12dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 22dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define common prefixes for access vectors 32dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 42dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# common common_name { permission_name ... } 52dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 62dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 72dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 82dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for file access vectors. 92dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon file 122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ioctl 142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley lock 202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelfrom 212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley append 234397f08288890ef397697b4d6dbff596bdca14c8Stephen Smalley map 242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley unlink 252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley link 262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rename 272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execute 282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley quotaon 292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mounton 302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for socket access vectors. 352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon socket 382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# inherited from file 402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ioctl 412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley lock 472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelfrom 482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley append 504397f08288890ef397697b4d6dbff596bdca14c8Stephen Smalley map 512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# socket-specific 522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley bind 532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley connect 542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley listen 552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley accept 562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getopt 572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setopt 582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley shutdown 592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recvfrom 602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sendto 612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley name_bind 622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for ipc access vectors. 662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon ipc 692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley destroy 722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley associate 772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley unix_read 782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley unix_write 792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 828a003607064804307201d0738e1e284442f9826bStephen Smalley# Define a common for capability access vectors. 838a003607064804307201d0738e1e284442f9826bStephen Smalley# 848a003607064804307201d0738e1e284442f9826bStephen Smalleycommon cap 858a003607064804307201d0738e1e284442f9826bStephen Smalley{ 868a003607064804307201d0738e1e284442f9826bStephen Smalley # The capabilities are defined in include/linux/capability.h 878a003607064804307201d0738e1e284442f9826bStephen Smalley # Capabilities >= 32 are defined in the cap2 common. 888a003607064804307201d0738e1e284442f9826bStephen Smalley # Care should be taken to ensure that these are consistent with 898a003607064804307201d0738e1e284442f9826bStephen Smalley # those definitions. (Order matters) 908a003607064804307201d0738e1e284442f9826bStephen Smalley 918a003607064804307201d0738e1e284442f9826bStephen Smalley chown 928a003607064804307201d0738e1e284442f9826bStephen Smalley dac_override 938a003607064804307201d0738e1e284442f9826bStephen Smalley dac_read_search 948a003607064804307201d0738e1e284442f9826bStephen Smalley fowner 958a003607064804307201d0738e1e284442f9826bStephen Smalley fsetid 968a003607064804307201d0738e1e284442f9826bStephen Smalley kill 978a003607064804307201d0738e1e284442f9826bStephen Smalley setgid 988a003607064804307201d0738e1e284442f9826bStephen Smalley setuid 998a003607064804307201d0738e1e284442f9826bStephen Smalley setpcap 1008a003607064804307201d0738e1e284442f9826bStephen Smalley linux_immutable 1018a003607064804307201d0738e1e284442f9826bStephen Smalley net_bind_service 1028a003607064804307201d0738e1e284442f9826bStephen Smalley net_broadcast 1038a003607064804307201d0738e1e284442f9826bStephen Smalley net_admin 1048a003607064804307201d0738e1e284442f9826bStephen Smalley net_raw 1058a003607064804307201d0738e1e284442f9826bStephen Smalley ipc_lock 1068a003607064804307201d0738e1e284442f9826bStephen Smalley ipc_owner 1078a003607064804307201d0738e1e284442f9826bStephen Smalley sys_module 1088a003607064804307201d0738e1e284442f9826bStephen Smalley sys_rawio 1098a003607064804307201d0738e1e284442f9826bStephen Smalley sys_chroot 1108a003607064804307201d0738e1e284442f9826bStephen Smalley sys_ptrace 1118a003607064804307201d0738e1e284442f9826bStephen Smalley sys_pacct 1128a003607064804307201d0738e1e284442f9826bStephen Smalley sys_admin 1138a003607064804307201d0738e1e284442f9826bStephen Smalley sys_boot 1148a003607064804307201d0738e1e284442f9826bStephen Smalley sys_nice 1158a003607064804307201d0738e1e284442f9826bStephen Smalley sys_resource 1168a003607064804307201d0738e1e284442f9826bStephen Smalley sys_time 1178a003607064804307201d0738e1e284442f9826bStephen Smalley sys_tty_config 1188a003607064804307201d0738e1e284442f9826bStephen Smalley mknod 1198a003607064804307201d0738e1e284442f9826bStephen Smalley lease 1208a003607064804307201d0738e1e284442f9826bStephen Smalley audit_write 1218a003607064804307201d0738e1e284442f9826bStephen Smalley audit_control 1228a003607064804307201d0738e1e284442f9826bStephen Smalley setfcap 1238a003607064804307201d0738e1e284442f9826bStephen Smalley} 1248a003607064804307201d0738e1e284442f9826bStephen Smalley 1258a003607064804307201d0738e1e284442f9826bStephen Smalleycommon cap2 1268a003607064804307201d0738e1e284442f9826bStephen Smalley{ 1278a003607064804307201d0738e1e284442f9826bStephen Smalley mac_override # unused by SELinux 1288a003607064804307201d0738e1e284442f9826bStephen Smalley mac_admin # unused by SELinux 1298a003607064804307201d0738e1e284442f9826bStephen Smalley syslog 1308a003607064804307201d0738e1e284442f9826bStephen Smalley wake_alarm 1318a003607064804307201d0738e1e284442f9826bStephen Smalley block_suspend 1328a003607064804307201d0738e1e284442f9826bStephen Smalley audit_read 1338a003607064804307201d0738e1e284442f9826bStephen Smalley} 1348a003607064804307201d0738e1e284442f9826bStephen Smalley 1358a003607064804307201d0738e1e284442f9826bStephen Smalley# 1362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vectors. 1372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 1382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# class class_name [ inherits common_name ] { permission_name ... } 1392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 1422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for file-related objects. 1432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 1442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass filesystem 1462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mount 1482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley remount 1492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley unmount 1502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 1512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelfrom 1522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 1532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley associate 1542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley quotamod 1552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley quotaget 1562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass dir 1592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley add_name 1622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley remove_name 1632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley reparent 1642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley search 1652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rmdir 1662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass file 1722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execute_no_trans 1752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley entrypoint 1762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass lnk_file 1822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass chr_file 1902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execute_no_trans 1932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley entrypoint 1942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass blk_file 2002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 2012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 2032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 2042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 2052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass sock_file 2082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 2092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 2112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 2122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 2132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass fifo_file 2162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 2172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 2192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 2202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 2212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass fd 2242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use 2262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 2302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for network-related objects. 