diff options
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/av_inherit.h | 30 | ||||
-rw-r--r-- | security/selinux/include/av_perm_to_string.h | 232 | ||||
-rw-r--r-- | security/selinux/include/av_permissions.h | 902 | ||||
-rw-r--r-- | security/selinux/include/avc.h | 137 | ||||
-rw-r--r-- | security/selinux/include/avc_ss.h | 14 | ||||
-rw-r--r-- | security/selinux/include/class_to_string.h | 58 | ||||
-rw-r--r-- | security/selinux/include/common_perm_to_string.h | 58 | ||||
-rw-r--r-- | security/selinux/include/conditional.h | 22 | ||||
-rw-r--r-- | security/selinux/include/flask.h | 95 | ||||
-rw-r--r-- | security/selinux/include/initial_sid_to_string.h | 33 | ||||
-rw-r--r-- | security/selinux/include/netif.h | 21 | ||||
-rw-r--r-- | security/selinux/include/objsec.h | 112 | ||||
-rw-r--r-- | security/selinux/include/security.h | 97 |
13 files changed, 1811 insertions, 0 deletions
diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h new file mode 100644 index 000000000000..9facb27822a1 --- /dev/null +++ b/security/selinux/include/av_inherit.h | |||
@@ -0,0 +1,30 @@ | |||
1 | /* This file is automatically generated. Do not edit. */ | ||
2 | S_(SECCLASS_DIR, file, 0x00020000UL) | ||
3 | S_(SECCLASS_FILE, file, 0x00020000UL) | ||
4 | S_(SECCLASS_LNK_FILE, file, 0x00020000UL) | ||
5 | S_(SECCLASS_CHR_FILE, file, 0x00020000UL) | ||
6 | S_(SECCLASS_BLK_FILE, file, 0x00020000UL) | ||
7 | S_(SECCLASS_SOCK_FILE, file, 0x00020000UL) | ||
8 | S_(SECCLASS_FIFO_FILE, file, 0x00020000UL) | ||
9 | S_(SECCLASS_SOCKET, socket, 0x00400000UL) | ||
10 | S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL) | ||
11 | S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL) | ||
12 | S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL) | ||
13 | S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL) | ||
14 | S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL) | ||
15 | S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) | ||
16 | S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) | ||
17 | S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) | ||
18 | S_(SECCLASS_IPC, ipc, 0x00000200UL) | ||
19 | S_(SECCLASS_SEM, ipc, 0x00000200UL) | ||
20 | S_(SECCLASS_MSGQ, ipc, 0x00000200UL) | ||
21 | S_(SECCLASS_SHM, ipc, 0x00000200UL) | ||
22 | S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL) | ||
23 | S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL) | ||
24 | S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL) | ||
25 | S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL) | ||
26 | S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL) | ||
27 | S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL) | ||
28 | S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL) | ||
29 | S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) | ||
30 | S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) | ||
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h new file mode 100644 index 000000000000..903e8b3cc2e9 --- /dev/null +++ b/security/selinux/include/av_perm_to_string.h | |||
@@ -0,0 +1,232 @@ | |||
1 | /* This file is automatically generated. Do not edit. */ | ||
2 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount") | ||
3 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount") | ||
4 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount") | ||
5 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr") | ||
6 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom") | ||
7 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto") | ||
8 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition") | ||
9 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate") | ||
10 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod") | ||
11 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget") | ||
12 | S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name") | ||
13 | S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name") | ||
14 | S_(SECCLASS_DIR, DIR__REPARENT, "reparent") | ||
15 | S_(SECCLASS_DIR, DIR__SEARCH, "search") | ||
16 | S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") | ||
17 | S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") | ||
18 | S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") | ||
19 | S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") | ||
20 | S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans") | ||
21 | S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint") | ||
22 | S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod") | ||
23 | S_(SECCLASS_FD, FD__USE, "use") | ||
24 | S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") | ||
25 | S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") | ||
26 | S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom") | ||
27 | S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind") | ||
28 | S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect") | ||
29 | S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind") | ||
30 | S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind") | ||
31 | S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv") | ||
32 | S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send") | ||
33 | S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv") | ||
34 | S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send") | ||
35 | S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv") | ||
36 | S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send") | ||
37 | S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") | ||
38 | S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") | ||
39 | S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") | ||
40 | S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") | ||
41 | S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send") | ||
42 | S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv") | ||
43 | S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") | ||
44 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") | ||
45 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") | ||
46 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") | ||
47 | S_(SECCLASS_PROCESS, PROCESS__FORK, "fork") | ||
48 | S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition") | ||
49 | S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld") | ||
50 | S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill") | ||
51 | S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop") | ||
52 | S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull") | ||
53 | S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal") | ||
54 | S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace") | ||
55 | S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched") | ||
56 | S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched") | ||
57 | S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession") | ||
58 | S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid") | ||
59 | S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid") | ||
60 | S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap") | ||
61 | S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap") | ||
62 | S_(SECCLASS_PROCESS, PROCESS__SHARE, "share") | ||
63 | S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr") | ||
64 | S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec") | ||
65 | S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate") | ||
66 | S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure") | ||
67 | S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") | ||
68 | S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") | ||
69 | S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") | ||
70 | S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") | ||
71 | S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") | ||
72 | S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") | ||
73 | S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") | ||
74 | S_(SECCLASS_MSG, MSG__SEND, "send") | ||
75 | S_(SECCLASS_MSG, MSG__RECEIVE, "receive") | ||
76 | S_(SECCLASS_SHM, SHM__LOCK, "lock") | ||
77 | S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") | ||
78 | S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") | ||
79 | S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") | ||
80 | S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") | ||
81 | S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") | ||
82 | S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") | ||
83 | S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") | ||
84 | S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") | ||
85 | S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") | ||
86 | S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam") | ||
87 | S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot") | ||
88 | S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info") | ||
89 | S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") | ||
90 | S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") | ||
91 | S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") | ||
92 | S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") | ||
93 | S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override") | ||
94 | S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") | ||
95 | S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner") | ||
96 | S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid") | ||
97 | S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill") | ||
98 | S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid") | ||
99 | S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid") | ||
100 | S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap") | ||
101 | S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable") | ||
102 | S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service") | ||
103 | S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast") | ||
104 | S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin") | ||
105 | S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw") | ||
106 | S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock") | ||
107 | S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner") | ||
108 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module") | ||
109 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio") | ||
110 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot") | ||
111 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace") | ||
112 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct") | ||
113 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin") | ||
114 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot") | ||
115 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice") | ||
116 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource") | ||
117 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time") | ||
118 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config") | ||
119 | S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod") | ||
