelections* function for an example.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetSelectionUseContext | 18 | None |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetSelectionUseContext | 18 | None |
Retrieves the selection object context set by *SELinuxSetSelectionUseContext*.
-| Function Name | Minor Parameters | Opcode |
+| Function Name | Minor Parameter | Opcode |
| --------------------------------- | ---------------- | --------------------- |
| XSELinuxGetSelectionContext | 19 | AtomID |
Retrieves the context of the specified selection atom object.
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetSelectionDataContext | 20 | AtomID |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetSelectionDataContext | 20 | AtomID |
Retrieves the context of the selection data from the current selection owner
(*x_application_data* object).
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxListSelections | 21 | None |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxListSelections | 21 | None |
Lists the selection atom object and data contexts associated with this display.
The main difference in the listings is that when (for example) the *PRIMARY*
@@ -391,18 +409,12 @@ Atom: PRIMARY - Labels for client 2:
- Object Context: *system_u:object_r:x_select_paste2_t*
- Data Context: *system_u:object_r:x_select_paste2_t*
-| Function Name | Minor Parameters | Opcode |
-| --------------------------------- | ---------------- | --------------------- |
-| XSELinuxGetClientContext | 22 | ResourceID |
+| Function Name | Minor Parameter | Opcode |
+| --------------------------------- | --------------- | --------------------- |
+| XSELinuxGetClientContext | 22 | ResourceID |
Retrieves the client context of the specified ResourceID.
-**Table 12: The XSELinux Extension Functions** - *Supported by the object
-manager as X-protocol extensions. Note that some functions will return
-the default contexts, while others (2, 6, 9, 11, 16, 18) will not return
-a value unless one has been set the the appropriate function (1, 5, 8,
-10, 15, 17) by an SELinux-aware application.*
-
<!-- %CUTHERE% -->
---
next prev parent reply other threads:[~2020-08-04 1:35 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-04 1:33 [RFC,selinux-notebook PATCH 00/18] markdown conversions and cleanups Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 01/18] build: explicitly enable pandoc pipe_tables Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 02/18] css: identify table layout hacks Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 03/18] css: style improvements Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 04/18] x_windows: fully convert to markdown Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 05/18] xperm_rules: " Paul Moore
2020-08-04 16:14 ` Richard Haines
2020-08-06 2:34 ` Paul Moore
2020-08-06 10:07 ` Richard Haines
2020-08-06 21:49 ` Paul Moore
2020-08-04 1:33 ` [RFC,selinux-notebook PATCH 06/18] xen_statements: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 07/18] vm_support: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 08/18] user_statements: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 09/18] userspace_libraries: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 10/18] type_statements: " Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 11/18] postgresql: update PostgreSQL SELinux Support section Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 12/18] all: remove all the <br> tags we haven't gotten to yet Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 13/18] all: unify example formatting (scripts, code, policy, etc) in markdown Paul Moore
2020-08-04 1:34 ` [RFC,selinux-notebook PATCH 15/18] all: consolidate multiple blank lines into one Paul Moore
2020-08-04 1:35 ` [RFC,selinux-notebook PATCH 16/18] kernel_policy_language: convert the footnotes to markdown Paul Moore
2020-08-04 1:35 ` [RFC,selinux-notebook PATCH 17/18] title: assorted updates Paul Moore
2020-08-04 1:35 ` Paul Moore [this message]
2020-08-04 10:31 ` [RFC,selinux-notebook PATCH 00/18] markdown conversions and cleanups Richard Haines
2020-08-06 1:58 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=159650491552.8961.7366503197541412357.stgit@sifl \
--to=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.