access_vectors revision 124720a6976a69357522299afbe5591854e40775
12dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 22dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define common prefixes for access vectors 32dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 42dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# common common_name { permission_name ... } 52dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 62dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 72dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 82dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for file access vectors. 92dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon file 122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ioctl 142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley lock 202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelfrom 212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley append 232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley unlink 242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley link 252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rename 262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execute 272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley swapon 282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley quotaon 292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mounton 302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for socket access vectors. 352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon socket 382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# inherited from file 402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ioctl 412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley lock 472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelfrom 482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley append 502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# socket-specific 512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley bind 522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley connect 532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley listen 542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley accept 552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getopt 562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setopt 572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley shutdown 582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recvfrom 592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sendto 602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recv_msg 612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley send_msg 622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley name_bind 632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for ipc access vectors. 672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon ipc 702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley destroy 732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley associate 782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley unix_read 792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley unix_write 802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for userspace database object access vectors. 842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon database 872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley drop 902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelfrom 932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define a common prefix for pointer and keyboard access vectors. 982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleycommon x_device 1012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 1032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 1042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use 1052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 1062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 1072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getfocus 1082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setfocus 1092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley bell 1102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley force_cursor 1112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley freeze 1122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley grab 1132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley manage 1142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley list_property 1152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley get_property 1162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley set_property 1172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley add 1182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley remove 1192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 1202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley destroy 1212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 1242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vectors. 1252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 1262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# class class_name [ inherits common_name ] { permission_name ... } 1272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 1302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for file-related objects. 1312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 1322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass filesystem 1342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mount 1362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley remount 1372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley unmount 1382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 1392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelfrom 1402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 1412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley transition 1422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley associate 1432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley quotamod 1442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley quotaget 1452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass dir 1482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley add_name 1512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley remove_name 1522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley reparent 1532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley search 1542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rmdir 1552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass file 1612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execute_no_trans 1642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley entrypoint 1652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass lnk_file 1712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass chr_file 1792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execute_no_trans 1822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley entrypoint 1832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass blk_file 1892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 1922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 1932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 1942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 1952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 1962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass sock_file 1972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 1982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 1992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 2002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 2012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 2022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass fifo_file 2052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits file 2062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley open 2082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_access 2092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmod 2102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass fd 2132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use 2152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 2192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for network-related objects. 2202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 2212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass socket 2232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass tcp_socket 2262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley connectto 2292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley newconn 2302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley acceptfrom 2312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley node_bind 2322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley name_connect 2332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass udp_socket 2362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley node_bind 2392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass rawip_socket 2422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley node_bind 2452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass node 2482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley tcp_recv 2502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley tcp_send 2512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley udp_recv 2522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley udp_send 2532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rawip_recv 2542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rawip_send 2552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley enforce_dest 2562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dccp_recv 2572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dccp_send 2582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recvfrom 2592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sendto 2602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netif 2632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley tcp_recv 2652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley tcp_send 2662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley udp_recv 2672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley udp_send 2682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rawip_recv 2692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rawip_send 2702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dccp_recv 2712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dccp_send 2722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ingress 2732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley egress 2742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_socket 2772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass packet_socket 2802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass key_socket 2832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass unix_stream_socket 2862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 2882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley connectto 2892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley newconn 2902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley acceptfrom 2912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 2922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass unix_dgram_socket 2942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 2952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 2962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 2972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for process-related objects 2982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 2992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass process 3012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley fork 3032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley transition 3042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sigchld # commonly granted from child to parent 3052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sigkill # cannot be caught or ignored 3062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sigstop # cannot be caught or ignored 3072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley signull # for kill(pid, 0) 3082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley signal # all other signals 3092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ptrace 3102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getsched 3112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setsched 3122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getsession 3132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getpgid 3142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setpgid 3152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getcap 3162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setcap 3172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley share 3182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 3192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setexec 3202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setfscreate 3212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley noatsecure 3222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley siginh 3232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setrlimit 3242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rlimitinh 3252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dyntransition 3262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setcurrent 3272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execmem 3282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execstack 3292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execheap 3302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setkeycreate 3312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setsockcreate 3322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for ipc-related objects 3372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass ipc 3402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc 3412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass sem 3432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc 3442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass msgq 3462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc 3472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley enqueue 3492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass msg 3522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley send 3542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley receive 3552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass shm 3582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits ipc 3592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley lock 3612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for the security server. 