120 | S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") | ||
121 | S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd") | ||
122 | S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn") | ||
123 | S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh") | ||
124 | S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok") | ||
125 | S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab") | ||
126 | S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create") | ||
127 | S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy") | ||
128 | S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw") | ||
129 | S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy") | ||
130 | S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr") | ||
131 | S_(SECCLASS_GC, GC__CREATE, "create") | ||
132 | S_(SECCLASS_GC, GC__FREE, "free") | ||
133 | S_(SECCLASS_GC, GC__GETATTR, "getattr") | ||
134 | S_(SECCLASS_GC, GC__SETATTR, "setattr") | ||
135 | S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild") | ||
136 | S_(SECCLASS_WINDOW, WINDOW__CREATE, "create") | ||
137 | S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy") | ||
138 | S_(SECCLASS_WINDOW, WINDOW__MAP, "map") | ||
139 | S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap") | ||
140 | S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack") | ||
141 | S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist") | ||
142 | S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop") | ||
143 | S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop") | ||
144 | S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr") | ||
145 | S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr") | ||
146 | S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus") | ||
147 | S_(SECCLASS_WINDOW, WINDOW__MOVE, "move") | ||
148 | S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection") | ||
149 | S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent") | ||
150 | S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife") | ||
151 | S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate") | ||
152 | S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent") | ||
153 | S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion") | ||
154 | S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent") | ||
155 | S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent") | ||
156 | S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent") | ||
157 | S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent") | ||
158 | S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest") | ||
159 | S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent") | ||
160 | S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent") | ||
161 | S_(SECCLASS_FONT, FONT__LOAD, "load") | ||
162 | S_(SECCLASS_FONT, FONT__FREE, "free") | ||
163 | S_(SECCLASS_FONT, FONT__GETATTR, "getattr") | ||
164 | S_(SECCLASS_FONT, FONT__USE, "use") | ||
165 | S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create") | ||
166 | S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free") | ||
167 | S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install") | ||
168 | S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall") | ||
169 | S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list") | ||
170 | S_(SECCLASS_COLORMAP, COLORMAP__READ, "read") | ||
171 | S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store") | ||
172 | S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr") | ||
173 | S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr") | ||
174 | S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create") | ||
175 | S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free") | ||
176 | S_(SECCLASS_PROPERTY, PROPERTY__READ, "read") | ||
177 | S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write") | ||
178 | S_(SECCLASS_CURSOR, CURSOR__CREATE, "create") | ||
179 | S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph") | ||
180 | S_(SECCLASS_CURSOR, CURSOR__FREE, "free") | ||
181 | S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign") | ||
182 | S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr") | ||
183 | S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill") | ||
184 | S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup") | ||
185 | S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr") | ||
186 | S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr") | ||
187 | S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus") | ||
188 | S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer") | ||
189 | S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab") | ||
190 | S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab") | ||
191 | S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab") | ||
192 | S_(SECCLASS_XINPUT, XINPUT__BELL, "bell") | ||
193 | S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion") | ||
194 | S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput") | ||
195 | S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver") | ||
196 | S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist") | ||
197 | S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist") | ||
198 | S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath") | ||
199 | S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath") | ||
200 | S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr") | ||
201 | S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab") | ||
202 | S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab") | ||
203 | S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query") | ||
204 | S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use") | ||
205 | S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec") | ||
206 | S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp") | ||
207 | S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect") | ||
208 | S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap") | ||
209 | S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec") | ||
210 | S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec") | ||
211 | S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") | ||
212 | S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") | ||
213 | S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") | ||
214 | S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write") | ||
215 | S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read") | ||
216 | S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write") | ||
217 | S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read") | ||
218 | S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write") | ||
219 | S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read") | ||
220 | S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write") | ||
221 | S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read") | ||
222 | S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write") | ||
223 | S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc") | ||
224 | S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg") | ||
225 | S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd") | ||
226 | S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp") | ||
227 | S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost") | ||
228 | S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat") | ||
229 | S_(SECCLASS_NSCD, NSCD__ADMIN, "admin") | ||
230 | S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd") | ||
231 | S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp") | ||
232 | S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") | ||
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h new file mode 100644 index 000000000000..b0a12ac8f7ee --- /dev/null +++ b/security/selinux/include/av_permissions.h | |||
@@ -0,0 +1,902 @@ | |||
1 | /* This file is automatically generated. Do not edit. */ | ||
2 | #define COMMON_FILE__IOCTL 0x00000001UL | ||
3 | #define COMMON_FILE__READ 0x00000002UL | ||
4 | #define COMMON_FILE__WRITE 0x00000004UL | ||
5 | #define COMMON_FILE__CREATE 0x00000008UL | ||
6 | #define COMMON_FILE__GETATTR 0x00000010UL | ||
7 | #define COMMON_FILE__SETATTR 0x00000020UL | ||
8 | #define COMMON_FILE__LOCK 0x00000040UL | ||
9 | #define COMMON_FILE__RELABELFROM 0x00000080UL | ||
10 | #define COMMON_FILE__RELABELTO 0x00000100UL | ||
11 | #define COMMON_FILE__APPEND 0x00000200UL | ||
12 | #define COMMON_FILE__UNLINK 0x00000400UL | ||
13 | #define COMMON_FILE__LINK 0x00000800UL | ||
14 | #define COMMON_FILE__RENAME 0x00001000UL | ||
15 | #define COMMON_FILE__EXECUTE 0x00002000UL | ||
16 | #define COMMON_FILE__SWAPON 0x00004000UL | ||
17 | #define COMMON_FILE__QUOTAON 0x00008000UL | ||
18 | #define COMMON_FILE__MOUNTON 0x00010000UL | ||
19 | |||
20 | #define COMMON_SOCKET__IOCTL 0x00000001UL | ||
21 | #define COMMON_SOCKET__READ 0x00000002UL | ||
22 | #define COMMON_SOCKET__WRITE 0x00000004UL | ||
23 | #define COMMON_SOCKET__CREATE 0x00000008UL | ||
24 | #define COMMON_SOCKET__GETATTR 0x00000010UL | ||
25 | #define COMMON_SOCKET__SETATTR 0x00000020UL | ||
26 | #define COMMON_SOCKET__LOCK 0x00000040UL | ||
27 | #define COMMON_SOCKET__RELABELFROM 0x00000080UL | ||
28 | #define COMMON_SOCKET__RELABELTO 0x00000100UL | ||
29 | #define COMMON_SOCKET__APPEND 0x00000200UL | ||
30 | #define COMMON_SOCKET__BIND 0x00000400UL | ||
31 | #define COMMON_SOCKET__CONNECT 0x00000800UL | ||
32 | #define COMMON_SOCKET__LISTEN 0x00001000UL | ||
33 | #define COMMON_SOCKET__ACCEPT 0x00002000UL | ||
34 | #define COMMON_SOCKET__GETOPT 0x00004000UL | ||
35 | #define COMMON_SOCKET__SETOPT 0x00008000UL | ||
36 | #define COMMON_SOCKET__SHUTDOWN 0x00010000UL | ||
37 | #define COMMON_SOCKET__RECVFROM 0x00020000UL | ||
38 | #define COMMON_SOCKET__SENDTO 0x00040000UL | ||
39 | #define COMMON_SOCKET__RECV_MSG 0x00080000UL | ||
40 | #define COMMON_SOCKET__SEND_MSG 0x00100000UL | ||
41 | #define COMMON_SOCKET__NAME_BIND 0x00200000UL | ||
42 | |||
43 | #define COMMON_IPC__CREATE 0x00000001UL | ||
44 | #define COMMON_IPC__DESTROY 0x00000002UL | ||
45 | #define COMMON_IPC__GETATTR 0x00000004UL | ||
46 | #define COMMON_IPC__SETATTR 0x00000008UL | ||
47 | #define COMMON_IPC__READ 0x00000010UL | ||
48 | #define COMMON_IPC__WRITE 0x00000020UL | ||
49 | #define COMMON_IPC__ASSOCIATE 0x00000040UL | ||
50 | #define COMMON_IPC__UNIX_READ 0x00000080UL | ||
51 | #define COMMON_IPC__UNIX_WRITE 0x00000100UL | ||
52 | |||
53 | #define FILESYSTEM__MOUNT 0x00000001UL | ||
54 | #define FILESYSTEM__REMOUNT 0x00000002UL | ||
55 | #define FILESYSTEM__UNMOUNT 0x00000004UL | ||
56 | #define FILESYSTEM__GETATTR 0x00000008UL | ||
57 | #define FILESYSTEM__RELABELFROM 0x00000010UL | ||
58 | #define FILESYSTEM__RELABELTO 0x00000020UL | ||
59 | #define FILESYSTEM__TRANSITION 0x00000040UL | ||
60 | #define FILESYSTEM__ASSOCIATE 0x00000080UL | ||
61 | #define FILESYSTEM__QUOTAMOD 0x00000100UL | ||
62 | #define FILESYSTEM__QUOTAGET 0x00000200UL | ||
63 | |||
64 | #define DIR__IOCTL 0x00000001UL | ||
65 | #define DIR__READ 0x00000002UL | ||