2312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 2322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass socket 2342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass tcp_socket 2372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley node_bind 2402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley name_connect 2412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass udp_socket 2442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley node_bind 2472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass rawip_socket 2502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley node_bind 2532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass node 2562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recvfrom 2582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sendto 2592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netif 2622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ingress 2642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley egress 2652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_socket 2682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass packet_socket 2712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass key_socket 2742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass unix_stream_socket 2772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley connectto 2802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass unix_dgram_socket 2832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 2862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for process-related objects 2872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 2882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass process 2902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley fork 2922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley transition 2932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sigchld # commonly granted from child to parent 2942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sigkill # cannot be caught or ignored 2952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sigstop # cannot be caught or ignored 2962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley signull # for kill(pid, 0) 2972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley signal # all other signals 2982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ptrace 2992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getsched 3002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setsched 3012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getsession 3022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getpgid 3032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setpgid 3042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getcap 3052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setcap 3062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley share 3072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 3082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setexec 3092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setfscreate 3102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley noatsecure 3112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley siginh 3122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setrlimit 3132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rlimitinh 3142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dyntransition 3152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setcurrent 3162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmem 3172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execstack 3182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execheap 3192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setkeycreate 3202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setsockcreate 32191a3eeac8fac333af4997f9fe5e5c7f454c7f336Stephen Smalley getrlimit 3222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for ipc-related objects 3272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass ipc 3302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc 3312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass sem 3332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc 3342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass msgq 3362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc 3372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley enqueue 3392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass msg 3422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley send 3442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley receive 3452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass shm 3482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc 3492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley lock 3512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for the security server. 3562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass security 3592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_av 3612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_create 3622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_member 3632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley check_context 3642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley load_policy 3652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_relabel 3662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_user 3672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setenforce # was avc_toggle in system class 3682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setbool 3692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setsecparam 3702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setcheckreqprot 3712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read_policy 372509923116f103c8938efe992ab4b4b42fe4c90aaStephen Smalley validate_trans 3732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for system operations. 3782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass system 3812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ipc_info 3832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley syslog_read 3842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley syslog_mod 3852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley syslog_console 3862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley module_request 387a16b05892a9e9ed949c2cf22147e206e5c0b296eJeff Vander Stoep module_load 3882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3918a003607064804307201d0738e1e284442f9826bStephen Smalley# Define the access vector interpretation for controlling capabilities 3922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass capability 3958a003607064804307201d0738e1e284442f9826bStephen Smalleyinherits cap 3962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass capability2 3988a003607064804307201d0738e1e284442f9826bStephen Smalleyinherits cap2 3992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 4012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Extended Netlink classes 4022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 4032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_route_socket 4042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 4072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 4082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_tcpdiag_socket 4112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 4142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 