3662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass security 3692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_av 3712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_create 3722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_member 3732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley check_context 3742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley load_policy 3752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_relabel 3762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley compute_user 3772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setenforce # was avc_toggle in system class 3782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setbool 3792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setsecparam 3802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setcheckreqprot 3812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read_policy 3822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for system operations. 3872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass system 3902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 3912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ipc_info 3922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley syslog_read 3932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley syslog_mod 3942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley syslog_console 3952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley module_request 3962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 3972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 3982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 3992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for controling capabilies 4002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 4012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass capability 4032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley # The capabilities are defined in include/linux/capability.h 4052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley # Capabilities >= 32 are defined in the capability2 class. 4062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley # Care should be taken to ensure that these are consistent with 4072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley # those definitions. (Order matters) 4082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley chown 4102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dac_override 4112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley dac_read_search 4122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley fowner 4132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley fsetid 4142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley kill 4152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setgid 4162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setuid 4172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setpcap 4182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley linux_immutable 4192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley net_bind_service 4202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley net_broadcast 4212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley net_admin 4222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley net_raw 4232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ipc_lock 4242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley ipc_owner 4252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_module 4262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_rawio 4272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_chroot 4282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_ptrace 4292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_pacct 4302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_admin 4312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_boot 4322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_nice 4332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_resource 4342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_time 4352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sys_tty_config 4362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mknod 4372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley lease 4382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_write 4392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley audit_control 4402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setfcap 4412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass capability2 4442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mac_override # unused by SELinux 4462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mac_admin # unused by SELinux 4472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley syslog 4482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 4512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for controlling 4522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# changes to passwd information. 4532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 4542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass passwd 4552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley passwd # change another user passwd 4572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley chfn # change another user finger info 4582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley chsh # change another user shell 4592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley rootok # pam_rootok check (skip auth) 4602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley crontab # crontab on another user 4612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 4642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# SE-X Windows stuff 4652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 4662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_drawable 4672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 4692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley destroy 4702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 4712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 4722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley blend 4732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 4742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 4752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley list_child 4762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley add_child 4772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley remove_child 4782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley list_property 4792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley get_property 4802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley set_property 4812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley manage 4822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley override 4832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley show 4842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley hide 4852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley send 4862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley receive 4872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 4882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 4892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_screen 4902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 4912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 4922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 4932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley hide_cursor 4942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley show_cursor 4952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley saver_getattr 4962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley saver_setattr 4972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley saver_hide 4982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley saver_show 4992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_gc 5022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 5042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley destroy 5052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 5062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 5072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use 5082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_font 5112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 5132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley destroy 5142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 5152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley add_glyph 5162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley remove_glyph 5172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use 5182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_colormap 5212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 5232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley destroy 5242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 5252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 5262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 5272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley add_color 5282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley remove_color 5292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley install 5302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley uninstall 5312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use 5322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_property 5352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 5372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley destroy 5382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 5392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 5402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley append 5412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 5422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 5432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_selection 5462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 5482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 5492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 5502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 5512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_cursor 5542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 5562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley destroy 5572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 5582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 5592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 5602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 5612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use 5622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_client 5652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley destroy 5672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 5682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 5692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley manage 5702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_device 5732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits x_device 5742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_server 5762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getattr 5782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 5792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley record 5802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley debug 5812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley grab 5822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley manage 5832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_extension 5862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley query 5882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use 5892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_resource 5922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 5942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 5952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 5962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 5972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_event 5982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 5992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley send 6002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley receive 6012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 6022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_synthetic_event 6042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 6052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley send 6062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley receive 6072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 6082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 6102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Extended Netlink classes 6112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 6122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_route_socket 6132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 6142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 6152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 6162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 6172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 6182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_firewall_socket 6202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 6212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 6222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 6232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 6242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 6252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_tcpdiag_socket 6272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 6282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 6292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 6302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 6312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 6322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_nflog_socket 6342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 6352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_xfrm_socket 6372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 6382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 6392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 6402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 6412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 6422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_selinux_socket 6442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 6452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_audit_socket 6472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 6482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 6492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 6502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 6512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_relay 6522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_readpriv 6532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_tty_audit 6542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 6552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_ip6fw_socket 6572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 6582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 6592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_read 6602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley nlmsg_write 6612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 6622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_dnrt_socket 6642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 6652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for controlling 6672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# access and communication through the D-BUS messaging 6682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# system. 