66 | #define DIR__WRITE 0x00000004UL | ||
67 | #define DIR__CREATE 0x00000008UL | ||
68 | #define DIR__GETATTR 0x00000010UL | ||
69 | #define DIR__SETATTR 0x00000020UL | ||
70 | #define DIR__LOCK 0x00000040UL | ||
71 | #define DIR__RELABELFROM 0x00000080UL | ||
72 | #define DIR__RELABELTO 0x00000100UL | ||
73 | #define DIR__APPEND 0x00000200UL | ||
74 | #define DIR__UNLINK 0x00000400UL | ||
75 | #define DIR__LINK 0x00000800UL | ||
76 | #define DIR__RENAME 0x00001000UL | ||
77 | #define DIR__EXECUTE 0x00002000UL | ||
78 | #define DIR__SWAPON 0x00004000UL | ||
79 | #define DIR__QUOTAON 0x00008000UL | ||
80 | #define DIR__MOUNTON 0x00010000UL | ||
81 | |||
82 | #define DIR__ADD_NAME 0x00020000UL | ||
83 | #define DIR__REMOVE_NAME 0x00040000UL | ||
84 | #define DIR__REPARENT 0x00080000UL | ||
85 | #define DIR__SEARCH 0x00100000UL | ||
86 | #define DIR__RMDIR 0x00200000UL | ||
87 | |||
88 | #define FILE__IOCTL 0x00000001UL | ||
89 | #define FILE__READ 0x00000002UL | ||
90 | #define FILE__WRITE 0x00000004UL | ||
91 | #define FILE__CREATE 0x00000008UL | ||
92 | #define FILE__GETATTR 0x00000010UL | ||
93 | #define FILE__SETATTR 0x00000020UL | ||
94 | #define FILE__LOCK 0x00000040UL | ||
95 | #define FILE__RELABELFROM 0x00000080UL | ||
96 | #define FILE__RELABELTO 0x00000100UL | ||
97 | #define FILE__APPEND 0x00000200UL | ||
98 | #define FILE__UNLINK 0x00000400UL | ||
99 | #define FILE__LINK 0x00000800UL | ||
100 | #define FILE__RENAME 0x00001000UL | ||
101 | #define FILE__EXECUTE 0x00002000UL | ||
102 | #define FILE__SWAPON 0x00004000UL | ||
103 | #define FILE__QUOTAON 0x00008000UL | ||
104 | #define FILE__MOUNTON 0x00010000UL | ||
105 | |||
106 | #define FILE__EXECUTE_NO_TRANS 0x00020000UL | ||
107 | #define FILE__ENTRYPOINT 0x00040000UL | ||
108 | #define FILE__EXECMOD 0x00080000UL | ||
109 | |||
110 | #define LNK_FILE__IOCTL 0x00000001UL | ||
111 | #define LNK_FILE__READ 0x00000002UL | ||
112 | #define LNK_FILE__WRITE 0x00000004UL | ||
113 | #define LNK_FILE__CREATE 0x00000008UL | ||
114 | #define LNK_FILE__GETATTR 0x00000010UL | ||
115 | #define LNK_FILE__SETATTR 0x00000020UL | ||
116 | #define LNK_FILE__LOCK 0x00000040UL | ||
117 | #define LNK_FILE__RELABELFROM 0x00000080UL | ||
118 | #define LNK_FILE__RELABELTO 0x00000100UL | ||
119 | #define LNK_FILE__APPEND 0x00000200UL | ||
120 | #define LNK_FILE__UNLINK 0x00000400UL | ||
121 | #define LNK_FILE__LINK 0x00000800UL | ||
122 | #define LNK_FILE__RENAME 0x00001000UL | ||
123 | #define LNK_FILE__EXECUTE 0x00002000UL | ||
124 | #define LNK_FILE__SWAPON 0x00004000UL | ||
125 | #define LNK_FILE__QUOTAON 0x00008000UL | ||
126 | #define LNK_FILE__MOUNTON 0x00010000UL | ||
127 | |||
128 | #define CHR_FILE__IOCTL 0x00000001UL | ||
129 | #define CHR_FILE__READ 0x00000002UL | ||
130 | #define CHR_FILE__WRITE 0x00000004UL | ||
131 | #define CHR_FILE__CREATE 0x00000008UL | ||
132 | #define CHR_FILE__GETATTR 0x00000010UL | ||
133 | #define CHR_FILE__SETATTR 0x00000020UL | ||
134 | #define CHR_FILE__LOCK 0x00000040UL | ||
135 | #define CHR_FILE__RELABELFROM 0x00000080UL | ||
136 | #define CHR_FILE__RELABELTO 0x00000100UL | ||
137 | #define CHR_FILE__APPEND 0x00000200UL | ||
138 | #define CHR_FILE__UNLINK 0x00000400UL | ||
139 | #define CHR_FILE__LINK 0x00000800UL | ||
140 | #define CHR_FILE__RENAME 0x00001000UL | ||
141 | #define CHR_FILE__EXECUTE 0x00002000UL | ||
142 | #define CHR_FILE__SWAPON 0x00004000UL | ||
143 | #define CHR_FILE__QUOTAON 0x00008000UL | ||
144 | #define CHR_FILE__MOUNTON 0x00010000UL | ||
145 | |||
146 | #define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL | ||
147 | #define CHR_FILE__ENTRYPOINT 0x00040000UL | ||
148 | #define CHR_FILE__EXECMOD 0x00080000UL | ||
149 | |||
150 | #define BLK_FILE__IOCTL 0x00000001UL | ||
151 | #define BLK_FILE__READ 0x00000002UL | ||
152 | #define BLK_FILE__WRITE 0x00000004UL | ||
153 | #define BLK_FILE__CREATE 0x00000008UL | ||
154 | #define BLK_FILE__GETATTR 0x00000010UL | ||
155 | #define BLK_FILE__SETATTR 0x00000020UL | ||
156 | #define BLK_FILE__LOCK 0x00000040UL | ||
157 | #define BLK_FILE__RELABELFROM 0x00000080UL | ||
158 | #define BLK_FILE__RELABELTO 0x00000100UL | ||
159 | #define BLK_FILE__APPEND 0x00000200UL | ||
160 | #define BLK_FILE__UNLINK 0x00000400UL | ||
161 | #define BLK_FILE__LINK 0x00000800UL | ||
162 | #define BLK_FILE__RENAME 0x00001000UL | ||
163 | #define BLK_FILE__EXECUTE 0x00002000UL | ||
164 | #define BLK_FILE__SWAPON 0x00004000UL | ||
165 | #define BLK_FILE__QUOTAON 0x00008000UL | ||
166 | #define BLK_FILE__MOUNTON 0x00010000UL | ||
167 | |||
168 | #define SOCK_FILE__IOCTL 0x00000001UL | ||
169 | #define SOCK_FILE__READ 0x00000002UL | ||
170 | #define SOCK_FILE__WRITE 0x00000004UL | ||
171 | #define SOCK_FILE__CREATE 0x00000008UL | ||
172 | #define SOCK_FILE__GETATTR 0x00000010UL | ||
173 | #define SOCK_FILE__SETATTR 0x00000020UL | ||
174 | #define SOCK_FILE__LOCK 0x00000040UL | ||
175 | #define SOCK_FILE__RELABELFROM 0x00000080UL | ||
176 | #define SOCK_FILE__RELABELTO 0x00000100UL | ||
177 | #define SOCK_FILE__APPEND 0x00000200UL | ||
178 | #define SOCK_FILE__UNLINK 0x00000400UL | ||
179 | #define SOCK_FILE__LINK 0x00000800UL | ||
180 | #define SOCK_FILE__RENAME 0x00001000UL | ||
181 | #define SOCK_FILE__EXECUTE 0x00002000UL | ||
182 | #define SOCK_FILE__SWAPON 0x00004000UL | ||
183 | #define SOCK_FILE__QUOTAON 0x00008000UL | ||
184 | #define SOCK_FILE__MOUNTON 0x00010000UL | ||
185 | |||
186 | #define FIFO_FILE__IOCTL 0x00000001UL | ||
187 | #define FIFO_FILE__READ 0x00000002UL | ||
188 | #define FIFO_FILE__WRITE 0x00000004UL | ||
189 | #define FIFO_FILE__CREATE 0x00000008UL | ||
190 | #define FIFO_FILE__GETATTR 0x00000010UL | ||
191 | #define FIFO_FILE__SETATTR 0x00000020UL | ||
192 | #define FIFO_FILE__LOCK 0x00000040UL | ||
193 | #define FIFO_FILE__RELABELFROM 0x00000080UL | ||
194 | #define FIFO_FILE__RELABELTO 0x00000100UL | ||
195 | #define FIFO_FILE__APPEND 0x00000200UL | ||
196 | #define FIFO_FILE__UNLINK 0x00000400UL | ||
197 | #define FIFO_FILE__LINK 0x00000800UL | ||
198 | #define FIFO_FILE__RENAME 0x00001000UL | ||
199 | #define FIFO_FILE__EXECUTE 0x00002000UL | ||
200 | #define FIFO_FILE__SWAPON 0x00004000UL | ||
201 | #define FIFO_FILE__QUOTAON 0x00008000UL | ||
202 | #define FIFO_FILE__MOUNTON 0x00010000UL | ||
203 | |||
204 | #define FD__USE 0x00000001UL | ||
205 | |||
206 | #define SOCKET__IOCTL 0x00000001UL | ||
207 | #define SOCKET__READ 0x00000002UL | ||
208 | #define SOCKET__WRITE 0x00000004UL | ||
209 | #define SOCKET__CREATE 0x00000008UL | ||
210 | #define SOCKET__GETATTR 0x00000010UL | ||
211 | #define SOCKET__SETATTR 0x00000020UL | ||
212 | #define SOCKET__LOCK 0x00000040UL | ||
213 | #define SOCKET__RELABELFROM 0x00000080UL | ||
214 | #define SOCKET__RELABELTO 0x00000100UL | ||
215 | #define SOCKET__APPEND 0x00000200UL | ||
216 | #define SOCKET__BIND 0x00000400UL | ||
217 | #define SOCKET__CONNECT 0x00000800UL | ||
218 | #define SOCKET__LISTEN 0x00001000UL | ||
219 | #define SOCKET__ACCEPT 0x00002000UL | ||
220 | #define SOCKET__GETOPT 0x00004000UL | ||
221 | #define SOCKET__SETOPT 0x00008000UL | ||
222 | #define SOCKET__SHUTDOWN 0x00010000UL | ||
223 | #define SOCKET__RECVFROM 0x00020000UL | ||
224 | #define SOCKET__SENDTO 0x00040000UL | ||
225 | #define SOCKET__RECV_MSG 0x00080000UL | ||
226 | #define SOCKET__SEND_MSG 0x00100000UL | ||
227 | #define SOCKET__NAME_BIND 0x00200000UL | ||
228 | |||
229 | #define TCP_SOCKET__IOCTL 0x00000001UL | ||
230 | #define TCP_SOCKET__READ 0x00000002UL | ||
231 | #define TCP_SOCKET__WRITE 0x00000004UL | ||
232 | #define TCP_SOCKET__CREATE 0x00000008UL | ||
233 | #define TCP_SOCKET__GETATTR 0x00000010UL | ||
234 | #define TCP_SOCKET__SETATTR 0x00000020UL | ||
235 | #define TCP_SOCKET__LOCK 0x00000040UL | ||
236 | #define TCP_SOCKET__RELABELFROM 0x00000080UL | ||
237 | #define TCP_SOCKET__RELABELTO 0x00000100UL | ||
238 | #define TCP_SOCKET__APPEND 0x00000200UL | ||
239 | #define TCP_SOCKET__BIND 0x00000400UL | ||
240 | #define TCP_SOCKET__CONNECT 0x00000800UL | ||
241 | #define TCP_SOCKET__LISTEN 0x00001000UL | ||
242 | #define TCP_SOCKET__ACCEPT 0x00002000UL | ||
243 | #define TCP_SOCKET__GETOPT 0x00004000UL | ||
244 | #define TCP_SOCKET__SETOPT 0x00008000UL | ||
245 | #define TCP_SOCKET__SHUTDOWN 0x00010000UL | ||
246 | #define TCP_SOCKET__RECVFROM 0x00020000UL | ||
247 | #define TCP_SOCKET__SENDTO 0x00040000UL | ||
248 | #define TCP_SOCKET__RECV_MSG 0x00080000UL | ||
249 | #define TCP_SOCKET__SEND_MSG 0x00100000UL | ||
250 | #define TCP_SOCKET__NAME_BIND 0x00200000UL | ||
251 | |||
252 | #define TCP_SOCKET__CONNECTTO 0x00400000UL | ||
253 | #define TCP_SOCKET__NEWCONN 0x00800000UL | ||
254 | #define TCP_SOCKET__ACCEPTFROM 0x01000000UL | ||
255 | #define TCP_SOCKET__NODE_BIND 0x02000000UL | ||
256 | #define TCP_SOCKET__NAME_CONNECT 0x04000000UL | ||
257 | |||
258 | #define UDP_SOCKET__IOCTL 0x00000001UL | ||
259 | #define UDP_SOCKET__READ 0x00000002UL | ||
260 | #define UDP_SOCKET__WRITE 0x00000004UL | ||
261 | #define UDP_SOCKET__CREATE 0x00000008UL | ||
262 | #define UDP_SOCKET__GETATTR 0x00000010UL | ||
263 | #define UDP_SOCKET__SETATTR 0x00000020UL | ||
264 | #define UDP_SOCKET__LOCK 0x00000040UL | ||
265 | #define UDP_SOCKET__RELABELFROM 0x00000080UL | ||
266 | #define UDP_SOCKET__RELABELTO 0x00000100UL | ||
267 | #define UDP_SOCKET__APPEND 0x00000200UL | ||
268 | #define UDP_SOCKET__BIND 0x00000400UL | ||
269 | #define UDP_SOCKET__CONNECT 0x00000800UL | ||
270 | #define UDP_SOCKET__LISTEN 0x00001000UL | ||
271 | #define UDP_SOCKET__ACCEPT 0x00002000UL | ||
272 | #define UDP_SOCKET__GETOPT 0x00004000UL | ||
273 | #define UDP_SOCKET__SETOPT 0x00008000UL | ||
274 | #define UDP_SOCKET__SHUTDOWN 0x00010000UL | ||
275 | #define UDP_SOCKET__RECVFROM 0x00020000UL | ||
276 | #define UDP_SOCKET__SENDTO 0x00040000UL | ||
277 | #define UDP_SOCKET__RECV_MSG 0x00080000UL | ||
278 | #define UDP_SOCKET__SEND_MSG 0x00100000UL | ||
279 | #define UDP_SOCKET__NAME_BIND 0x00200000UL | ||
280 | |||
281 | #define UDP_SOCKET__NODE_BIND 0x00400000UL | ||
282 | |||
283 | #define RAWIP_SOCKET__IOCTL 0x00000001UL | ||
284 | #define RAWIP_SOCKET__READ 0x00000002UL | ||
285 | #define RAWIP_SOCKET__WRITE 0x00000004UL | ||
286 | #define RAWIP_SOCKET__CREATE 0x00000008UL | ||
287 | #define RAWIP_SOCKET__GETATTR 0x00000010UL | ||
288 | #define RAWIP_SOCKET__SETATTR 0x00000020UL | ||
289 | #define RAWIP_SOCKET__LOCK 0x00000040UL | ||
290 | #define RAWIP_SOCKET__RELABELFROM 0x00000080UL | ||
291 | #define RAWIP_SOCKET__RELABELTO 0x00000100UL | ||
292 | #define RAWIP_SOCKET__APPEND 0x00000200UL | ||
293 | #define RAWIP_SOCKET__BIND 0x00000400UL | ||
294 | #define RAWIP_SOCKET__CONNECT 0x00000800UL | ||
295 | #define RAWIP_SOCKET__LISTEN 0x00001000UL | ||
296 | #define RAWIP_SOCKET__ACCEPT 0x00002000UL | ||
297 | #define RAWIP_SOCKET__GETOPT 0x00004000UL | ||
298 | #define RAWIP_SOCKET__SETOPT 0x00008000UL | ||
299 | #define RAWIP_SOCKET__SHUTDOWN 0x00010000UL | ||
300 | #define RAWIP_SOCKET__RECVFROM 0x00020000UL | ||
301 | #define RAWIP_SOCKET__SENDTO 0x00040000UL | ||
302 | #define RAWIP_SOCKET__RECV_MSG 0x00080000UL | ||