4152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_nflog_socket 4182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_xfrm_socket 4212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 4242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 4252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_selinux_socket 4282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_audit_socket 4312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 4342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 4352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_relay 4362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_readpriv 4372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_tty_audit 4382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_dnrt_socket 4412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for controlling 4442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# access to IPSec network data by association 4452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 4462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass association 4472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sendto 4492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recvfrom 4502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setcontext 4512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley polmatch 4522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Updated Netlink class for KOBJECT_UEVENT family. 4552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_kobject_uevent_socket 4562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass appletalk_socket 4592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass packet 4622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley send 4642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recv 4652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 4662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley flow_in # deprecated 4672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley flow_out # deprecated 4682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley forward_in 4692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley forward_out 4702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass key 4732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley view 4752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 4762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 4772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley search 4782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley link 4792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 4802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 4812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass dccp_socket 4842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 4852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley node_bind 4872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley name_connect 4882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass memprotect 4912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mmap_zero 4932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# network peer labels 4962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass peer 4972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recv 4992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass kernel_service 5022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use_as_override 5042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create_files_as 5052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass tun_socket 5082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 509d7af45d3741648c45560797a5b6f02dec784668fNick Kralevich{ 510d7af45d3741648c45560797a5b6f02dec784668fNick Kralevich attach_queue 511d7af45d3741648c45560797a5b6f02dec784668fNick Kralevich} 5122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass binder 5142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley impersonate 5162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley call 5172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley set_context_mgr 5182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley transfer 5192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 52101d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_iscsi_socket 52201d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket 52301d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley 52401d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_fib_lookup_socket 52501d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket 52601d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley 52701d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_connector_socket 52801d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket 52901d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley 53001d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_netfilter_socket 53101d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket 53201d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley 53301d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_generic_socket 53401d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket 53501d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley 53601d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_scsitransport_socket 53701d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket 53801d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley 53901d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_rdma_socket 54001d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket 54101d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley 54201d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_crypto_socket 54301d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket 54401d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley 5458a003607064804307201d0738e1e284442f9826bStephen Smalley# 5468a003607064804307201d0738e1e284442f9826bStephen Smalley# Define the access vector interpretation for controlling capabilities 5478a003607064804307201d0738e1e284442f9826bStephen Smalley# in user namespaces 5488a003607064804307201d0738e1e284442f9826bStephen Smalley# 5498a003607064804307201d0738e1e284442f9826bStephen Smalley 5508a003607064804307201d0738e1e284442f9826bStephen Smalleyclass cap_userns 5518a003607064804307201d0738e1e284442f9826bStephen Smalleyinherits cap 5528a003607064804307201d0738e1e284442f9826bStephen Smalley 5538a003607064804307201d0738e1e284442f9826bStephen Smalleyclass cap2_userns 5548a003607064804307201d0738e1e284442f9826bStephen Smalleyinherits cap2 5558a003607064804307201d0738e1e284442f9826bStephen Smalley 556431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 557431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# 558431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# Define the access vector interpretation for the new socket classes 559431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# enabled by the extended_socket_class policy capability. 560431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# 561431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 562431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# 563431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# The next two classes were previously mapped to rawip_socket and therefore 564431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# have the same definition as rawip_socket (until further permissions 565431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# are defined). 566431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# 567431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass sctp_socket 568431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 569431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley{ 570431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley node_bind 571431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley} 572431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 573431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass icmp_socket 574431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 575431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley{ 576431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley node_bind 577431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley} 578431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 579431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# 580431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# The remaining network socket classes were previously 581431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# mapped to the socket class and therefore have the 582431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# same definition as socket. 