6692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 6702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass dbus 6712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 6722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley acquire_svc 6732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley send_msg 6742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 6752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for controlling 6772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# access through the name service cache daemon (nscd). 6782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 6792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass nscd 6802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 6812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getpwd 6822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getgrp 6832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley gethost 6842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getstat 6852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley admin 6862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley shmempwd 6872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley shmemgrp 6882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley shmemhost 6892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley getserv 6902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley shmemserv 6912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 6922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 6932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Define the access vector interpretation for controlling 6942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# access to IPSec network data by association 6952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# 6962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass association 6972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 6982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley sendto 6992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recvfrom 7002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setcontext 7012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley polmatch 7022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 7032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 7042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# Updated Netlink class for KOBJECT_UEVENT family. 7052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass netlink_kobject_uevent_socket 7062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 7072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 7082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass appletalk_socket 7092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 7102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 7112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass packet 7122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 7132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley send 7142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recv 7152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 7162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley flow_in # deprecated 7172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley flow_out # deprecated 7182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley forward_in 7192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley forward_out 7202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 7212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 7222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass key 7232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 7242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley view 7252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 7262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 7272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley search 7282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley link 7292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley setattr 7302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create 7312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 7322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 7332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass context 7342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 7352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley translate 7362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley contains 7372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 7382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 7392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass dccp_socket 7402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 7412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 7422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley node_bind 7432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley name_connect 7442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 7452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 7462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass memprotect 7472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 7482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley mmap_zero 7492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 7502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 7512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass db_database 7522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits database 7532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 7542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley access 7552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley install_module 7562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley load_module 7572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley get_param # deprecated 7582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley set_param # deprecated 7592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 7602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 7612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass db_table 7622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits database 7632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 7642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use # deprecated 7652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley select 7662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley update 7672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley insert 7682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley delete 7692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley lock 7702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 7712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 7722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass db_procedure 7732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits database 7742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 7752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execute 7762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley entrypoint 7772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley install 7782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 7792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 7802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass db_column 7812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits database 7822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 7832dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use # deprecated 7842dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley select 7852dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley update 7862dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley insert 7872dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 7882dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 7892dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass db_tuple 7902dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 7912dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelfrom 7922dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley relabelto 7932dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use # deprecated 7942dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley select 7952dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley update 7962dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley insert 7972dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley delete 7982dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 7992dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8002dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass db_blob 8012dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits database 8022dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 8032dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley read 8042dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley write 8052dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley import 8062dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley export 8072dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 8082dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8092dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley# network peer labels 8102dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass peer 8112dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 8122dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley recv 8132dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 8142dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8152dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_application_data 8162dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 8172dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley paste 8182dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley paste_after_confirm 8192dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley copy 8202dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 8212dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8222dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass kernel_service 8232dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 8242dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley use_as_override 8252dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley create_files_as 8262dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 8272dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8282dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass tun_socket 8292dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits socket 8302dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8312dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_pointer 8322dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits x_device 8332dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8342dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass x_keyboard 8352dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits x_device 8362dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8372dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass db_schema 8382dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits database 8392dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 8402dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley search 8412dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley add_name 8422dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley remove_name 8432dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 8442dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8452dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass db_view 8462dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits database 8472dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 8482dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley expand 8492dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 8502dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8512dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass db_sequence 8522dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits database 8532dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 8542dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley get_value 8552dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley next_value 8562dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley set_value 8572dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 8582dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8592dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass db_language 8602dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyinherits database 8612dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 8622dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley implement 8632dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley execute 8642dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 8652dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8662dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass binder 8672dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 8682dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley impersonate 8692dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley call 8702dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley set_context_mgr 8712dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley transfer 8722dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley receive 8732dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 8742dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley 8752dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalleyclass zygote 8762dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley{ 8772dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley specifyids 8782dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley specifyrlimits 8792dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley specifycapabilities 8802dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley specifyinvokewith 8812dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley specifyseinfo 8822dd4e51d5c2a2dfc0bfdee9303269f5a665f6e3Stephen Smalley} 883124720a6976a69357522299afbe5591854e40775Stephen Smalley 884124720a6976a69357522299afbe5591854e40775Stephen Smalleyclass property_service 885124720a6976a69357522299afbe5591854e40775Stephen Smalley{ 886124720a6976a69357522299afbe5591854e40775Stephen Smalley set 887124720a6976a69357522299afbe5591854e40775Stephen Smalley} 888