303 | #define RAWIP_SOCKET__SEND_MSG 0x00100000UL | ||
304 | #define RAWIP_SOCKET__NAME_BIND 0x00200000UL | ||
305 | |||
306 | #define RAWIP_SOCKET__NODE_BIND 0x00400000UL | ||
307 | |||
308 | #define NODE__TCP_RECV 0x00000001UL | ||
309 | #define NODE__TCP_SEND 0x00000002UL | ||
310 | #define NODE__UDP_RECV 0x00000004UL | ||
311 | #define NODE__UDP_SEND 0x00000008UL | ||
312 | #define NODE__RAWIP_RECV 0x00000010UL | ||
313 | #define NODE__RAWIP_SEND 0x00000020UL | ||
314 | #define NODE__ENFORCE_DEST 0x00000040UL | ||
315 | |||
316 | #define NETIF__TCP_RECV 0x00000001UL | ||
317 | #define NETIF__TCP_SEND 0x00000002UL | ||
318 | #define NETIF__UDP_RECV 0x00000004UL | ||
319 | #define NETIF__UDP_SEND 0x00000008UL | ||
320 | #define NETIF__RAWIP_RECV 0x00000010UL | ||
321 | #define NETIF__RAWIP_SEND 0x00000020UL | ||
322 | |||
323 | #define NETLINK_SOCKET__IOCTL 0x00000001UL | ||
324 | #define NETLINK_SOCKET__READ 0x00000002UL | ||
325 | #define NETLINK_SOCKET__WRITE 0x00000004UL | ||
326 | #define NETLINK_SOCKET__CREATE 0x00000008UL | ||
327 | #define NETLINK_SOCKET__GETATTR 0x00000010UL | ||
328 | #define NETLINK_SOCKET__SETATTR 0x00000020UL | ||
329 | #define NETLINK_SOCKET__LOCK 0x00000040UL | ||
330 | #define NETLINK_SOCKET__RELABELFROM 0x00000080UL | ||
331 | #define NETLINK_SOCKET__RELABELTO 0x00000100UL | ||
332 | #define NETLINK_SOCKET__APPEND 0x00000200UL | ||
333 | #define NETLINK_SOCKET__BIND 0x00000400UL | ||
334 | #define NETLINK_SOCKET__CONNECT 0x00000800UL | ||
335 | #define NETLINK_SOCKET__LISTEN 0x00001000UL | ||
336 | #define NETLINK_SOCKET__ACCEPT 0x00002000UL | ||
337 | #define NETLINK_SOCKET__GETOPT 0x00004000UL | ||
338 | #define NETLINK_SOCKET__SETOPT 0x00008000UL | ||
339 | #define NETLINK_SOCKET__SHUTDOWN 0x00010000UL | ||
340 | #define NETLINK_SOCKET__RECVFROM 0x00020000UL | ||
341 | #define NETLINK_SOCKET__SENDTO 0x00040000UL | ||
342 | #define NETLINK_SOCKET__RECV_MSG 0x00080000UL | ||
343 | #define NETLINK_SOCKET__SEND_MSG 0x00100000UL | ||
344 | #define NETLINK_SOCKET__NAME_BIND 0x00200000UL | ||
345 | |||
346 | #define PACKET_SOCKET__IOCTL 0x00000001UL | ||
347 | #define PACKET_SOCKET__READ 0x00000002UL | ||
348 | #define PACKET_SOCKET__WRITE 0x00000004UL | ||
349 | #define PACKET_SOCKET__CREATE 0x00000008UL | ||
350 | #define PACKET_SOCKET__GETATTR 0x00000010UL | ||
351 | #define PACKET_SOCKET__SETATTR 0x00000020UL | ||
352 | #define PACKET_SOCKET__LOCK 0x00000040UL | ||
353 | #define PACKET_SOCKET__RELABELFROM 0x00000080UL | ||
354 | #define PACKET_SOCKET__RELABELTO 0x00000100UL | ||
355 | #define PACKET_SOCKET__APPEND 0x00000200UL | ||
356 | #define PACKET_SOCKET__BIND 0x00000400UL | ||
357 | #define PACKET_SOCKET__CONNECT 0x00000800UL | ||
358 | #define PACKET_SOCKET__LISTEN 0x00001000UL | ||
359 | #define PACKET_SOCKET__ACCEPT 0x00002000UL | ||
360 | #define PACKET_SOCKET__GETOPT 0x00004000UL | ||
361 | #define PACKET_SOCKET__SETOPT 0x00008000UL | ||
362 | #define PACKET_SOCKET__SHUTDOWN 0x00010000UL | ||
363 | #define PACKET_SOCKET__RECVFROM 0x00020000UL | ||
364 | #define PACKET_SOCKET__SENDTO 0x00040000UL | ||
365 | #define PACKET_SOCKET__RECV_MSG 0x00080000UL | ||
366 | #define PACKET_SOCKET__SEND_MSG 0x00100000UL | ||
367 | #define PACKET_SOCKET__NAME_BIND 0x00200000UL | ||
368 | |||
369 | #define KEY_SOCKET__IOCTL 0x00000001UL | ||
370 | #define KEY_SOCKET__READ 0x00000002UL | ||
371 | #define KEY_SOCKET__WRITE 0x00000004UL | ||
372 | #define KEY_SOCKET__CREATE 0x00000008UL | ||
373 | #define KEY_SOCKET__GETATTR 0x00000010UL | ||
374 | #define KEY_SOCKET__SETATTR 0x00000020UL | ||
375 | #define KEY_SOCKET__LOCK 0x00000040UL | ||
376 | #define KEY_SOCKET__RELABELFROM 0x00000080UL | ||
377 | #define KEY_SOCKET__RELABELTO 0x00000100UL | ||
378 | #define KEY_SOCKET__APPEND 0x00000200UL | ||
379 | #define KEY_SOCKET__BIND 0x00000400UL | ||
380 | #define KEY_SOCKET__CONNECT 0x00000800UL | ||
381 | #define KEY_SOCKET__LISTEN 0x00001000UL | ||
382 | #define KEY_SOCKET__ACCEPT 0x00002000UL | ||
383 | #define KEY_SOCKET__GETOPT 0x00004000UL | ||
384 | #define KEY_SOCKET__SETOPT 0x00008000UL | ||
385 | #define KEY_SOCKET__SHUTDOWN 0x00010000UL | ||
386 | #define KEY_SOCKET__RECVFROM 0x00020000UL | ||
387 | #define KEY_SOCKET__SENDTO 0x00040000UL | ||
388 | #define KEY_SOCKET__RECV_MSG 0x00080000UL | ||
389 | #define KEY_SOCKET__SEND_MSG 0x00100000UL | ||
390 | #define KEY_SOCKET__NAME_BIND 0x00200000UL | ||
391 | |||
392 | #define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL | ||
393 | #define UNIX_STREAM_SOCKET__READ 0x00000002UL | ||
394 | #define UNIX_STREAM_SOCKET__WRITE 0x00000004UL | ||
395 | #define UNIX_STREAM_SOCKET__CREATE 0x00000008UL | ||
396 | #define UNIX_STREAM_SOCKET__GETATTR 0x00000010UL | ||
397 | #define UNIX_STREAM_SOCKET__SETATTR 0x00000020UL | ||
398 | #define UNIX_STREAM_SOCKET__LOCK 0x00000040UL | ||
399 | #define UNIX_STREAM_SOCKET__RELABELFROM 0x00000080UL | ||
400 | #define UNIX_STREAM_SOCKET__RELABELTO 0x00000100UL | ||
401 | #define UNIX_STREAM_SOCKET__APPEND 0x00000200UL | ||
402 | #define UNIX_STREAM_SOCKET__BIND 0x00000400UL | ||
403 | #define UNIX_STREAM_SOCKET__CONNECT 0x00000800UL | ||
404 | #define UNIX_STREAM_SOCKET__LISTEN 0x00001000UL | ||
405 | #define UNIX_STREAM_SOCKET__ACCEPT 0x00002000UL | ||
406 | #define UNIX_STREAM_SOCKET__GETOPT 0x00004000UL | ||
407 | #define UNIX_STREAM_SOCKET__SETOPT 0x00008000UL | ||
408 | #define UNIX_STREAM_SOCKET__SHUTDOWN 0x00010000UL | ||
409 | #define UNIX_STREAM_SOCKET__RECVFROM 0x00020000UL | ||
410 | #define UNIX_STREAM_SOCKET__SENDTO 0x00040000UL | ||
411 | #define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL | ||
412 | #define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL | ||
413 | #define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL | ||
414 | |||
415 | #define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL | ||
416 | #define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL | ||
417 | #define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL | ||
418 | |||
419 | #define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL | ||
420 | #define UNIX_DGRAM_SOCKET__READ 0x00000002UL | ||
421 | #define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL | ||
422 | #define UNIX_DGRAM_SOCKET__CREATE 0x00000008UL | ||
423 | #define UNIX_DGRAM_SOCKET__GETATTR 0x00000010UL | ||
424 | #define UNIX_DGRAM_SOCKET__SETATTR 0x00000020UL | ||
425 | #define UNIX_DGRAM_SOCKET__LOCK 0x00000040UL | ||
426 | #define UNIX_DGRAM_SOCKET__RELABELFROM 0x00000080UL | ||
427 | #define UNIX_DGRAM_SOCKET__RELABELTO 0x00000100UL | ||
428 | #define UNIX_DGRAM_SOCKET__APPEND 0x00000200UL | ||
429 | #define UNIX_DGRAM_SOCKET__BIND 0x00000400UL | ||
430 | #define UNIX_DGRAM_SOCKET__CONNECT 0x00000800UL | ||
431 | #define UNIX_DGRAM_SOCKET__LISTEN 0x00001000UL | ||
432 | #define UNIX_DGRAM_SOCKET__ACCEPT 0x00002000UL | ||
433 | #define UNIX_DGRAM_SOCKET__GETOPT 0x00004000UL | ||
434 | #define UNIX_DGRAM_SOCKET__SETOPT 0x00008000UL | ||
435 | #define UNIX_DGRAM_SOCKET__SHUTDOWN 0x00010000UL | ||
436 | #define UNIX_DGRAM_SOCKET__RECVFROM 0x00020000UL | ||
437 | #define UNIX_DGRAM_SOCKET__SENDTO 0x00040000UL | ||
438 | #define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL | ||
439 | #define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL | ||
440 | #define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL | ||
441 | |||
442 | #define PROCESS__FORK 0x00000001UL | ||
443 | #define PROCESS__TRANSITION 0x00000002UL | ||
444 | #define PROCESS__SIGCHLD 0x00000004UL | ||
445 | #define PROCESS__SIGKILL 0x00000008UL | ||
446 | #define PROCESS__SIGSTOP 0x00000010UL | ||
447 | #define PROCESS__SIGNULL 0x00000020UL | ||
448 | #define PROCESS__SIGNAL 0x00000040UL | ||
449 | #define PROCESS__PTRACE 0x00000080UL | ||
450 | #define PROCESS__GETSCHED 0x00000100UL | ||
451 | #define PROCESS__SETSCHED 0x00000200UL | ||
452 | #define PROCESS__GETSESSION 0x00000400UL | ||
453 | #define PROCESS__GETPGID 0x00000800UL | ||
454 | #define PROCESS__SETPGID 0x00001000UL | ||
455 | #define PROCESS__GETCAP 0x00002000UL | ||
456 | #define PROCESS__SETCAP 0x00004000UL | ||
457 | #define PROCESS__SHARE 0x00008000UL | ||
458 | #define PROCESS__GETATTR 0x00010000UL | ||
459 | #define PROCESS__SETEXEC 0x00020000UL | ||
460 | #define PROCESS__SETFSCREATE 0x00040000UL | ||
461 | #define PROCESS__NOATSECURE 0x00080000UL | ||
462 | #define PROCESS__SIGINH 0x00100000UL | ||
463 | #define PROCESS__SETRLIMIT 0x00200000UL | ||
464 | #define PROCESS__RLIMITINH 0x00400000UL | ||
465 | #define PROCESS__DYNTRANSITION 0x00800000UL | ||
466 | #define PROCESS__SETCURRENT 0x01000000UL | ||
467 | #define PROCESS__EXECMEM 0x02000000UL | ||
468 | |||
469 | #define IPC__CREATE 0x00000001UL | ||
470 | #define IPC__DESTROY 0x00000002UL | ||
471 | #define IPC__GETATTR 0x00000004UL | ||
472 | #define IPC__SETATTR 0x00000008UL | ||
473 | #define IPC__READ 0x00000010UL | ||
474 | #define IPC__WRITE 0x00000020UL | ||
475 | #define IPC__ASSOCIATE 0x00000040UL | ||
476 | #define IPC__UNIX_READ 0x00000080UL | ||
477 | #define IPC__UNIX_WRITE 0x00000100UL | ||
478 | |||
479 | #define SEM__CREATE 0x00000001UL | ||
480 | #define SEM__DESTROY 0x00000002UL | ||
481 | #define SEM__GETATTR 0x00000004UL | ||
482 | #define SEM__SETATTR 0x00000008UL | ||
483 | #define SEM__READ 0x00000010UL | ||
484 | #define SEM__WRITE 0x00000020UL | ||
485 | #define SEM__ASSOCIATE 0x00000040UL | ||
486 | #define SEM__UNIX_READ 0x00000080UL | ||
487 | #define SEM__UNIX_WRITE 0x00000100UL | ||
488 | |||
489 | #define MSGQ__CREATE 0x00000001UL | ||
490 | #define MSGQ__DESTROY 0x00000002UL | ||
491 | #define MSGQ__GETATTR 0x00000004UL | ||
492 | #define MSGQ__SETATTR 0x00000008UL | ||
493 | #define MSGQ__READ 0x00000010UL | ||
494 | #define MSGQ__WRITE 0x00000020UL | ||
495 | #define MSGQ__ASSOCIATE 0x00000040UL | ||
496 | #define MSGQ__UNIX_READ 0x00000080UL | ||
497 | #define MSGQ__UNIX_WRITE 0x00000100UL | ||
498 | |||
499 | #define MSGQ__ENQUEUE 0x00000200UL | ||
500 | |||
501 | #define MSG__SEND 0x00000001UL | ||
502 | #define MSG__RECEIVE 0x00000002UL | ||
503 | |||
504 | #define SHM__CREATE 0x00000001UL | ||
505 | #define SHM__DESTROY 0x00000002UL | ||
506 | #define SHM__GETATTR 0x00000004UL | ||
507 | #define SHM__SETATTR 0x00000008UL | ||
508 | #define SHM__READ 0x00000010UL | ||
509 | #define SHM__WRITE 0x00000020UL | ||
510 | #define SHM__ASSOCIATE 0x00000040UL | ||
511 | #define SHM__UNIX_READ 0x00000080UL | ||
512 | #define SHM__UNIX_WRITE 0x00000100UL | ||
513 | |||
514 | #define SHM__LOCK 0x00000200UL | ||
515 | |||
516 | #define SECURITY__COMPUTE_AV 0x00000001UL | ||
517 | #define SECURITY__COMPUTE_CREATE 0x00000002UL | ||
518 | #define SECURITY__COMPUTE_MEMBER 0x00000004UL | ||
519 | #define SECURITY__CHECK_CONTEXT 0x00000008UL | ||
520 | #define SECURITY__LOAD_POLICY 0x00000010UL | ||
521 | #define SECURITY__COMPUTE_RELABEL 0x00000020UL | ||
522 | #define SECURITY__COMPUTE_USER 0x00000040UL | ||
523 | #define SECURITY__SETENFORCE 0x00000080UL | ||
524 | #define SECURITY__SETBOOL 0x00000100UL | ||