583431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# 584431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 585431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass ax25_socket 586431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 587431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 588431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass ipx_socket 589431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 590431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 591431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass netrom_socket 592431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 593431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 594431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass atmpvc_socket 595431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 596431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 597431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass x25_socket 598431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 599431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 600431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass rose_socket 601431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 602431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 603431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass decnet_socket 604431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 605431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 606431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass atmsvc_socket 607431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 608431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 609431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass rds_socket 610431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 611431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 612431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass irda_socket 613431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 614431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 615431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass pppox_socket 616431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 617431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 618431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass llc_socket 619431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 620431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 621431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass can_socket 622431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 623431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 624431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass tipc_socket 625431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 626431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 627431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass bluetooth_socket 628431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 629431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 630431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass iucv_socket 631431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 632431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 633431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass rxrpc_socket 634431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 635431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 636431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass isdn_socket 637431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 638431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 639431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass phonet_socket 640431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 641431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 642431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass ieee802154_socket 643431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 644431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 645431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass caif_socket 646431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 647431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 648431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass alg_socket 649431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 650431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 651431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass nfc_socket 652431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 653431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 654431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass vsock_socket 655431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 656431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 657431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass kcm_socket 658431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 659431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 660431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass qipcrtr_socket 661431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket 662431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley 6632be9799bcc21863de48925b1eff55185be168696Stephen Smalleyclass smc_socket 6642be9799bcc21863de48925b1eff55185be168696Stephen Smalleyinherits socket 6652be9799bcc21863de48925b1eff55185be168696Stephen Smalley 666124720a6976a69357522299afbe5591854e40775Stephen Smalleyclass property_service 667124720a6976a69357522299afbe5591854e40775Stephen Smalley{ 668124720a6976a69357522299afbe5591854e40775Stephen Smalley set 669124720a6976a69357522299afbe5591854e40775Stephen Smalley} 670f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahn 671f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahnclass service_manager 672f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahn{ 673f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahn add 674b8511e0d98880a683c276589ab7d8d7666b7f8c1Riley Spahn find 675b8511e0d98880a683c276589ab7d8d7666b7f8c1Riley Spahn list 676f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahn} 6771196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn 678bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenenclass hwservice_manager 679bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenen{ 680bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenen add 681bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenen find 682bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenen list 683bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenen} 684bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenen 6851196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahnclass keystore_key 6861196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn{ 687cbc8f796551151c0d9651500d5d9f116177a07dcChad Brubaker get_state 6881196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn get 6891196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn insert 6901196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn delete 6911196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn exist 692cbc8f796551151c0d9651500d5d9f116177a07dcChad Brubaker list 6931196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn reset 6941196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn password 6951196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn lock 6961196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn unlock 697cbc8f796551151c0d9651500d5d9f116177a07dcChad Brubaker is_empty 6981196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn sign 6991196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn verify 7001196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn grant 7011196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn duplicate 7021196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn clear_uid 7038927772caa421f1c9ccc80337527e039353d65ddChad Brubaker add_auth 704520bb816b86fe36440767db6e2f05fb4e8a08f3eChad Brubaker user_changed 705a0c7f01299c41157d123da0792fbf9ce2a26f9d3Shawn Willden gen_unique_id 7061196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn} 707ba992496f01e40a10d9749bb25b6498138e607fbStephen Smalley 70870f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahnclass drmservice { 70970f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn consumeRights 71070f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn setPlaybackStatus 71170f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn openDecryptSession 71270f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn closeDecryptSession 71370f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn initializeDecryptUnit 71470f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn decrypt 71570f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn finalizeDecryptUnit 71670f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn pread 71770f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn} 718