notebook: make use of "allowlist" instead of "whitelist"

Signed-off-by: Paul Moore <paul@paul-moore.com>
SELinuxProject · Dec 16, 2022 · 40f0fb8 · 40f0fb8
1 parent 1ed0ec1
commit 40f0fb8
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/src/types_of_policy.md b/src/types_of_policy.md
@@ -348,7 +348,7 @@ Requires kernel 3.14 minimum.
 
 For the *selinux* target platform adds new *xperm* rules as explained in the
 [**Extended Access Vector Rules**](xperm_rules.md#extended-access-vector-rules)
-section. This is to support 'ioctl whitelisting' as explained in the
+section. This is to support ioctl allowlists as explained in the
 [***ioctl* Operation Rules**](xperm_rules.md#ioctl-operation-rules) section.
 Requires kernel 4.3 minimum.
 For modular policy support requires libsepol 2.7 minimum.

diff --git a/src/xperm_rules.md b/src/xperm_rules.md
@@ -9,7 +9,7 @@ a fixed 32 bits to permission sets in 256 bit increments: *allowxperm*,
 
 The rules for extended permissions are subject to the 'operation' they
 perform with Policy version 30 and kernels from 4.3 supporting ioctl
-whitelisting (if required to be declared in modular policy, then
+allowlists (if required to be declared in modular policy, then
 libsepol 2.7 minimum is required).
 
 **The common format for Extended Access Vector Rules are:**
@@ -74,7 +74,7 @@ Conditional Policy Statements
 
 ### *ioctl* Operation Rules
 
-Use cases and implementation details for ioctl command whitelisting are
+Use cases and implementation details for ioctl command allowlists are
 described in detail at
 <http://marc.info/?l=selinux&m=143336061925628&w=2>, with the final
 policy format changes shown in the example below with a brief overview
@@ -118,9 +118,8 @@ tclass=udp_socket permissive=0
 
 Notes:
 
-1. Important: The ioctl operation is not 'deny all' ioctl requests
-   (hence whitelisting). It is targeted at the specific
-   source/target/class set of ioctl commands. As no other *allowxperm*
+1. Important: The ioctl operation is not 'deny all', it is targeted at the
+   specific source/target/class set of ioctl commands. As no other *allowxperm*
    rules have been defined in the example, all other ioctl calls may
    continue to use any valid request parameters (provided there are
    *allow* rules for the *ioctl* permission).