525 | #define SECURITY__SETSECPARAM 0x00000200UL | ||
526 | #define SECURITY__SETCHECKREQPROT 0x00000400UL | ||
527 | |||
528 | #define SYSTEM__IPC_INFO 0x00000001UL | ||
529 | #define SYSTEM__SYSLOG_READ 0x00000002UL | ||
530 | #define SYSTEM__SYSLOG_MOD 0x00000004UL | ||
531 | #define SYSTEM__SYSLOG_CONSOLE 0x00000008UL | ||
532 | |||
533 | #define CAPABILITY__CHOWN 0x00000001UL | ||
534 | #define CAPABILITY__DAC_OVERRIDE 0x00000002UL | ||
535 | #define CAPABILITY__DAC_READ_SEARCH 0x00000004UL | ||
536 | #define CAPABILITY__FOWNER 0x00000008UL | ||
537 | #define CAPABILITY__FSETID 0x00000010UL | ||
538 | #define CAPABILITY__KILL 0x00000020UL | ||
539 | #define CAPABILITY__SETGID 0x00000040UL | ||
540 | #define CAPABILITY__SETUID 0x00000080UL | ||
541 | #define CAPABILITY__SETPCAP 0x00000100UL | ||
542 | #define CAPABILITY__LINUX_IMMUTABLE 0x00000200UL | ||
543 | #define CAPABILITY__NET_BIND_SERVICE 0x00000400UL | ||
544 | #define CAPABILITY__NET_BROADCAST 0x00000800UL | ||
545 | #define CAPABILITY__NET_ADMIN 0x00001000UL | ||
546 | #define CAPABILITY__NET_RAW 0x00002000UL | ||
547 | #define CAPABILITY__IPC_LOCK 0x00004000UL | ||
548 | #define CAPABILITY__IPC_OWNER 0x00008000UL | ||
549 | #define CAPABILITY__SYS_MODULE 0x00010000UL | ||
550 | #define CAPABILITY__SYS_RAWIO 0x00020000UL | ||
551 | #define CAPABILITY__SYS_CHROOT 0x00040000UL | ||
552 | #define CAPABILITY__SYS_PTRACE 0x00080000UL | ||
553 | #define CAPABILITY__SYS_PACCT 0x00100000UL | ||
554 | #define CAPABILITY__SYS_ADMIN 0x00200000UL | ||
555 | #define CAPABILITY__SYS_BOOT 0x00400000UL | ||
556 | #define CAPABILITY__SYS_NICE 0x00800000UL | ||
557 | #define CAPABILITY__SYS_RESOURCE 0x01000000UL | ||
558 | #define CAPABILITY__SYS_TIME 0x02000000UL | ||
559 | #define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL | ||
560 | #define CAPABILITY__MKNOD 0x08000000UL | ||
561 | #define CAPABILITY__LEASE 0x10000000UL | ||
562 | |||
563 | #define PASSWD__PASSWD 0x00000001UL | ||
564 | #define PASSWD__CHFN 0x00000002UL | ||
565 | #define PASSWD__CHSH 0x00000004UL | ||
566 | #define PASSWD__ROOTOK 0x00000008UL | ||
567 | #define PASSWD__CRONTAB 0x00000010UL | ||
568 | |||
569 | #define DRAWABLE__CREATE 0x00000001UL | ||
570 | #define DRAWABLE__DESTROY 0x00000002UL | ||
571 | #define DRAWABLE__DRAW 0x00000004UL | ||
572 | #define DRAWABLE__COPY 0x00000008UL | ||
573 | #define DRAWABLE__GETATTR 0x00000010UL | ||
574 | |||
575 | #define GC__CREATE 0x00000001UL | ||
576 | #define GC__FREE 0x00000002UL | ||
577 | #define GC__GETATTR 0x00000004UL | ||
578 | #define GC__SETATTR 0x00000008UL | ||
579 | |||
580 | #define WINDOW__ADDCHILD 0x00000001UL | ||
581 | #define WINDOW__CREATE 0x00000002UL | ||
582 | #define WINDOW__DESTROY 0x00000004UL | ||
583 | #define WINDOW__MAP 0x00000008UL | ||
584 | #define WINDOW__UNMAP 0x00000010UL | ||
585 | #define WINDOW__CHSTACK 0x00000020UL | ||
586 | #define WINDOW__CHPROPLIST 0x00000040UL | ||
587 | #define WINDOW__CHPROP 0x00000080UL | ||
588 | #define WINDOW__LISTPROP 0x00000100UL | ||
589 | #define WINDOW__GETATTR 0x00000200UL | ||
590 | #define WINDOW__SETATTR 0x00000400UL | ||
591 | #define WINDOW__SETFOCUS 0x00000800UL | ||
592 | #define WINDOW__MOVE 0x00001000UL | ||
593 | #define WINDOW__CHSELECTION 0x00002000UL | ||
594 | #define WINDOW__CHPARENT 0x00004000UL | ||
595 | #define WINDOW__CTRLLIFE 0x00008000UL | ||
596 | #define WINDOW__ENUMERATE 0x00010000UL | ||
597 | #define WINDOW__TRANSPARENT 0x00020000UL | ||
598 | #define WINDOW__MOUSEMOTION 0x00040000UL | ||
599 | #define WINDOW__CLIENTCOMEVENT 0x00080000UL | ||
600 | #define WINDOW__INPUTEVENT 0x00100000UL | ||
601 | #define WINDOW__DRAWEVENT 0x00200000UL | ||
602 | #define WINDOW__WINDOWCHANGEEVENT 0x00400000UL | ||
603 | #define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL | ||
604 | #define WINDOW__SERVERCHANGEEVENT 0x01000000UL | ||
605 | #define WINDOW__EXTENSIONEVENT 0x02000000UL | ||
606 | |||
607 | #define FONT__LOAD 0x00000001UL | ||
608 | #define FONT__FREE 0x00000002UL | ||
609 | #define FONT__GETATTR 0x00000004UL | ||
610 | #define FONT__USE 0x00000008UL | ||
611 | |||
612 | #define COLORMAP__CREATE 0x00000001UL | ||
613 | #define COLORMAP__FREE 0x00000002UL | ||
614 | #define COLORMAP__INSTALL 0x00000004UL | ||
615 | #define COLORMAP__UNINSTALL 0x00000008UL | ||
616 | #define COLORMAP__LIST 0x00000010UL | ||
617 | #define COLORMAP__READ 0x00000020UL | ||
618 | #define COLORMAP__STORE 0x00000040UL | ||
619 | #define COLORMAP__GETATTR 0x00000080UL | ||
620 | #define COLORMAP__SETATTR 0x00000100UL | ||
621 | |||
622 | #define PROPERTY__CREATE 0x00000001UL | ||
623 | #define PROPERTY__FREE 0x00000002UL | ||
624 | #define PROPERTY__READ 0x00000004UL | ||
625 | #define PROPERTY__WRITE 0x00000008UL | ||
626 | |||
627 | #define CURSOR__CREATE 0x00000001UL | ||
628 | #define CURSOR__CREATEGLYPH 0x00000002UL | ||
629 | #define CURSOR__FREE 0x00000004UL | ||
630 | #define CURSOR__ASSIGN 0x00000008UL | ||
631 | #define CURSOR__SETATTR 0x00000010UL | ||
632 | |||
633 | #define XCLIENT__KILL 0x00000001UL | ||
634 | |||
635 | #define XINPUT__LOOKUP 0x00000001UL | ||
636 | #define XINPUT__GETATTR 0x00000002UL | ||
637 | #define XINPUT__SETATTR 0x00000004UL | ||
638 | #define XINPUT__SETFOCUS 0x00000008UL | ||
639 | #define XINPUT__WARPPOINTER 0x00000010UL | ||
640 | #define XINPUT__ACTIVEGRAB 0x00000020UL | ||
641 | #define XINPUT__PASSIVEGRAB 0x00000040UL | ||
642 | #define XINPUT__UNGRAB 0x00000080UL | ||
643 | #define XINPUT__BELL 0x00000100UL | ||
644 | #define XINPUT__MOUSEMOTION 0x00000200UL | ||
645 | #define XINPUT__RELABELINPUT 0x00000400UL | ||
646 | |||
647 | #define XSERVER__SCREENSAVER 0x00000001UL | ||
648 | #define XSERVER__GETHOSTLIST 0x00000002UL | ||
649 | #define XSERVER__SETHOSTLIST 0x00000004UL | ||
650 | #define XSERVER__GETFONTPATH 0x00000008UL | ||
651 | #define XSERVER__SETFONTPATH 0x00000010UL | ||
652 | #define XSERVER__GETATTR 0x00000020UL | ||
653 | #define XSERVER__GRAB 0x00000040UL | ||
654 | #define XSERVER__UNGRAB 0x00000080UL | ||
655 | |||
656 | #define XEXTENSION__QUERY 0x00000001UL | ||
657 | #define XEXTENSION__USE 0x00000002UL | ||
658 | |||
659 | #define PAX__PAGEEXEC 0x00000001UL | ||
660 | #define PAX__EMUTRAMP 0x00000002UL | ||
661 | #define PAX__MPROTECT 0x00000004UL | ||
662 | #define PAX__RANDMMAP 0x00000008UL | ||
663 | #define PAX__RANDEXEC 0x00000010UL | ||
664 | #define PAX__SEGMEXEC 0x00000020UL | ||
665 | |||
666 | #define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL | ||
667 | #define NETLINK_ROUTE_SOCKET__READ 0x00000002UL | ||
668 | #define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL | ||
669 | #define NETLINK_ROUTE_SOCKET__CREATE 0x00000008UL | ||
670 | #define NETLINK_ROUTE_SOCKET__GETATTR 0x00000010UL | ||
671 | #define NETLINK_ROUTE_SOCKET__SETATTR 0x00000020UL | ||
672 | #define NETLINK_ROUTE_SOCKET__LOCK 0x00000040UL | ||
673 | #define NETLINK_ROUTE_SOCKET__RELABELFROM 0x00000080UL | ||
674 | #define NETLINK_ROUTE_SOCKET__RELABELTO 0x00000100UL | ||
675 | #define NETLINK_ROUTE_SOCKET__APPEND 0x00000200UL | ||
676 | #define NETLINK_ROUTE_SOCKET__BIND 0x00000400UL | ||
677 | #define NETLINK_ROUTE_SOCKET__CONNECT 0x00000800UL | ||
678 | #define NETLINK_ROUTE_SOCKET__LISTEN 0x00001000UL | ||
679 | #define NETLINK_ROUTE_SOCKET__ACCEPT 0x00002000UL | ||
680 | #define NETLINK_ROUTE_SOCKET__GETOPT 0x00004000UL | ||
681 | #define NETLINK_ROUTE_SOCKET__SETOPT 0x00008000UL | ||
682 | #define NETLINK_ROUTE_SOCKET__SHUTDOWN 0x00010000UL | ||
683 | #define NETLINK_ROUTE_SOCKET__RECVFROM 0x00020000UL | ||
684 | #define NETLINK_ROUTE_SOCKET__SENDTO 0x00040000UL | ||
685 | #define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL | ||
686 | #define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL | ||
687 | #define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL | ||
688 | |||
689 | #define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL | ||
690 | #define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL | ||
691 | |||
692 | #define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL | ||
693 | #define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL | ||
694 | #define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL | ||
695 | #define NETLINK_FIREWALL_SOCKET__CREATE 0x00000008UL | ||
696 | #define NETLINK_FIREWALL_SOCKET__GETATTR 0x00000010UL | ||
697 | #define NETLINK_FIREWALL_SOCKET__SETATTR 0x00000020UL | ||
698 | #define NETLINK_FIREWALL_SOCKET__LOCK 0x00000040UL | ||
699 | #define NETLINK_FIREWALL_SOCKET__RELABELFROM 0x00000080UL | ||
700 | #define NETLINK_FIREWALL_SOCKET__RELABELTO 0x00000100UL | ||
701 | #define NETLINK_FIREWALL_SOCKET__APPEND 0x00000200UL | ||
702 | #define NETLINK_FIREWALL_SOCKET__BIND 0x00000400UL | ||
703 | #define NETLINK_FIREWALL_SOCKET__CONNECT 0x00000800UL | ||
704 | #define NETLINK_FIREWALL_SOCKET__LISTEN 0x00001000UL | ||
705 | #define NETLINK_FIREWALL_SOCKET__ACCEPT 0x00002000UL | ||
706 | #define NETLINK_FIREWALL_SOCKET__GETOPT 0x00004000UL | ||
707 | #define NETLINK_FIREWALL_SOCKET__SETOPT 0x00008000UL | ||
708 | #define NETLINK_FIREWALL_SOCKET__SHUTDOWN 0x00010000UL | ||
709 | #define NETLINK_FIREWALL_SOCKET__RECVFROM 0x00020000UL | ||
710 | #define NETLINK_FIREWALL_SOCKET__SENDTO 0x00040000UL | ||
711 | #define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL | ||
712 | #define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL | ||
713 | #define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL | ||
714 | |||
715 | #define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL | ||
716 | #define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL | ||
717 | |||
718 | #define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL | ||
719 | #define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL | ||
720 | #define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL | ||
721 | #define NETLINK_TCPDIAG_SOCKET__CREATE 0x00000008UL | ||
722 | #define NETLINK_TCPDIAG_SOCKET__GETATTR 0x00000010UL | ||
723 | #define NETLINK_TCPDIAG_SOCKET__SETATTR 0x00000020UL | ||
724 | #define NETLINK_TCPDIAG_SOCKET__LOCK 0x00000040UL | ||
725 | #define NETLINK_TCPDIAG_SOCKET__RELABELFROM 0x00000080UL | ||
726 | #define NETLINK_TCPDIAG_SOCKET__RELABELTO 0x00000100UL | ||
727 | #define NETLINK_TCPDIAG_SOCKET__APPEND 0x00000200UL | ||
728 | #define NETLINK_TCPDIAG_SOCKET__BIND 0x00000400UL | ||
729 | #define NETLINK_TCPDIAG_SOCKET__CONNECT 0x00000800UL | ||
730 | #define NETLINK_TCPDIAG_SOCKET__LISTEN 0x00001000UL | ||
731 | #define NETLINK_TCPDIAG_SOCKET__ACCEPT 0x00002000UL | ||
732 | #define NETLINK_TCPDIAG_SOCKET__GETOPT 0x00004000UL | ||
733 | #define NETLINK_TCPDIAG_SOCKET__SETOPT 0x00008000UL | ||
734 | #define NETLINK_TCPDIAG_SOCKET__SHUTDOWN 0x00010000UL | ||
735 | #define NETLINK_TCPDIAG_SOCKET__RECVFROM 0x00020000UL | ||
736 | #define NETLINK_TCPDIAG_SOCKET__SENDTO 0x00040000UL | ||
737 | #define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL | ||
738 | #define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL | ||
739 | #define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL | ||
