aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/include
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/include')
-rw-r--r--security/selinux/include/av_inherit.h30
-rw-r--r--security/selinux/include/av_perm_to_string.h232
-rw-r--r--security/selinux/include/av_permissions.h902
-rw-r--r--security/selinux/include/avc.h137
-rw-r--r--security/selinux/include/avc_ss.h14
-rw-r--r--security/selinux/include/class_to_string.h58
-rw-r--r--security/selinux/include/common_perm_to_string.h58
-rw-r--r--security/selinux/include/conditional.h22
-rw-r--r--security/selinux/include/flask.h95
-rw-r--r--security/selinux/include/initial_sid_to_string.h33
-rw-r--r--security/selinux/include/netif.h21
-rw-r--r--security/selinux/include/objsec.h112
-rw-r--r--security/selinux/include/security.h97
13 files changed, 1811 insertions, 0 deletions
diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h
new file mode 100644
index 000000000000..9facb27822a1
--- /dev/null
+++ b/security/selinux/include/av_inherit.h
@@ -0,0 +1,30 @@
1/* This file is automatically generated. Do not edit. */
2 S_(SECCLASS_DIR, file, 0x00020000UL)
3 S_(SECCLASS_FILE, file, 0x00020000UL)
4 S_(SECCLASS_LNK_FILE, file, 0x00020000UL)
5 S_(SECCLASS_CHR_FILE, file, 0x00020000UL)
6 S_(SECCLASS_BLK_FILE, file, 0x00020000UL)
7 S_(SECCLASS_SOCK_FILE, file, 0x00020000UL)
8 S_(SECCLASS_FIFO_FILE, file, 0x00020000UL)
9 S_(SECCLASS_SOCKET, socket, 0x00400000UL)
10 S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL)
11 S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL)
12 S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL)
13 S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL)
14 S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL)
15 S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL)
16 S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL)
17 S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL)
18 S_(SECCLASS_IPC, ipc, 0x00000200UL)
19 S_(SECCLASS_SEM, ipc, 0x00000200UL)
20 S_(SECCLASS_MSGQ, ipc, 0x00000200UL)
21 S_(SECCLASS_SHM, ipc, 0x00000200UL)
22 S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL)
23 S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL)
24 S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL)
25 S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL)
26 S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL)
27 S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL)
28 S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL)
29 S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL)
30 S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL)
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
new file mode 100644
index 000000000000..903e8b3cc2e9
--- /dev/null
+++ b/security/selinux/include/av_perm_to_string.h
@@ -0,0 +1,232 @@
1/* This file is automatically generated. Do not edit. */
2 S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount")
3 S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount")
4 S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount")
5 S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr")
6 S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom")
7 S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto")
8 S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition")
9 S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate")
10 S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod")
11 S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget")
12 S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name")
13 S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name")
14 S_(SECCLASS_DIR, DIR__REPARENT, "reparent")
15 S_(SECCLASS_DIR, DIR__SEARCH, "search")
16 S_(SECCLASS_DIR, DIR__RMDIR, "rmdir")
17 S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans")
18 S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint")
19 S_(SECCLASS_FILE, FILE__EXECMOD, "execmod")
20 S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans")
21 S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint")
22 S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod")
23 S_(SECCLASS_FD, FD__USE, "use")
24 S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
25 S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn")
26 S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom")
27 S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind")
28 S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect")
29 S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind")
30 S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind")
31 S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv")
32 S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send")
33 S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv")
34 S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send")
35 S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv")
36 S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send")
37 S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest")
38 S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv")
39 S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send")
40 S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv")
41 S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send")
42 S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv")
43 S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send")
44 S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto")
45 S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn")
46 S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom")
47 S_(SECCLASS_PROCESS, PROCESS__FORK, "fork")
48 S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition")
49 S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld")
