12dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
22dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define common prefixes for access vectors
32dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
42dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# common common_name { permission_name ... }
52dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
62dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
72dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
82dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for file access vectors.
92dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon file
122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	ioctl
142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	read
152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	write
162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	create
172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	getattr
182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setattr
192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	lock
202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	relabelfrom
212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	relabelto
222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	append
234397f08288890ef397697b4d6dbff596bdca14c8Stephen Smalley	map
242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	unlink
252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	link
262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	rename
272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execute
282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	quotaon
292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	mounton
302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for socket access vectors.
352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon socket
382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# inherited from file
402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	ioctl
412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	read
422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	write
432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	create
442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	getattr
452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setattr
462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	lock
472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	relabelfrom
482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	relabelto
492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	append
504397f08288890ef397697b4d6dbff596bdca14c8Stephen Smalley	map
512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# socket-specific
522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	bind
532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	connect
542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	listen
552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	accept
562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	getopt
572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setopt
582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	shutdown
592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	recvfrom
602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	sendto
612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	name_bind
622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for ipc access vectors.
662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon ipc
692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	create
712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	destroy
722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	getattr
732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setattr
742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	read
752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	write
762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	associate
772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	unix_read
782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	unix_write
792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
828a003607064804307201d0738e1e284442f9826bStephen Smalley# Define a common for capability access vectors.
838a003607064804307201d0738e1e284442f9826bStephen Smalley#
848a003607064804307201d0738e1e284442f9826bStephen Smalleycommon cap
858a003607064804307201d0738e1e284442f9826bStephen Smalley{
868a003607064804307201d0738e1e284442f9826bStephen Smalley	# The capabilities are defined in include/linux/capability.h
878a003607064804307201d0738e1e284442f9826bStephen Smalley	# Capabilities >= 32 are defined in the cap2 common.
888a003607064804307201d0738e1e284442f9826bStephen Smalley	# Care should be taken to ensure that these are consistent with
898a003607064804307201d0738e1e284442f9826bStephen Smalley	# those definitions. (Order matters)
908a003607064804307201d0738e1e284442f9826bStephen Smalley
918a003607064804307201d0738e1e284442f9826bStephen Smalley	chown
928a003607064804307201d0738e1e284442f9826bStephen Smalley	dac_override
938a003607064804307201d0738e1e284442f9826bStephen Smalley	dac_read_search
948a003607064804307201d0738e1e284442f9826bStephen Smalley	fowner
958a003607064804307201d0738e1e284442f9826bStephen Smalley	fsetid
968a003607064804307201d0738e1e284442f9826bStephen Smalley	kill
978a003607064804307201d0738e1e284442f9826bStephen Smalley	setgid
988a003607064804307201d0738e1e284442f9826bStephen Smalley	setuid
998a003607064804307201d0738e1e284442f9826bStephen Smalley	setpcap
1008a003607064804307201d0738e1e284442f9826bStephen Smalley	linux_immutable
1018a003607064804307201d0738e1e284442f9826bStephen Smalley	net_bind_service
1028a003607064804307201d0738e1e284442f9826bStephen Smalley	net_broadcast
1038a003607064804307201d0738e1e284442f9826bStephen Smalley	net_admin
1048a003607064804307201d0738e1e284442f9826bStephen Smalley	net_raw
1058a003607064804307201d0738e1e284442f9826bStephen Smalley	ipc_lock
1068a003607064804307201d0738e1e284442f9826bStephen Smalley	ipc_owner
1078a003607064804307201d0738e1e284442f9826bStephen Smalley	sys_module
1088a003607064804307201d0738e1e284442f9826bStephen Smalley	sys_rawio
1098a003607064804307201d0738e1e284442f9826bStephen Smalley	sys_chroot
1108a003607064804307201d0738e1e284442f9826bStephen Smalley	sys_ptrace
1118a003607064804307201d0738e1e284442f9826bStephen Smalley	sys_pacct
1128a003607064804307201d0738e1e284442f9826bStephen Smalley	sys_admin
1138a003607064804307201d0738e1e284442f9826bStephen Smalley	sys_boot
1148a003607064804307201d0738e1e284442f9826bStephen Smalley	sys_nice
1158a003607064804307201d0738e1e284442f9826bStephen Smalley	sys_resource
1168a003607064804307201d0738e1e284442f9826bStephen Smalley	sys_time
1178a003607064804307201d0738e1e284442f9826bStephen Smalley	sys_tty_config
1188a003607064804307201d0738e1e284442f9826bStephen Smalley	mknod
1198a003607064804307201d0738e1e284442f9826bStephen Smalley	lease