740 | |||
741 | #define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL | ||
742 | #define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL | ||
743 | |||
744 | #define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL | ||
745 | #define NETLINK_NFLOG_SOCKET__READ 0x00000002UL | ||
746 | #define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL | ||
747 | #define NETLINK_NFLOG_SOCKET__CREATE 0x00000008UL | ||
748 | #define NETLINK_NFLOG_SOCKET__GETATTR 0x00000010UL | ||
749 | #define NETLINK_NFLOG_SOCKET__SETATTR 0x00000020UL | ||
750 | #define NETLINK_NFLOG_SOCKET__LOCK 0x00000040UL | ||
751 | #define NETLINK_NFLOG_SOCKET__RELABELFROM 0x00000080UL | ||
752 | #define NETLINK_NFLOG_SOCKET__RELABELTO 0x00000100UL | ||
753 | #define NETLINK_NFLOG_SOCKET__APPEND 0x00000200UL | ||
754 | #define NETLINK_NFLOG_SOCKET__BIND 0x00000400UL | ||
755 | #define NETLINK_NFLOG_SOCKET__CONNECT 0x00000800UL | ||
756 | #define NETLINK_NFLOG_SOCKET__LISTEN 0x00001000UL | ||
757 | #define NETLINK_NFLOG_SOCKET__ACCEPT 0x00002000UL | ||
758 | #define NETLINK_NFLOG_SOCKET__GETOPT 0x00004000UL | ||
759 | #define NETLINK_NFLOG_SOCKET__SETOPT 0x00008000UL | ||
760 | #define NETLINK_NFLOG_SOCKET__SHUTDOWN 0x00010000UL | ||
761 | #define NETLINK_NFLOG_SOCKET__RECVFROM 0x00020000UL | ||
762 | #define NETLINK_NFLOG_SOCKET__SENDTO 0x00040000UL | ||
763 | #define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL | ||
764 | #define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL | ||
765 | #define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL | ||
766 | |||
767 | #define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL | ||
768 | #define NETLINK_XFRM_SOCKET__READ 0x00000002UL | ||
769 | #define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL | ||
770 | #define NETLINK_XFRM_SOCKET__CREATE 0x00000008UL | ||
771 | #define NETLINK_XFRM_SOCKET__GETATTR 0x00000010UL | ||
772 | #define NETLINK_XFRM_SOCKET__SETATTR 0x00000020UL | ||
773 | #define NETLINK_XFRM_SOCKET__LOCK 0x00000040UL | ||
774 | #define NETLINK_XFRM_SOCKET__RELABELFROM 0x00000080UL | ||
775 | #define NETLINK_XFRM_SOCKET__RELABELTO 0x00000100UL | ||
776 | #define NETLINK_XFRM_SOCKET__APPEND 0x00000200UL | ||
777 | #define NETLINK_XFRM_SOCKET__BIND 0x00000400UL | ||
778 | #define NETLINK_XFRM_SOCKET__CONNECT 0x00000800UL | ||
779 | #define NETLINK_XFRM_SOCKET__LISTEN 0x00001000UL | ||
780 | #define NETLINK_XFRM_SOCKET__ACCEPT 0x00002000UL | ||
781 | #define NETLINK_XFRM_SOCKET__GETOPT 0x00004000UL | ||
782 | #define NETLINK_XFRM_SOCKET__SETOPT 0x00008000UL | ||
783 | #define NETLINK_XFRM_SOCKET__SHUTDOWN 0x00010000UL | ||
784 | #define NETLINK_XFRM_SOCKET__RECVFROM 0x00020000UL | ||
785 | #define NETLINK_XFRM_SOCKET__SENDTO 0x00040000UL | ||
786 | #define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL | ||
787 | #define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL | ||
788 | #define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL | ||
789 | |||
790 | #define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL | ||
791 | #define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL | ||
792 | |||
793 | #define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL | ||
794 | #define NETLINK_SELINUX_SOCKET__READ 0x00000002UL | ||
795 | #define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL | ||
796 | #define NETLINK_SELINUX_SOCKET__CREATE 0x00000008UL | ||
797 | #define NETLINK_SELINUX_SOCKET__GETATTR 0x00000010UL | ||
798 | #define NETLINK_SELINUX_SOCKET__SETATTR 0x00000020UL | ||
799 | #define NETLINK_SELINUX_SOCKET__LOCK 0x00000040UL | ||
800 | #define NETLINK_SELINUX_SOCKET__RELABELFROM 0x00000080UL | ||
801 | #define NETLINK_SELINUX_SOCKET__RELABELTO 0x00000100UL | ||
802 | #define NETLINK_SELINUX_SOCKET__APPEND 0x00000200UL | ||
803 | #define NETLINK_SELINUX_SOCKET__BIND 0x00000400UL | ||
804 | #define NETLINK_SELINUX_SOCKET__CONNECT 0x00000800UL | ||
805 | #define NETLINK_SELINUX_SOCKET__LISTEN 0x00001000UL | ||
806 | #define NETLINK_SELINUX_SOCKET__ACCEPT 0x00002000UL | ||
807 | #define NETLINK_SELINUX_SOCKET__GETOPT 0x00004000UL | ||
808 | #define NETLINK_SELINUX_SOCKET__SETOPT 0x00008000UL | ||
809 | #define NETLINK_SELINUX_SOCKET__SHUTDOWN 0x00010000UL | ||
810 | #define NETLINK_SELINUX_SOCKET__RECVFROM 0x00020000UL | ||
811 | #define NETLINK_SELINUX_SOCKET__SENDTO 0x00040000UL | ||
812 | #define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL | ||
813 | #define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL | ||
814 | #define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL | ||
815 | |||
816 | #define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL | ||
817 | #define NETLINK_AUDIT_SOCKET__READ 0x00000002UL | ||
818 | #define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL | ||
819 | #define NETLINK_AUDIT_SOCKET__CREATE 0x00000008UL | ||
820 | #define NETLINK_AUDIT_SOCKET__GETATTR 0x00000010UL | ||
821 | #define NETLINK_AUDIT_SOCKET__SETATTR 0x00000020UL | ||
822 | #define NETLINK_AUDIT_SOCKET__LOCK 0x00000040UL | ||
823 | #define NETLINK_AUDIT_SOCKET__RELABELFROM 0x00000080UL | ||
824 | #define NETLINK_AUDIT_SOCKET__RELABELTO 0x00000100UL | ||
825 | #define NETLINK_AUDIT_SOCKET__APPEND 0x00000200UL | ||
826 | #define NETLINK_AUDIT_SOCKET__BIND 0x00000400UL | ||
827 | #define NETLINK_AUDIT_SOCKET__CONNECT 0x00000800UL | ||
828 | #define NETLINK_AUDIT_SOCKET__LISTEN 0x00001000UL | ||
829 | #define NETLINK_AUDIT_SOCKET__ACCEPT 0x00002000UL | ||
830 | #define NETLINK_AUDIT_SOCKET__GETOPT 0x00004000UL | ||
831 | #define NETLINK_AUDIT_SOCKET__SETOPT 0x00008000UL | ||
832 | #define NETLINK_AUDIT_SOCKET__SHUTDOWN 0x00010000UL | ||
833 | #define NETLINK_AUDIT_SOCKET__RECVFROM 0x00020000UL | ||
834 | #define NETLINK_AUDIT_SOCKET__SENDTO 0x00040000UL | ||
835 | #define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL | ||
836 | #define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL | ||
837 | #define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL | ||
838 | |||
839 | #define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL | ||
840 | #define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL | ||
841 | |||
842 | #define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL | ||
843 | #define NETLINK_IP6FW_SOCKET__READ 0x00000002UL | ||
844 | #define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL | ||
845 | #define NETLINK_IP6FW_SOCKET__CREATE 0x00000008UL | ||
846 | #define NETLINK_IP6FW_SOCKET__GETATTR 0x00000010UL | ||
847 | #define NETLINK_IP6FW_SOCKET__SETATTR 0x00000020UL | ||
848 | #define NETLINK_IP6FW_SOCKET__LOCK 0x00000040UL | ||
849 | #define NETLINK_IP6FW_SOCKET__RELABELFROM 0x00000080UL | ||
850 | #define NETLINK_IP6FW_SOCKET__RELABELTO 0x00000100UL | ||
851 | #define NETLINK_IP6FW_SOCKET__APPEND 0x00000200UL | ||
852 | #define NETLINK_IP6FW_SOCKET__BIND 0x00000400UL | ||
853 | #define NETLINK_IP6FW_SOCKET__CONNECT 0x00000800UL | ||
854 | #define NETLINK_IP6FW_SOCKET__LISTEN 0x00001000UL | ||
855 | #define NETLINK_IP6FW_SOCKET__ACCEPT 0x00002000UL | ||
856 | #define NETLINK_IP6FW_SOCKET__GETOPT 0x00004000UL | ||
857 | #define NETLINK_IP6FW_SOCKET__SETOPT 0x00008000UL | ||
858 | #define NETLINK_IP6FW_SOCKET__SHUTDOWN 0x00010000UL | ||
859 | #define NETLINK_IP6FW_SOCKET__RECVFROM 0x00020000UL | ||
860 | #define NETLINK_IP6FW_SOCKET__SENDTO 0x00040000UL | ||
861 | #define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL | ||
862 | #define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL | ||
863 | #define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL | ||
864 | |||
865 | #define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL | ||
866 | #define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL | ||
867 | |||
868 | #define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL | ||
869 | #define NETLINK_DNRT_SOCKET__READ 0x00000002UL | ||
870 | #define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL | ||
871 | #define NETLINK_DNRT_SOCKET__CREATE 0x00000008UL | ||
872 | #define NETLINK_DNRT_SOCKET__GETATTR 0x00000010UL | ||
873 | #define NETLINK_DNRT_SOCKET__SETATTR 0x00000020UL | ||
874 | #define NETLINK_DNRT_SOCKET__LOCK 0x00000040UL | ||
875 | #define NETLINK_DNRT_SOCKET__RELABELFROM 0x00000080UL | ||
876 | #define NETLINK_DNRT_SOCKET__RELABELTO 0x00000100UL | ||
877 | #define NETLINK_DNRT_SOCKET__APPEND 0x00000200UL | ||
878 | #define NETLINK_DNRT_SOCKET__BIND 0x00000400UL | ||
879 | #define NETLINK_DNRT_SOCKET__CONNECT 0x00000800UL | ||
880 | #define NETLINK_DNRT_SOCKET__LISTEN 0x00001000UL | ||
881 | #define NETLINK_DNRT_SOCKET__ACCEPT 0x00002000UL | ||
882 | #define NETLINK_DNRT_SOCKET__GETOPT 0x00004000UL | ||
883 | #define NETLINK_DNRT_SOCKET__SETOPT 0x00008000UL | ||
884 | #define NETLINK_DNRT_SOCKET__SHUTDOWN 0x00010000UL | ||
885 | #define NETLINK_DNRT_SOCKET__RECVFROM 0x00020000UL | ||
886 | #define NETLINK_DNRT_SOCKET__SENDTO 0x00040000UL | ||
887 | #define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL | ||
888 | #define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL | ||
889 | #define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL | ||
890 | |||
891 | #define DBUS__ACQUIRE_SVC 0x00000001UL | ||
892 | #define DBUS__SEND_MSG 0x00000002UL | ||
893 | |||
894 | #define NSCD__GETPWD 0x00000001UL | ||
895 | #define NSCD__GETGRP 0x00000002UL | ||
896 | #define NSCD__GETHOST 0x00000004UL | ||
897 | #define NSCD__GETSTAT 0x00000008UL | ||
898 | #define NSCD__ADMIN 0x00000010UL | ||
899 | #define NSCD__SHMEMPWD 0x00000020UL | ||
900 | #define NSCD__SHMEMGRP 0x00000040UL | ||
901 | #define NSCD__SHMEMHOST 0x00000080UL | ||
902 | |||
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h new file mode 100644 index 000000000000..960ef18ddc41 --- /dev/null +++ b/security/selinux/include/avc.h | |||
@@ -0,0 +1,137 @@ | |||
1 | /* | ||
2 | * Access vector cache interface for object managers. | ||
3 | * | ||
4 | * Author : Stephen Smalley, <sds@epoch.ncsc.mil> | ||
5 | */ | ||
6 | #ifndef _SELINUX_AVC_H_ | ||
7 | #define _SELINUX_AVC_H_ | ||
8 | |||
9 | #include <linux/stddef.h> | ||
10 | #include <linux/errno.h> | ||
11 | #include <linux/kernel.h> | ||
12 | #include <linux/kdev_t.h> | ||
13 | #include <linux/spinlock.h> | ||
14 | #include <linux/init.h> | ||
15 | #include <linux/in6.h> | ||
16 | #include <asm/system.h> | ||
17 | #include "flask.h" | ||
18 | #include "av_permissions.h" | ||
19 | #include "security.h" | ||
20 | |||
21 | #ifdef CONFIG_SECURITY_SELINUX_DEVELOP | ||
22 | extern int selinux_enforcing; | ||
23 | #else | ||
24 | #define selinux_enforcing 1 | ||
25 | #endif | ||
26 | |||
27 | /* | ||
28 | * An entry in the AVC. | ||
29 | */ | ||
30 | struct avc_entry; | ||
31 | |||
32 | struct task_struct; | ||
33 | struct vfsmount; | ||
34 | struct dentry; | ||
35 | struct inode; | ||
36 | struct sock; | ||
37 | struct sk_buff; | ||
38 | |||
39 | /* Auxiliary data to use in generating the audit record. */ | ||
40 | struct avc_audit_data { | ||
41 | char type; | ||
42 | #define AVC_AUDIT_DATA_FS 1 | ||
