12dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 22dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define common prefixes for access vectors 32dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 42dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# common common_name { permission_name ... } 52dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 62dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 72dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 82dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for file access vectors. 92dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon file 122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ioctl 142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley lock 202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelfrom 212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley append 232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley unlink 242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley link 252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rename 262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execute 272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley swapon 282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley quotaon 292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mounton 302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for socket access vectors. 352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon socket 382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# inherited from file 402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ioctl 412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley lock 472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelfrom 482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley append 502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# socket-specific 512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley bind 522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley connect 532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley listen 542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley accept 552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getopt 562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setopt 572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley shutdown 582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recvfrom 592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sendto 602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recv_msg 612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley send_msg 622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley name_bind 632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for ipc access vectors. 672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon ipc 702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley destroy 732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley associate 782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley unix_read 792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley unix_write 802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vectors. 842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# class class_name [ inherits common_name ] { permission_name ... } 862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for file-related objects. 902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass filesystem 932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mount 952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley remount 962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley unmount 972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelfrom 992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 1002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley transition 1012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley associate 1022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley quotamod 1032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley quotaget 1042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass dir 1072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley add_name 1102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley remove_name 1112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley reparent 1122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley search 1132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rmdir 1142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass file 1202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execute_no_trans 1232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley entrypoint 1242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass lnk_file 1302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass chr_file 1382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execute_no_trans 1412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley entrypoint 1422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass blk_file 1482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass sock_file 1562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass fifo_file 1642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass fd 1722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use 1742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 1782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for network-related objects. 1792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 1802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass socket 1822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 1832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass tcp_socket 1852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 1862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley connectto 1882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley newconn 1892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley acceptfrom 1902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley node_bind 1912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley name_connect 1922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass udp_socket 1952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 1962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley node_bind 1982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass rawip_socket 2012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley node_bind 2042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass node 2072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley tcp_recv 2092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley tcp_send 2102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley udp_recv 2112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley udp_send 2122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rawip_recv 2132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rawip_send 2142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley enforce_dest 2152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dccp_recv 2162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dccp_send 2172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recvfrom 2182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sendto 2192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netif 2222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley tcp_recv 2242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley tcp_send 2252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley udp_recv 2262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley udp_send 2272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rawip_recv 2282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rawip_send 2292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dccp_recv 2302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dccp_send 2312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ingress 2322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley egress 2332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_socket 2362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass packet_socket 2392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass key_socket 2422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass unix_stream_socket 2452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley connectto 2482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley newconn 2492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley acceptfrom 2502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass unix_dgram_socket 2532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 2562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for process-related objects 2572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 2582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass process 2602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley fork 2622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley transition 2632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sigchld # commonly granted from child to parent 2642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sigkill # cannot be caught or ignored 2652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sigstop # cannot be caught or ignored 2662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley signull # for kill(pid, 0) 2672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley signal # all other signals 2682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ptrace 2692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getsched 2702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setsched 2712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getsession 2722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getpgid 2732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setpgid 2742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getcap 2752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setcap 2762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley share 2772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 2782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setexec 2792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setfscreate 2802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley noatsecure 2812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley siginh 2822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setrlimit 2832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rlimitinh 2842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dyntransition 2852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setcurrent 2862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmem 2872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execstack 2882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execheap 2892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setkeycreate 2902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setsockcreate 2912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 2952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for ipc-related objects 2962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 2972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass ipc 2992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc 3002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass sem 3022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc 3032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass msgq 3052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc 3062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley enqueue 3082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass msg 3112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley send 3132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley receive 3142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass shm 3172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc 3182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley lock 3202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for the security server. 3252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass security 3282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_av 3302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_create 3312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_member 3322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley check_context 3332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley load_policy 3342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_relabel 3352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_user 3362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setenforce # was avc_toggle in system class 3372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setbool 3382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setsecparam 3392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setcheckreqprot 3402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read_policy 3412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for system operations. 3462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass system 3492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ipc_info 3512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley syslog_read 3522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley syslog_mod 3532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley syslog_console 3542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley module_request 3556d77d852ea239cdccb357aac39b15bdf26ffe491Jeff Vander Stoep module_load 3562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for controling capabilies 3602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass capability 3632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley # The capabilities are defined in include/linux/capability.h 3652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley # Capabilities >= 32 are defined in the capability2 class. 