1208a003607064804307201d0738e1e284442f9826bStephen Smalley	audit_write
1218a003607064804307201d0738e1e284442f9826bStephen Smalley	audit_control
1228a003607064804307201d0738e1e284442f9826bStephen Smalley	setfcap
1238a003607064804307201d0738e1e284442f9826bStephen Smalley}
1248a003607064804307201d0738e1e284442f9826bStephen Smalley
1258a003607064804307201d0738e1e284442f9826bStephen Smalleycommon cap2
1268a003607064804307201d0738e1e284442f9826bStephen Smalley{
1278a003607064804307201d0738e1e284442f9826bStephen Smalley	mac_override	# unused by SELinux
1288a003607064804307201d0738e1e284442f9826bStephen Smalley	mac_admin	# unused by SELinux
1298a003607064804307201d0738e1e284442f9826bStephen Smalley	syslog
1308a003607064804307201d0738e1e284442f9826bStephen Smalley	wake_alarm
1318a003607064804307201d0738e1e284442f9826bStephen Smalley	block_suspend
1328a003607064804307201d0738e1e284442f9826bStephen Smalley	audit_read
1338a003607064804307201d0738e1e284442f9826bStephen Smalley}
1348a003607064804307201d0738e1e284442f9826bStephen Smalley
1358a003607064804307201d0738e1e284442f9826bStephen Smalley#
1362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vectors.
1372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
1382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# class class_name [ inherits common_name ] { permission_name ... }
1392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
1402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
1412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
1422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for file-related objects.
1432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
1442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
1452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass filesystem
1462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
1472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	mount
1482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	remount
1492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	unmount
1502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	getattr
1512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	relabelfrom
1522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	relabelto
1532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	associate
1542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	quotamod
1552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	quotaget
1562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
1572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
1582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass dir
1592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file
1602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
1612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	add_name
1622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	remove_name
1632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	reparent
1642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	search
1652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	rmdir
1662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	open
1672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	audit_access
1682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execmod
1692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
1702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
1712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass file
1722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file
1732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
1742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execute_no_trans
1752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	entrypoint
1762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execmod
1772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	open
1782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	audit_access
1792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
1802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
1812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass lnk_file
1822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file
1832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
1842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	open
1852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	audit_access
1862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execmod
1872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
1882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
1892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass chr_file
1902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file
1912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
1922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execute_no_trans
1932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	entrypoint
1942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execmod
1952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	open
1962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	audit_access
1972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
1982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
1992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass blk_file
2002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file
2012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
2022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	open
2032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	audit_access
2042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execmod
2052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
2062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass sock_file
2082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file
2092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
2102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	open
2112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	audit_access
2122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execmod
2132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
2142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass fifo_file
2162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file
2172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
2182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	open
2192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	audit_access
2202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execmod
2212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
2222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass fd
2242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
2252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	use
2262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
2272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
2302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for network-related objects.