43 | #define AVC_AUDIT_DATA_NET 2 | ||
44 | #define AVC_AUDIT_DATA_CAP 3 | ||
45 | #define AVC_AUDIT_DATA_IPC 4 | ||
46 | struct task_struct *tsk; | ||
47 | union { | ||
48 | struct { | ||
49 | struct vfsmount *mnt; | ||
50 | struct dentry *dentry; | ||
51 | struct inode *inode; | ||
52 | } fs; | ||
53 | struct { | ||
54 | char *netif; | ||
55 | struct sock *sk; | ||
56 | u16 family; | ||
57 | u16 dport; | ||
58 | u16 sport; | ||
59 | union { | ||
60 | struct { | ||
61 | u32 daddr; | ||
62 | u32 saddr; | ||
63 | } v4; | ||
64 | struct { | ||
65 | struct in6_addr daddr; | ||
66 | struct in6_addr saddr; | ||
67 | } v6; | ||
68 | } fam; | ||
69 | } net; | ||
70 | int cap; | ||
71 | int ipc_id; | ||
72 | } u; | ||
73 | }; | ||
74 | |||
75 | #define v4info fam.v4 | ||
76 | #define v6info fam.v6 | ||
77 | |||
78 | /* Initialize an AVC audit data structure. */ | ||
79 | #define AVC_AUDIT_DATA_INIT(_d,_t) \ | ||
80 | { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } | ||
81 | |||
82 | /* | ||
83 | * AVC statistics | ||
84 | */ | ||
85 | struct avc_cache_stats | ||
86 | { | ||
87 | unsigned int lookups; | ||
88 | unsigned int hits; | ||
89 | unsigned int misses; | ||
90 | unsigned int allocations; | ||
91 | unsigned int reclaims; | ||
92 | unsigned int frees; | ||
93 | }; | ||
94 | |||
95 | /* | ||
96 | * AVC operations | ||
97 | */ | ||
98 | |||
99 | void __init avc_init(void); | ||
100 | |||
101 | void avc_audit(u32 ssid, u32 tsid, | ||
102 | u16 tclass, u32 requested, | ||
103 | struct av_decision *avd, int result, struct avc_audit_data *auditdata); | ||
104 | |||
105 | int avc_has_perm_noaudit(u32 ssid, u32 tsid, | ||
106 | u16 tclass, u32 requested, | ||
107 | struct av_decision *avd); | ||
108 | |||
109 | int avc_has_perm(u32 ssid, u32 tsid, | ||
110 | u16 tclass, u32 requested, | ||
111 | struct avc_audit_data *auditdata); | ||
112 | |||
113 | #define AVC_CALLBACK_GRANT 1 | ||
114 | #define AVC_CALLBACK_TRY_REVOKE 2 | ||
115 | #define AVC_CALLBACK_REVOKE 4 | ||
116 | #define AVC_CALLBACK_RESET 8 | ||
117 | #define AVC_CALLBACK_AUDITALLOW_ENABLE 16 | ||
118 | #define AVC_CALLBACK_AUDITALLOW_DISABLE 32 | ||
119 | #define AVC_CALLBACK_AUDITDENY_ENABLE 64 | ||
120 | #define AVC_CALLBACK_AUDITDENY_DISABLE 128 | ||
121 | |||
122 | int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, | ||
123 | u16 tclass, u32 perms, | ||
124 | u32 *out_retained), | ||
125 | u32 events, u32 ssid, u32 tsid, | ||
126 | u16 tclass, u32 perms); | ||
127 | |||
128 | /* Exported to selinuxfs */ | ||
129 | int avc_get_hash_stats(char *page); | ||
130 | extern unsigned int avc_cache_threshold; | ||
131 | |||
132 | #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS | ||
133 | DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats); | ||
134 | #endif | ||
135 | |||
136 | #endif /* _SELINUX_AVC_H_ */ | ||
137 | |||
diff --git a/security/selinux/include/avc_ss.h b/security/selinux/include/avc_ss.h new file mode 100644 index 000000000000..450a2831e2e3 --- /dev/null +++ b/security/selinux/include/avc_ss.h | |||
@@ -0,0 +1,14 @@ | |||
1 | /* | ||
2 | * Access vector cache interface for the security server. | ||
3 | * | ||
4 | * Author : Stephen Smalley, <sds@epoch.ncsc.mil> | ||
5 | */ | ||
6 | #ifndef _SELINUX_AVC_SS_H_ | ||
7 | #define _SELINUX_AVC_SS_H_ | ||
8 | |||
9 | #include "flask.h" | ||
10 | |||
11 | int avc_ss_reset(u32 seqno); | ||
12 | |||
13 | #endif /* _SELINUX_AVC_SS_H_ */ | ||
14 | |||
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h new file mode 100644 index 000000000000..519a77d7394a --- /dev/null +++ b/security/selinux/include/class_to_string.h | |||
@@ -0,0 +1,58 @@ | |||
1 | /* This file is automatically generated. Do not edit. */ | ||
2 | /* | ||
3 | * Security object class definitions | ||
4 | */ | ||
5 | S_("null") | ||
6 | S_("security") | ||
7 | S_("process") | ||
8 | S_("system") | ||
9 | S_("capability") | ||
10 | S_("filesystem") | ||
11 | S_("file") | ||
12 | S_("dir") | ||
13 | S_("fd") | ||
14 | S_("lnk_file") | ||
15 | S_("chr_file") | ||
16 | S_("blk_file") | ||
17 | S_("sock_file") | ||
18 | S_("fifo_file") | ||
19 | S_("socket") | ||
20 | S_("tcp_socket") | ||
21 | S_("udp_socket") | ||
22 | S_("rawip_socket") | ||
23 | S_("node") | ||
24 | S_("netif") | ||
25 | S_("netlink_socket") | ||
26 | S_("packet_socket") | ||
27 | S_("key_socket") | ||
28 | S_("unix_stream_socket") | ||
29 | S_("unix_dgram_socket") | ||
30 | S_("sem") | ||
31 | S_("msg") | ||
32 | S_("msgq") | ||
33 | S_("shm") | ||
34 | S_("ipc") | ||
35 | S_("passwd") | ||
36 | S_("drawable") | ||
37 | S_("window") | ||
38 | S_("gc") | ||
39 | S_("font") | ||
40 | S_("colormap") | ||
41 | S_("property") | ||
42 | S_("cursor") | ||
43 | S_("xclient") | ||
44 | S_("xinput") | ||
45 | S_("xserver") | ||
46 | S_("xextension") | ||
47 | S_("pax") | ||
48 | S_("netlink_route_socket") | ||
49 | S_("netlink_firewall_socket") | ||
50 | S_("netlink_tcpdiag_socket") | ||
51 | S_("netlink_nflog_socket") | ||
52 | S_("netlink_xfrm_socket") | ||
53 | S_("netlink_selinux_socket") | ||
54 | S_("netlink_audit_socket") | ||
55 | S_("netlink_ip6fw_socket") | ||
56 | S_("netlink_dnrt_socket") | ||
57 | S_("dbus") | ||
58 | S_("nscd") | ||
diff --git a/security/selinux/include/common_perm_to_string.h b/security/selinux/include/common_perm_to_string.h new file mode 100644 index 000000000000..ce5b6e2fe9dd --- /dev/null +++ b/security/selinux/include/common_perm_to_string.h | |||
@@ -0,0 +1,58 @@ | |||
1 | /* This file is automatically generated. Do not edit. */ | ||
2 | TB_(common_file_perm_to_string) | ||
3 | S_("ioctl") | ||
4 | S_("read") | ||
5 | S_("write") | ||
6 | S_("create") | ||
7 | S_("getattr") | ||
8 | S_("setattr") | ||
9 | S_("lock") | ||
10 | S_("relabelfrom") | ||
11 | S_("relabelto") | ||
12 | S_("append") | ||
13 | S_("unlink") | ||
14 | S_("link") | ||
15 | S_("rename") | ||
16 | S_("execute") | ||
17 | S_("swapon") | ||
18 | S_("quotaon") | ||
19 | S_("mounton") | ||
20 | TE_(common_file_perm_to_string) | ||
21 | |||
22 | TB_(common_socket_perm_to_string) | ||
23 | S_("ioctl") | ||
24 | S_("read") | ||
25 | S_("write") | ||
26 | S_("create") | ||
27 | S_("getattr") | ||
28 | S_("setattr") | ||
29 | S_("lock") | ||
30 | S_("relabelfrom") | ||
31 | S_("relabelto") | ||
32 | S_("append") | ||
33 | S_("bind") | ||
34 | S_("connect") | ||
35 | S_("listen") | ||
36 | S_("accept") | ||
37 | S_("getopt") | ||
38 | S_("setopt") | ||
39 | S_("shutdown") | ||
40 | S_("recvfrom") | ||
41 | S_("sendto") | ||
42 | S_("recv_msg") | ||
43 | S_("send_msg") | ||
44 | S_("name_bind") | ||
45 | TE_(common_socket_perm_to_string) | ||
46 | |||
47 | TB_(common_ipc_perm_to_string) | ||
48 | S_("create") | ||
49 | S_("destroy") | ||
50 | S_("getattr") | ||
51 | S_("setattr") | ||
52 | S_("read") | ||
53 | S_("write") | ||
54 | S_("associate") | ||
55 | S_("unix_read") | ||
56 | S_("unix_write") | ||
57 | TE_(common_ipc_perm_to_string) | ||
58 | |||
diff --git a/security/selinux/include/conditional.h b/security/selinux/include/conditional.h new file mode 100644 index 000000000000..67ce7a8d8301 --- /dev/null +++ b/security/selinux/include/conditional.h | |||
@@ -0,0 +1,22 @@ | |||
1 | /* | ||
2 | * Interface to booleans in the security server. This is exported | ||
3 | * for the selinuxfs. | ||
4 | * | ||
5 | * Author: Karl MacMillan <kmacmillan@tresys.com> | ||
6 | * | ||
7 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC | ||
8 | * This program is free software; you can redistribute it and/or modify | ||
9 | * it under the terms of the GNU General Public License as published by | ||
10 | * the Free Software Foundation, version 2. | ||
11 | */ | ||
12 | |||
13 | #ifndef _SELINUX_CONDITIONAL_H_ | ||
14 | #define _SELINUX_CONDITIONAL_H_ | ||
15 | |||
16 | int security_get_bools(int *len, char ***names, int **values); | ||
17 | |||
18 | int security_set_bools(int len, int *values); | ||
19 | |||
20 | int security_get_bool_value(int bool); | ||
21 | |||
22 | #endif | ||
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h new file mode 100644 index 000000000000..4eef1b654e92 --- /dev/null +++ b/security/selinux/include/flask.h | |||
@@ -0,0 +1,95 @@ | |||
1 | /* This file is automatically generated. Do not edit. */ | ||
2 | #ifndef _SELINUX_FLASK_H_ | ||
3 | #define _SELINUX_FLASK_H_ | ||
4 | |||
5 | /* | ||
6 | * Security object class definitions | ||
7 | */ | ||
8 | #define SECCLASS_SECURITY 1 | ||
9 | #define SECCLASS_PROCESS 2 | ||
10 | #define SECCLASS_SYSTEM 3 | ||
11 | #define SECCLASS_CAPABILITY 4 | ||
12 | #define SECCLASS_FILESYSTEM 5 | ||
13 | #define SECCLASS_FILE 6 | ||
14 | #define SECCLASS_DIR 7 | ||
15 | #define SECCLASS_FD 8 | ||
16 | #define SECCLASS_LNK_FILE 9 | ||
17 | #define SECCLASS_CHR_FILE 10 | ||
18 | #define SECCLASS_BLK_FILE 11 | ||
19 | #define SECCLASS_SOCK_FILE 12 | ||
20 | #define SECCLASS_FIFO_FILE 13 | ||
21 | #define SECCLASS_SOCKET 14 | ||
22 | #define SECCLASS_TCP_SOCKET 15 | ||
23 | #define SECCLASS_UDP_SOCKET 16 | ||
24 | #define SECCLASS_RAWIP_SOCKET 17 | ||
25 | #define SECCLASS_NODE 18 | ||
26 | #define SECCLASS_NETIF 19 | ||
27 | #define SECCLASS_NETLINK_SOCKET 20 | ||
28 | #define SECCLASS_PACKET_SOCKET 21 | ||
29 | #define SECCLASS_KEY_SOCKET 22 | ||
30 | #define SECCLASS_UNIX_STREAM_SOCKET 23 | ||
31 | #define SECCLASS_UNIX_DGRAM_SOCKET 24 | ||
32 | #define SECCLASS_SEM 25 | ||
33 | #define SECCLASS_MSG 26 | ||
34 | #define SECCLASS_MSGQ 27 | ||
35 | #define SECCLASS_SHM 28 | ||
36 | #define SECCLASS_IPC 29 | ||
37 | #define SECCLASS_PASSWD 30 | ||
38 | #define SECCLASS_DRAWABLE 31 | ||
39 | #define SECCLASS_WINDOW 32 | ||
40 | #define SECCLASS_GC 33 | ||
41 | #define SECCLASS_FONT 34 | ||
42 | #define SECCLASS_COLORMAP 35 | ||
43 | #define SECCLASS_PROPERTY 36 | ||
44 | #define SECCLASS_CURSOR 37 | ||
45 | #define SECCLASS_XCLIENT 38 | ||
46 | #define SECCLASS_XINPUT 39 | ||
47 | #define SECCLASS_XSERVER 40 | ||
48 | #define SECCLASS_XEXTENSION 41 | ||
49 | #define SECCLASS_PAX 42 | ||
50 | #define SECCLASS_NETLINK_ROUTE_SOCKET 43 | ||
51 | #define SECCLASS_NETLINK_FIREWALL_SOCKET 44 | ||
52 | #define SECCLASS_NETLINK_TCPDIAG_SOCKET 45 | ||
53 | #define SECCLASS_NETLINK_NFLOG_SOCKET 46 | ||
54 | #define SECCLASS_NETLINK_XFRM_SOCKET 47 | ||
55 | #define SECCLASS_NETLINK_SELINUX_SOCKET 48 | ||
56 | #define SECCLASS_NETLINK_AUDIT_SOCKET 49 | ||
57 | #define SECCLASS_NETLINK_IP6FW_SOCKET 50 | ||
58 | #define SECCLASS_NETLINK_DNRT_SOCKET 51 | ||
59 | #define SECCLASS_DBUS 52 | ||
60 | #define SECCLASS_NSCD 53 | ||
61 | |||
62 | /* | ||
63 | * Security identifier indices for initial entities | ||
64 | */ | ||
65 | #define SECINITSID_KERNEL 1 | ||
66 | #define SECINITSID_SECURITY 2 | ||
67 | #define SECINITSID_UNLABELED 3 | ||
68 | #define SECINITSID_FS 4 | ||
69 | #define SECINITSID_FILE 5 | ||
70 | #define SECINITSID_FILE_LABELS 6 | ||
71 | #define SECINITSID_INIT 7 | ||
72 | #define SECINITSID_ANY_SOCKET 8 | ||
73 | #define SECINITSID_PORT 9 | ||
74 | #define SECINITSID_NETIF 10 | ||
75 | #define SECINITSID_NETMSG 11 | ||
76 | #define SECINITSID_NODE 12 | ||