50 S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill")
51 S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop")
52 S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull")
53 S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal")
54 S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace")
55 S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched")
56 S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched")
57 S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession")
58 S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid")
59 S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid")
60 S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap")
61 S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap")
62 S_(SECCLASS_PROCESS, PROCESS__SHARE, "share")
63 S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr")
64 S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec")
65 S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate")
66 S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure")
67 S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh")
68 S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit")
69 S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh")
70 S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition")
71 S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
72 S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
73 S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
74 S_(SECCLASS_MSG, MSG__SEND, "send")
75 S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
76 S_(SECCLASS_SHM, SHM__LOCK, "lock")
77 S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
78 S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
79 S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
80 S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context")
81 S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy")
82 S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel")
83 S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user")
84 S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce")
85 S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool")
86 S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam")
87 S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot")
88 S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info")
89 S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read")
90 S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod")
91 S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console")
92 S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown")
93 S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override")
94 S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search")
95 S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner")
96 S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid")
97 S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill")
98 S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid")
99 S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid")
100 S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap")
101 S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable")
102 S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service")
103 S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast")
104 S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin")
105 S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw")
106 S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock")
107 S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner")
108 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module")
109 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio")
110 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot")
111 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace")
112 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct")
113 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin")
114 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot")
115 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice")
116 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource")
117 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time")
118 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config")
119 S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod")
120 S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
121 S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
122 S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
123 S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
124 S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok")
125 S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab")
126 S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create")
127 S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy")
128 S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw")
129 S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy")
130 S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr")
131 S_(SECCLASS_GC, GC__CREATE, "create")
132 S_(SECCLASS_GC, GC__FREE, "free")
133 S_(SECCLASS_GC, GC__GETATTR, "getattr")
134 S_(SECCLASS_GC, GC__SETATTR, "setattr")
135 S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild")
136 S_(SECCLASS_WINDOW, WINDOW__CREATE, "create")
137 S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy")
138 S_(SECCLASS_WINDOW, WINDOW__MAP, "map")
139 S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap")
140 S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack")
141 S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist")
142 S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop")
143 S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop")
144 S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr")