2312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
2322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass socket
2342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
2352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass tcp_socket
2372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
2382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
2392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	node_bind
2402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	name_connect
2412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
2422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass udp_socket
2442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
2452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
2462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	node_bind
2472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
2482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass rawip_socket
2502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
2512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
2522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	node_bind
2532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
2542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass node
2562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
2572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	recvfrom
2582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	sendto
2592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
2602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netif
2622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
2632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	ingress
2642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	egress
2652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
2662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_socket
2682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
2692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass packet_socket
2712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
2722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass key_socket
2742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
2752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass unix_stream_socket
2772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
2782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
2792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	connectto
2802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
2812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass unix_dgram_socket
2832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
2842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
28508f92f9c01fc5b86d620024573c46ff9e6ec173bChenbo Fengclass bpf
28608f92f9c01fc5b86d620024573c46ff9e6ec173bChenbo Feng{
28708f92f9c01fc5b86d620024573c46ff9e6ec173bChenbo Feng	map_create
28808f92f9c01fc5b86d620024573c46ff9e6ec173bChenbo Feng	map_read
28908f92f9c01fc5b86d620024573c46ff9e6ec173bChenbo Feng	map_write
29008f92f9c01fc5b86d620024573c46ff9e6ec173bChenbo Feng	prog_load
29108f92f9c01fc5b86d620024573c46ff9e6ec173bChenbo Feng	prog_run
29208f92f9c01fc5b86d620024573c46ff9e6ec173bChenbo Feng}
29308f92f9c01fc5b86d620024573c46ff9e6ec173bChenbo Feng
2942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
2952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for process-related objects
2962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
2972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
2982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass process
2992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
3002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	fork
3012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	transition
3022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	sigchld # commonly granted from child to parent
3032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	sigkill # cannot be caught or ignored
3042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	sigstop # cannot be caught or ignored
3052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	signull # for kill(pid, 0)
3062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	signal  # all other signals
3072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	ptrace
3082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	getsched
3092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setsched
3102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	getsession
3112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	getpgid
3122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setpgid
3132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	getcap
3142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setcap
3152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	share
3162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	getattr
3172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setexec
3182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setfscreate
3192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	noatsecure
3202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	siginh
3212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setrlimit
3222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	rlimitinh
3232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	dyntransition
3242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setcurrent
3252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execmem
3262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execstack
3272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	execheap
3282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setkeycreate
3292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setsockcreate
33091a3eeac8fac333af4997f9fe5e5c7f454c7f336Stephen Smalley	getrlimit
3312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
3322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
3352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for ipc-related objects
3362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
3372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass ipc
3392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc
3402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass sem
3422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc
3432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass msgq
3452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc
3462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
3472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	enqueue
3482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
3492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass msg
3512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
3522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	send
3532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	receive
3542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
3552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass shm
3572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc
3582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
3592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	lock
3602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
3612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
3642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for the security server.
3652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
3662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass security
3682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
3692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	compute_av
3702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	compute_create
3712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	compute_member
3722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	check_context
3732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	load_policy
3742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	compute_relabel
3752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	compute_user
3762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setenforce     # was avc_toggle in system class
3772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setbool
3782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setsecparam
3792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setcheckreqprot
3802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	read_policy
381509923116f103c8938efe992ab4b4b42fe4c90aaStephen Smalley	validate_trans
3822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
3832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
3862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for system operations.
3872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
3882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass system
3902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
3912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	ipc_info
3922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	syslog_read
3932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	syslog_mod
3942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	syslog_console
3952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	module_request
396a16b05892a9e9ed949c2cf22147e206e5c0b296eJeff Vander Stoep	module_load
3972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
3982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
3992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
4008a003607064804307201d0738e1e284442f9826bStephen Smalley# Define the access vector interpretation for controlling capabilities
4012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
4022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass capability
4048a003607064804307201d0738e1e284442f9826bStephen Smalleyinherits cap
4052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass capability2
4078a003607064804307201d0738e1e284442f9826bStephen Smalleyinherits cap2
4082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
4102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Extended Netlink classes
4112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
4122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_route_socket
4132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
4142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
4152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	nlmsg_read
4162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	nlmsg_write
4172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
4182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_tcpdiag_socket
4202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
4212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
4222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	nlmsg_read
4232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	nlmsg_write
4242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
4252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_nflog_socket
4272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
4282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_xfrm_socket
4302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
4312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
4322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	nlmsg_read
4332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	nlmsg_write
4342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
4352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_selinux_socket
4372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
4382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_audit_socket
4402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
4412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
4422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	nlmsg_read
4432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	nlmsg_write
4442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	nlmsg_relay
4452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	nlmsg_readpriv
4462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	nlmsg_tty_audit
4472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
4482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_dnrt_socket
4502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
4512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for controlling
4532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# access to IPSec network data by association
4542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley#
4552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass association
4562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
4572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	sendto
4582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	recvfrom
4592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setcontext
4602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	polmatch
4612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
4622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Updated Netlink class for KOBJECT_UEVENT family.