3662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley # Care should be taken to ensure that these are consistent with 3672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley # those definitions. (Order matters) 3682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley chown 3702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dac_override 3712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dac_read_search 3722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley fowner 3732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley fsetid 3742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley kill 3752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setgid 3762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setuid 3772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setpcap 3782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley linux_immutable 3792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley net_bind_service 3802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley net_broadcast 3812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley net_admin 3822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley net_raw 3832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ipc_lock 3842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ipc_owner 3852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_module 3862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_rawio 3872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_chroot 3882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_ptrace 3892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_pacct 3902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_admin 3912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_boot 3922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_nice 3932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_resource 3942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_time 3952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_tty_config 3962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mknod 3972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley lease 3982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_write 3992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_control 4002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setfcap 4012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass capability2 4042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mac_override # unused by SELinux 4062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mac_admin # unused by SELinux 4072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley syslog 408a1ce2fa2218a768823a7c39426983a248b6e4f50Stephen Smalley wake_alarm 409a1ce2fa2218a768823a7c39426983a248b6e4f50Stephen Smalley block_suspend 4103198cb5100e1431808897eaa060ed8813001e2c5Woojung Min audit_read 4112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 4142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Extended Netlink classes 4152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 4162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_route_socket 4172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 4202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 4212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_firewall_socket 4242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 4272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 4282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_tcpdiag_socket 4312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 4342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 4352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_nflog_socket 4382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_xfrm_socket 4412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 4442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 4452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_selinux_socket 4482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_audit_socket 4512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 4542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 4552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_relay 4562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_readpriv 4572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_tty_audit 4582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_ip6fw_socket 4612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 4642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 4652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_dnrt_socket 4682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for controlling 4712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# access to IPSec network data by association 4722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 4732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass association 4742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sendto 4762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recvfrom 4772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setcontext 4782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley polmatch 4792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Updated Netlink class for KOBJECT_UEVENT family. 4822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_kobject_uevent_socket 4832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass appletalk_socket 4862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass packet 4892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley send 4912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recv 4922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 4932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley flow_in # deprecated 4942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley flow_out # deprecated 4952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley forward_in 4962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley forward_out 4972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass key 5002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley view 5022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 5032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 5042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley search 5052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley link 5062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 5072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 5082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass dccp_socket 5112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 5122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley node_bind 5142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley name_connect 5152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass memprotect 5182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mmap_zero 5202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# network peer labels 5232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass peer 5242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recv 5262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass kernel_service 5292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use_as_override 5312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create_files_as 5322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass tun_socket 5352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 536d7af45d3741648c45560797a5b6f02dec784668fNick Kralevich{ 537d7af45d3741648c45560797a5b6f02dec784668fNick Kralevich attach_queue 538d7af45d3741648c45560797a5b6f02dec784668fNick Kralevich} 5392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass binder 5412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley impersonate 5432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley call 5442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley set_context_mgr 5452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley transfer 5462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 548423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyclass netlink_iscsi_socket 549423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyinherits socket 550423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalley 551423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyclass netlink_fib_lookup_socket 552423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyinherits socket 553423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalley 554423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyclass netlink_connector_socket 555423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyinherits socket 556423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalley 557423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyclass netlink_netfilter_socket 558423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyinherits socket 559423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalley 560423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyclass netlink_generic_socket 561423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyinherits socket 562423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalley 563423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyclass netlink_scsitransport_socket 564423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyinherits socket 565423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalley 566423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyclass netlink_rdma_socket 567423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyinherits socket 568423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalley 569423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyclass netlink_crypto_socket 570423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalleyinherits socket 571423fd19d91259b19f3460eb4dd5ff9d63731429bStephen Smalley 572124720a6976a69357522299afbe5591854e40775Stephen Smalleyclass property_service 573124720a6976a69357522299afbe5591854e40775Stephen Smalley{ 574124720a6976a69357522299afbe5591854e40775Stephen Smalley set 575124720a6976a69357522299afbe5591854e40775Stephen Smalley} 576f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahn 577f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahnclass service_manager 578f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahn{ 579f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahn add 580b8511e0d98880a683c276589ab7d8d7666b7f8c1Riley Spahn find 581b8511e0d98880a683c276589ab7d8d7666b7f8c1Riley Spahn list 582f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahn} 5831196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn 5841196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahnclass keystore_key 5851196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn{ 586cbc8f796551151c0d9651500d5d9f116177a07dcChad Brubaker get_state 5871196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn get 5881196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn insert 5891196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn delete 5901196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn exist 591cbc8f796551151c0d9651500d5d9f116177a07dcChad Brubaker list 5921196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn reset 5931196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn password 5941196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn lock 5951196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn unlock 596cbc8f796551151c0d9651500d5d9f116177a07dcChad Brubaker is_empty 5971196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn sign 5981196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn verify 5991196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn grant 6001196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn duplicate 6011196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn clear_uid 6028927772caa421f1c9ccc80337527e039353d65ddChad Brubaker add_auth 603520bb816b86fe36440767db6e2f05fb4e8a08f3eChad Brubaker user_changed 6041196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn} 605ba992496f01e40a10d9749bb25b6498138e607fbStephen Smalley 606ba992496f01e40a10d9749bb25b6498138e607fbStephen Smalleyclass debuggerd 607ba992496f01e40a10d9749bb25b6498138e607fbStephen Smalley{ 608ba992496f01e40a10d9749bb25b6498138e607fbStephen Smalley dump_tombstone 609ba992496f01e40a10d9749bb25b6498138e607fbStephen Smalley dump_backtrace 610ba992496f01e40a10d9749bb25b6498138e607fbStephen Smalley} 61170f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn 61270f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahnclass drmservice { 61370f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn consumeRights 61470f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn setPlaybackStatus 61570f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn openDecryptSession 61670f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn closeDecryptSession 61770f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn initializeDecryptUnit 61870f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn decrypt 61970f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn finalizeDecryptUnit 62070f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn pread 62170f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn} 622