145 S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr")
146 S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus")
147 S_(SECCLASS_WINDOW, WINDOW__MOVE, "move")
148 S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection")
149 S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent")
150 S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife")
151 S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate")
152 S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent")
153 S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion")
154 S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent")
155 S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent")
156 S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent")
157 S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent")
158 S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest")
159 S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent")
160 S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent")
161 S_(SECCLASS_FONT, FONT__LOAD, "load")
162 S_(SECCLASS_FONT, FONT__FREE, "free")
163 S_(SECCLASS_FONT, FONT__GETATTR, "getattr")
164 S_(SECCLASS_FONT, FONT__USE, "use")
165 S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create")
166 S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free")
167 S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install")
168 S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall")
169 S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list")
170 S_(SECCLASS_COLORMAP, COLORMAP__READ, "read")
171 S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store")
172 S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr")
173 S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr")
174 S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create")
175 S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free")
176 S_(SECCLASS_PROPERTY, PROPERTY__READ, "read")
177 S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write")
178 S_(SECCLASS_CURSOR, CURSOR__CREATE, "create")
179 S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph")
180 S_(SECCLASS_CURSOR, CURSOR__FREE, "free")
181 S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign")
182 S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr")
183 S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill")
184 S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup")
185 S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr")
186 S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr")
187 S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus")
188 S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer")
189 S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab")
190 S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab")
191 S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab")
192 S_(SECCLASS_XINPUT, XINPUT__BELL, "bell")
193 S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion")
194 S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput")
195 S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver")
196 S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist")
197 S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist")
198 S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath")
199 S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath")
200 S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr")
201 S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab")
202 S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab")
203 S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query")
204 S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use")
205 S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec")
206 S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp")
207 S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect")
208 S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap")
209 S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec")
210 S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec")
211 S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
212 S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
213 S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
214 S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write")
215 S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read")
216 S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write")
217 S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read")
218 S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write")
219 S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read")
220 S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write")
221 S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
222 S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
223 S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")
224 S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg")
225 S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd")
226 S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp")
227 S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost")
228 S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat")
229 S_(SECCLASS_NSCD, NSCD__ADMIN, "admin")
230 S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")
231 S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")
232 S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
new file mode 100644
index 000000000000..b0a12ac8f7ee
--- /dev/null
+++ b/security/selinux/include/av_permissions.h
@@ -0,0 +1,902 @@
1/* This file is automatically generated. Do not edit. */
2#define COMMON_FILE__IOCTL 0x00000001UL
3#define COMMON_FILE__READ 0x00000002UL
4#define COMMON_FILE__WRITE 0x00000004UL
5#define COMMON_FILE__CREATE 0x00000008UL