4642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_kobject_uevent_socket
4652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
4662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass appletalk_socket
4682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
4692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass packet
4712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
4722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	send
4732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	recv
4742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	relabelto
4752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	flow_in		# deprecated
4762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	flow_out	# deprecated
4772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	forward_in
4782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	forward_out
4792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
4802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass key
4822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
4832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	view
4842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	read
4852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	write
4862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	search
4872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	link
4882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	setattr
4892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	create
4902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
4912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass dccp_socket
4932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
4942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
4952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	node_bind
4962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	name_connect
4972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
4982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
4992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass memprotect
5002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
5012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	mmap_zero
5022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
5032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
5042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# network peer labels
5052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass peer
5062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
5072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	recv
5082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
5092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
5102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass kernel_service
5112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
5122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	use_as_override
5132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	create_files_as
5142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
5152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
5162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass tun_socket
5172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket
518d7af45d3741648c45560797a5b6f02dec784668fNick Kralevich{
519d7af45d3741648c45560797a5b6f02dec784668fNick Kralevich	attach_queue
520d7af45d3741648c45560797a5b6f02dec784668fNick Kralevich}
5212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
5222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass binder
5232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{
5242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	impersonate
5252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	call
5262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	set_context_mgr
5272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley	transfer
5282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley}
5292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley
53001d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_iscsi_socket
53101d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket
53201d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley
53301d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_fib_lookup_socket
53401d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket
53501d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley
53601d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_connector_socket
53701d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket
53801d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley
53901d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_netfilter_socket
54001d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket
54101d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley
54201d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_generic_socket
54301d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket
54401d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley
54501d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_scsitransport_socket
54601d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket
54701d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley
54801d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_rdma_socket
54901d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket
55001d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley
55101d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyclass netlink_crypto_socket
55201d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalleyinherits socket
55301d95c23ab8c14d72e4ce98b3dda64ce81ab6306Stephen Smalley
5548a003607064804307201d0738e1e284442f9826bStephen Smalley#
5558a003607064804307201d0738e1e284442f9826bStephen Smalley# Define the access vector interpretation for controlling capabilities
5568a003607064804307201d0738e1e284442f9826bStephen Smalley# in user namespaces
5578a003607064804307201d0738e1e284442f9826bStephen Smalley#
5588a003607064804307201d0738e1e284442f9826bStephen Smalley
5598a003607064804307201d0738e1e284442f9826bStephen Smalleyclass cap_userns
5608a003607064804307201d0738e1e284442f9826bStephen Smalleyinherits cap
5618a003607064804307201d0738e1e284442f9826bStephen Smalley
5628a003607064804307201d0738e1e284442f9826bStephen Smalleyclass cap2_userns
5638a003607064804307201d0738e1e284442f9826bStephen Smalleyinherits cap2
5648a003607064804307201d0738e1e284442f9826bStephen Smalley
565431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
566431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley#
567431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# Define the access vector interpretation for the new socket classes
568431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# enabled by the extended_socket_class policy capability.
569431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley#
570431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
571431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley#
572431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# The next two classes were previously mapped to rawip_socket and therefore
573431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# have the same definition as rawip_socket (until further permissions
574431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# are defined).
575431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley#
576431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass sctp_socket
577431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
578431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley{
579431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley	node_bind
580431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley}
581431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
582431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass icmp_socket
583431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
584431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley{
585431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley	node_bind
586431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley}
587431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
588431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley#
589431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# The remaining network socket classes were previously
590431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# mapped to the socket class and therefore have the
591431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley# same definition as socket.