77 | #define SECINITSID_IGMP_PACKET 13 | ||
78 | #define SECINITSID_ICMP_SOCKET 14 | ||
79 | #define SECINITSID_TCP_SOCKET 15 | ||
80 | #define SECINITSID_SYSCTL_MODPROBE 16 | ||
81 | #define SECINITSID_SYSCTL 17 | ||
82 | #define SECINITSID_SYSCTL_FS 18 | ||
83 | #define SECINITSID_SYSCTL_KERNEL 19 | ||
84 | #define SECINITSID_SYSCTL_NET 20 | ||
85 | #define SECINITSID_SYSCTL_NET_UNIX 21 | ||
86 | #define SECINITSID_SYSCTL_VM 22 | ||
87 | #define SECINITSID_SYSCTL_DEV 23 | ||
88 | #define SECINITSID_KMOD 24 | ||
89 | #define SECINITSID_POLICY 25 | ||
90 | #define SECINITSID_SCMP_PACKET 26 | ||
91 | #define SECINITSID_DEVNULL 27 | ||
92 | |||
93 | #define SECINITSID_NUM 27 | ||
94 | |||
95 | #endif | ||
diff --git a/security/selinux/include/initial_sid_to_string.h b/security/selinux/include/initial_sid_to_string.h new file mode 100644 index 000000000000..d4fac82793ae --- /dev/null +++ b/security/selinux/include/initial_sid_to_string.h | |||
@@ -0,0 +1,33 @@ | |||
1 | /* This file is automatically generated. Do not edit. */ | ||
2 | static char *initial_sid_to_string[] = | ||
3 | { | ||
4 | "null", | ||
5 | "kernel", | ||
6 | "security", | ||
7 | "unlabeled", | ||
8 | "fs", | ||
9 | "file", | ||
10 | "file_labels", | ||
11 | "init", | ||
12 | "any_socket", | ||
13 | "port", | ||
14 | "netif", | ||
15 | "netmsg", | ||
16 | "node", | ||
17 | "igmp_packet", | ||
18 | "icmp_socket", | ||
19 | "tcp_socket", | ||
20 | "sysctl_modprobe", | ||
21 | "sysctl", | ||
22 | "sysctl_fs", | ||
23 | "sysctl_kernel", | ||
24 | "sysctl_net", | ||
25 | "sysctl_net_unix", | ||
26 | "sysctl_vm", | ||
27 | "sysctl_dev", | ||
28 | "kmod", | ||
29 | "policy", | ||
30 | "scmp_packet", | ||
31 | "devnull", | ||
32 | }; | ||
33 | |||
diff --git a/security/selinux/include/netif.h b/security/selinux/include/netif.h new file mode 100644 index 000000000000..8bd6f9992d2b --- /dev/null +++ b/security/selinux/include/netif.h | |||
@@ -0,0 +1,21 @@ | |||
1 | /* | ||
2 | * Network interface table. | ||
3 | * | ||
4 | * Network interfaces (devices) do not have a security field, so we | ||
5 | * maintain a table associating each interface with a SID. | ||
6 | * | ||
7 | * Author: James Morris <jmorris@redhat.com> | ||
8 | * | ||
9 | * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> | ||
10 | * | ||
11 | * This program is free software; you can redistribute it and/or modify | ||
12 | * it under the terms of the GNU General Public License version 2, | ||
13 | * as published by the Free Software Foundation. | ||
14 | */ | ||
15 | #ifndef _SELINUX_NETIF_H_ | ||
16 | #define _SELINUX_NETIF_H_ | ||
17 | |||
18 | int sel_netif_sids(struct net_device *dev, u32 *if_sid, u32 *msg_sid); | ||
19 | |||
20 | #endif /* _SELINUX_NETIF_H_ */ | ||
21 | |||
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h new file mode 100644 index 000000000000..887937c8134a --- /dev/null +++ b/security/selinux/include/objsec.h | |||
@@ -0,0 +1,112 @@ | |||
1 | /* | ||
2 | * NSA Security-Enhanced Linux (SELinux) security module | ||
3 | * | ||
4 | * This file contains the SELinux security data structures for kernel objects. | ||
5 | * | ||
6 | * Author(s): Stephen Smalley, <sds@epoch.ncsc.mil> | ||
7 | * Chris Vance, <cvance@nai.com> | ||
8 | * Wayne Salamon, <wsalamon@nai.com> | ||
9 | * James Morris <jmorris@redhat.com> | ||
10 | * | ||
11 | * Copyright (C) 2001,2002 Networks Associates Technology, Inc. | ||
12 | * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> | ||
13 | * | ||
14 | * This program is free software; you can redistribute it and/or modify | ||
15 | * it under the terms of the GNU General Public License version 2, | ||
16 | * as published by the Free Software Foundation. | ||
17 | */ | ||
18 | #ifndef _SELINUX_OBJSEC_H_ | ||
19 | #define _SELINUX_OBJSEC_H_ | ||
20 | |||
21 | #include <linux/list.h> | ||
22 | #include <linux/sched.h> | ||
23 | #include <linux/fs.h> | ||
24 | #include <linux/binfmts.h> | ||
25 | #include <linux/in.h> | ||
26 | #include "flask.h" | ||
27 | #include "avc.h" | ||
28 | |||
29 | struct task_security_struct { | ||
30 | unsigned long magic; /* magic number for this module */ | ||
31 | struct task_struct *task; /* back pointer to task object */ | ||
32 | u32 osid; /* SID prior to last execve */ | ||
33 | u32 sid; /* current SID */ | ||
34 | u32 exec_sid; /* exec SID */ | ||
35 | u32 create_sid; /* fscreate SID */ | ||
36 | u32 ptrace_sid; /* SID of ptrace parent */ | ||
37 | }; | ||
38 | |||
39 | struct inode_security_struct { | ||
40 | unsigned long magic; /* magic number for this module */ | ||
41 | struct inode *inode; /* back pointer to inode object */ | ||
42 | struct list_head list; /* list of inode_security_struct */ | ||
43 | u32 task_sid; /* SID of creating task */ | ||
44 | u32 sid; /* SID of this object */ | ||
45 | u16 sclass; /* security class of this object */ | ||
46 | unsigned char initialized; /* initialization flag */ | ||
47 | struct semaphore sem; | ||
48 | unsigned char inherit; /* inherit SID from parent entry */ | ||
49 | }; | ||
50 | |||
51 | struct file_security_struct { | ||
52 | unsigned long magic; /* magic number for this module */ | ||
53 | struct file *file; /* back pointer to file object */ | ||
54 | u32 sid; /* SID of open file description */ | ||
55 | u32 fown_sid; /* SID of file owner (for SIGIO) */ | ||
56 | }; | ||
57 | |||
58 | struct superblock_security_struct { | ||
59 | unsigned long magic; /* magic number for this module */ | ||
60 | struct super_block *sb; /* back pointer to sb object */ | ||
61 | struct list_head list; /* list of superblock_security_struct */ | ||
62 | u32 sid; /* SID of file system */ | ||
63 | u32 def_sid; /* default SID for labeling */ | ||
64 | unsigned int behavior; /* labeling behavior */ | ||
65 | unsigned char initialized; /* initialization flag */ | ||
66 | unsigned char proc; /* proc fs */ | ||
67 | struct semaphore sem; | ||
68 | struct list_head isec_head; | ||
69 | spinlock_t isec_lock; | ||
70 | }; | ||
71 | |||
72 | struct msg_security_struct { | ||
73 | unsigned long magic; /* magic number for this module */ | ||
74 | struct msg_msg *msg; /* back pointer */ | ||
75 | u32 sid; /* SID of message */ | ||
76 | }; | ||
77 | |||
78 | struct ipc_security_struct { | ||
79 | unsigned long magic; /* magic number for this module */ | ||
80 | struct kern_ipc_perm *ipc_perm; /* back pointer */ | ||
81 | u16 sclass; /* security class of this object */ | ||
82 | u32 sid; /* SID of IPC resource */ | ||
83 | }; | ||
84 | |||
85 | struct bprm_security_struct { | ||
86 | unsigned long magic; /* magic number for this module */ | ||
87 | struct linux_binprm *bprm; /* back pointer to bprm object */ | ||
88 | u32 sid; /* SID for transformed process */ | ||
89 | unsigned char set; | ||
90 | |||
91 | /* | ||
92 | * unsafe is used to share failure information from bprm_apply_creds() | ||
93 | * to bprm_post_apply_creds(). | ||
94 | */ | ||
95 | char unsafe; | ||
96 | }; | ||
97 | |||
98 | struct netif_security_struct { | ||
99 | struct net_device *dev; /* back pointer */ | ||
100 | u32 if_sid; /* SID for this interface */ | ||
101 | u32 msg_sid; /* default SID for messages received on this interface */ | ||
102 | }; | ||
103 | |||
104 | struct sk_security_struct { | ||
105 | unsigned long magic; /* magic number for this module */ | ||
106 | struct sock *sk; /* back pointer to sk object */ | ||
107 | u32 peer_sid; /* SID of peer */ | ||
108 | }; | ||
109 | |||
110 | extern unsigned int selinux_checkreqprot; | ||
111 | |||
112 | #endif /* _SELINUX_OBJSEC_H_ */ | ||
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h new file mode 100644 index 000000000000..fa187c9a351d --- /dev/null +++ b/security/selinux/include/security.h | |||
@@ -0,0 +1,97 @@ | |||
1 | /* | ||
2 | * Security server interface. | ||
3 | * | ||
4 | * Author : Stephen Smalley, <sds@epoch.ncsc.mil> | ||
5 | * | ||
6 | */ | ||
7 | |||
8 | #ifndef _SELINUX_SECURITY_H_ | ||
9 | #define _SELINUX_SECURITY_H_ | ||
10 | |||
11 | #include "flask.h" | ||
12 | |||
13 | #define SECSID_NULL 0x00000000 /* unspecified SID */ | ||
14 | #define SECSID_WILD 0xffffffff /* wildcard SID */ | ||
15 | #define SECCLASS_NULL 0x0000 /* no class */ | ||
16 | |||
17 | #define SELINUX_MAGIC 0xf97cff8c | ||
18 | |||
19 | /* Identify specific policy version changes */ | ||
20 | #define POLICYDB_VERSION_BASE 15 | ||
21 | #define POLICYDB_VERSION_BOOL 16 | ||
22 | #define POLICYDB_VERSION_IPV6 17 | ||
23 | #define POLICYDB_VERSION_NLCLASS 18 | ||
24 | #define POLICYDB_VERSION_VALIDATETRANS 19 | ||
25 | #define POLICYDB_VERSION_MLS 19 | ||
26 | |||
27 | /* Range of policy versions we understand*/ | ||
28 | #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE | ||
29 | #define POLICYDB_VERSION_MAX POLICYDB_VERSION_MLS | ||
30 | |||
31 | #ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM | ||
32 | extern int selinux_enabled; | ||
33 | #else | ||
34 | #define selinux_enabled 1 | ||
35 | #endif | ||
36 | |||
37 | extern int selinux_mls_enabled; | ||
38 | |||
39 | int security_load_policy(void * data, size_t len); | ||
40 | |||
41 | struct av_decision { | ||
42 | u32 allowed; | ||
43 | u32 decided; | ||
44 | u32 auditallow; | ||
45 | u32 auditdeny; | ||
46 | u32 seqno; | ||
47 | }; | ||
48 | |||
49 | int security_compute_av(u32 ssid, u32 tsid, | ||
50 | u16 tclass, u32 requested, | ||
51 | struct av_decision *avd); | ||
52 | |||
53 | int security_transition_sid(u32 ssid, u32 tsid, | ||
54 | u16 tclass, u32 *out_sid); | ||
55 | |||
56 | int security_member_sid(u32 ssid, u32 tsid, | ||
57 | u16 tclass, u32 *out_sid); | ||
58 | |||
59 | int security_change_sid(u32 ssid, u32 tsid, | ||
60 | u16 tclass, u32 *out_sid); | ||
61 | |||
62 | int security_sid_to_context(u32 sid, char **scontext, | ||
63 | u32 *scontext_len); | ||
64 | |||
65 | int security_context_to_sid(char *scontext, u32 scontext_len, | ||
66 | u32 *out_sid); | ||
67 | |||
68 | int security_get_user_sids(u32 callsid, char *username, | ||
69 | u32 **sids, u32 *nel); | ||
70 | |||
71 | int security_port_sid(u16 domain, u16 type, u8 protocol, u16 port, | ||
72 | u32 *out_sid); | ||
73 | |||
74 | int security_netif_sid(char *name, u32 *if_sid, | ||
75 | u32 *msg_sid); | ||
76 | |||
77 | int security_node_sid(u16 domain, void *addr, u32 addrlen, | ||
78 | u32 *out_sid); | ||
79 | |||
80 | int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, | ||
81 | u16 tclass); | ||
82 | |||
83 | #define SECURITY_FS_USE_XATTR 1 /* use xattr */ | ||
84 | #define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ | ||
85 | #define SECURITY_FS_USE_TASK 3 /* use task SIDs, e.g. pipefs/sockfs */ | ||
86 | #define SECURITY_FS_USE_GENFS 4 /* use the genfs support */ | ||
87 | #define SECURITY_FS_USE_NONE 5 /* no labeling support */ | ||
88 | #define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */ | ||
89 | |||
90 | int security_fs_use(const char *fstype, unsigned int *behavior, | ||
91 | u32 *sid); | ||
92 | |||
93 | int security_genfs_sid(const char *fstype, char *name, u16 sclass, | ||
94 | u32 *sid); | ||
95 | |||
96 | #endif /* _SELINUX_SECURITY_H_ */ | ||
97 | |||