592431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley#
593431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
594431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass ax25_socket
595431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
596431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
597431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass ipx_socket
598431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
599431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
600431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass netrom_socket
601431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
602431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
603431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass atmpvc_socket
604431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
605431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
606431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass x25_socket
607431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
608431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
609431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass rose_socket
610431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
611431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
612431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass decnet_socket
613431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
614431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
615431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass atmsvc_socket
616431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
617431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
618431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass rds_socket
619431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
620431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
621431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass irda_socket
622431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
623431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
624431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass pppox_socket
625431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
626431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
627431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass llc_socket
628431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
629431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
630431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass can_socket
631431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
632431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
633431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass tipc_socket
634431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
635431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
636431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass bluetooth_socket
637431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
638431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
639431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass iucv_socket
640431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
641431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
642431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass rxrpc_socket
643431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
644431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
645431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass isdn_socket
646431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
647431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
648431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass phonet_socket
649431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
650431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
651431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass ieee802154_socket
652431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
653431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
654431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass caif_socket
655431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
656431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
657431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass alg_socket
658431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
659431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
660431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass nfc_socket
661431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
662431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
663431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass vsock_socket
664431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
665431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
666431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass kcm_socket
667431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
668431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
669431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyclass qipcrtr_socket
670431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalleyinherits socket
671431bdd9f2f344ecde4cd3fe0109bd70eab0a394cStephen Smalley
6722be9799bcc21863de48925b1eff55185be168696Stephen Smalleyclass smc_socket
6732be9799bcc21863de48925b1eff55185be168696Stephen Smalleyinherits socket
6742be9799bcc21863de48925b1eff55185be168696Stephen Smalley
675124720a6976a69357522299afbe5591854e40775Stephen Smalleyclass property_service
676124720a6976a69357522299afbe5591854e40775Stephen Smalley{
677124720a6976a69357522299afbe5591854e40775Stephen Smalley	set
678124720a6976a69357522299afbe5591854e40775Stephen Smalley}
679f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahn
680f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahnclass service_manager
681f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahn{
682f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahn	add
683b8511e0d98880a683c276589ab7d8d7666b7f8c1Riley Spahn	find
684b8511e0d98880a683c276589ab7d8d7666b7f8c1Riley Spahn	list
685f90c41f6e8d5c1266e154f46586a2ceb260f1be6Riley Spahn}
6861196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn
687bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenenclass hwservice_manager
688bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenen{
689bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenen	add
690bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenen	find
691bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenen	list
692bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenen}
693bc6d88d2da12aa9cf43442d928f296c573a345b3Martijn Coenen
6941196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahnclass keystore_key
6951196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn{
696cbc8f796551151c0d9651500d5d9f116177a07dcChad Brubaker	get_state
6971196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	get
6981196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	insert
6991196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	delete
7001196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	exist
701cbc8f796551151c0d9651500d5d9f116177a07dcChad Brubaker	list
7021196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	reset
7031196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	password
7041196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	lock
7051196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	unlock
706cbc8f796551151c0d9651500d5d9f116177a07dcChad Brubaker	is_empty
7071196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	sign
7081196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	verify
7091196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	grant
7101196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	duplicate
7111196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn	clear_uid
7128927772caa421f1c9ccc80337527e039353d65ddChad Brubaker	add_auth
713520bb816b86fe36440767db6e2f05fb4e8a08f3eChad Brubaker	user_changed
714a0c7f01299c41157d123da0792fbf9ce2a26f9d3Shawn Willden	gen_unique_id
7151196d2a5763c9a99be99ba81a4a29d938a83cc06Riley Spahn}
716ba992496f01e40a10d9749bb25b6498138e607fbStephen Smalley
71770f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahnclass drmservice {
71870f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn	consumeRights
71970f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn	setPlaybackStatus
72070f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn	openDecryptSession
72170f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn	closeDecryptSession
72270f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn	initializeDecryptUnit
72370f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn	decrypt
72470f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn	finalizeDecryptUnit
72570f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn	pread
72670f75ce9e5975df47d0ccb32660bb618c22ef181Riley Spahn}
727