6#define COMMON_FILE__GETATTR 0x00000010UL
7#define COMMON_FILE__SETATTR 0x00000020UL
8#define COMMON_FILE__LOCK 0x00000040UL
9#define COMMON_FILE__RELABELFROM 0x00000080UL
10#define COMMON_FILE__RELABELTO 0x00000100UL
11#define COMMON_FILE__APPEND 0x00000200UL
12#define COMMON_FILE__UNLINK 0x00000400UL
13#define COMMON_FILE__LINK 0x00000800UL
14#define COMMON_FILE__RENAME 0x00001000UL
15#define COMMON_FILE__EXECUTE 0x00002000UL
16#define COMMON_FILE__SWAPON 0x00004000UL
17#define COMMON_FILE__QUOTAON 0x00008000UL
18#define COMMON_FILE__MOUNTON 0x00010000UL
19
20#define COMMON_SOCKET__IOCTL 0x00000001UL
21#define COMMON_SOCKET__READ 0x00000002UL
22#define COMMON_SOCKET__WRITE 0x00000004UL
23#define COMMON_SOCKET__CREATE 0x00000008UL
24#define COMMON_SOCKET__GETATTR 0x00000010UL
25#define COMMON_SOCKET__SETATTR 0x00000020UL
26#define COMMON_SOCKET__LOCK 0x00000040UL
27#define COMMON_SOCKET__RELABELFROM 0x00000080UL
28#define COMMON_SOCKET__RELABELTO 0x00000100UL
29#define COMMON_SOCKET__APPEND 0x00000200UL
30#define COMMON_SOCKET__BIND 0x00000400UL
31#define COMMON_SOCKET__CONNECT 0x00000800UL
32#define COMMON_SOCKET__LISTEN 0x00001000UL
33#define COMMON_SOCKET__ACCEPT 0x00002000UL
34#define COMMON_SOCKET__GETOPT 0x00004000UL
35#define COMMON_SOCKET__SETOPT 0x00008000UL
36#define COMMON_SOCKET__SHUTDOWN 0x00010000UL
37#define COMMON_SOCKET__RECVFROM 0x00020000UL
38#define COMMON_SOCKET__SENDTO 0x00040000UL
39#define COMMON_SOCKET__RECV_MSG 0x00080000UL
40#define COMMON_SOCKET__SEND_MSG 0x00100000UL
41#define COMMON_SOCKET__NAME_BIND 0x00200000UL
42
43#define COMMON_IPC__CREATE 0x00000001UL
44#define COMMON_IPC__DESTROY 0x00000002UL
45#define COMMON_IPC__GETATTR 0x00000004UL
46#define COMMON_IPC__SETATTR 0x00000008UL
47#define COMMON_IPC__READ 0x00000010UL
48#define COMMON_IPC__WRITE 0x00000020UL
49#define COMMON_IPC__ASSOCIATE 0x00000040UL
50#define COMMON_IPC__UNIX_READ 0x00000080UL
51#define COMMON_IPC__UNIX_WRITE 0x00000100UL
52
53#define FILESYSTEM__MOUNT 0x00000001UL
54#define FILESYSTEM__REMOUNT 0x00000002UL
55#define FILESYSTEM__UNMOUNT 0x00000004UL
56#define FILESYSTEM__GETATTR 0x00000008UL
57#define FILESYSTEM__RELABELFROM 0x00000010UL
58#define FILESYSTEM__RELABELTO 0x00000020UL
59#define FILESYSTEM__TRANSITION 0x00000040UL
60#define FILESYSTEM__ASSOCIATE 0x00000080UL
61#define FILESYSTEM__QUOTAMOD 0x00000100UL
62#define FILESYSTEM__QUOTAGET 0x00000200UL
63
64#define DIR__IOCTL 0x00000001UL
65#define DIR__READ 0x00000002UL
66#define DIR__WRITE 0x00000004UL
67#define DIR__CREATE 0x00000008UL
68#define DIR__GETATTR 0x00000010UL
69#define DIR__SETATTR 0x00000020UL
70#define DIR__LOCK 0x00000040UL
71#define DIR__RELABELFROM 0x00000080UL
72#define DIR__RELABELTO 0x00000100UL
73#define DIR__APPEND 0x00000200UL
74#define DIR__UNLINK 0x00000400UL
75#define DIR__LINK 0x00000800UL
76#define DIR__RENAME 0x00001000UL
77#define DIR__EXECUTE 0x00002000UL
78#define DIR__SWAPON 0x00004000UL
79#define DIR__QUOTAON 0x00008000UL
80#define DIR__MOUNTON 0x00010000UL
81
82#define DIR__ADD_NAME 0x00020000UL
83#define DIR__REMOVE_NAME 0x00040000UL
84#define DIR__REPARENT 0x00080000UL
85#define DIR__SEARCH 0x00100000UL
86#define DIR__RMDIR 0x00200000UL
87
88#define FILE__IOCTL 0x00000001UL
89#define FILE__READ 0x00000002UL
90#define FILE__WRITE 0x00000004UL
91#define FILE__CREATE 0x00000008UL
92#define FILE__GETATTR 0x00000010UL
93#define FILE__SETATTR 0x00000020UL
94#define FILE__LOCK 0x00000040UL
95#define FILE__RELABELFROM 0x00000080UL
96#define FILE__RELABELTO 0x00000100UL
97#define FILE__APPEND 0x00000200UL
98#define FILE__UNLINK 0x00000400UL
99#define FILE__LINK 0x00000800UL
100#define FILE__RENAME 0x00001000UL
101#define FILE__EXECUTE 0x00002000UL
102#define FILE__SWAPON 0x00004000UL
103#define FILE__QUOTAON 0x00008000UL
104#define FILE__MOUNTON 0x00010000UL
105
106#define FILE__EXECUTE_NO_TRANS 0x00020000UL
107#define FILE__ENTRYPOINT 0x00040000UL
108#define FILE__EXECMOD 0x00080000UL
109
110#define LNK_FILE__IOCTL 0x00000001UL
111#define LNK_FILE__READ 0x00000002UL
112#define LNK_FILE__WRITE 0x00000004UL
113#define LNK_FILE__CREATE 0x00000008UL
114#define LNK_FILE__GETATTR 0x00000010UL
115#define LNK_FILE__SETATTR 0x00000020UL
116#define LNK_FILE__LOCK 0x00000040UL
117#define LNK_FILE__RELABELFROM 0x00000080UL
118#define LNK_FILE__RELABELTO 0x00000100UL
119#define LNK_FILE__APPEND 0x00000200UL
120#define LNK_FILE__UNLINK 0x00000400UL
121#define LNK_FILE__LINK 0x00000800UL
122#define LNK_FILE__RENAME 0x00001000UL
123#define LNK_FILE__EXECUTE 0x00002000UL
124#define LNK_FILE__SWAPON 0x00004000UL
125#define LNK_FILE__QUOTAON 0x00008000UL
126#define LNK_FILE__MOUNTON 0x00010000UL
127
128#define CHR_FILE__IOCTL 0x00000001UL
129#define CHR_FILE__READ 0x00000002UL
130#define CHR_FILE__WRITE 0x00000004UL
131#define CHR_FILE__CREATE 0x00000008UL
132#define CHR_FILE__GETATTR 0x00000010UL
133#define CHR_FILE__SETATTR 0x00000020UL
134#define CHR_FILE__LOCK 0x00000040UL
135#define CHR_FILE__RELABELFROM 0x00000080UL
136#define CHR_FILE__RELABELTO 0x00000100UL
137#define CHR_FILE__APPEND 0x00000200UL
138#define CHR_FILE__UNLINK 0x00000400UL
139#define CHR_FILE__LINK 0x00000800UL
140#define CHR_FILE__RENAME 0x00001000UL
141#define CHR_FILE__EXECUTE 0x00002000UL
142#define CHR_FILE__SWAPON 0x00004000UL
143#define CHR_FILE__QUOTAON 0x00008000UL
144#define CHR_FILE__MOUNTON 0x00010000UL
145
146#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
147#define CHR_FILE__ENTRYPOINT 0x00040000UL
148#define CHR_FILE__EXECMOD 0x00080000UL
149
150#define BLK_FILE__IOCTL 0x00000001UL
151#define BLK_FILE__READ 0x00000002UL
152#define BLK_FILE__WRITE 0x00000004UL
153#define BLK_FILE__CREATE 0x00000008UL
154#define BLK_FILE__GETATTR 0x00000010UL
155#define BLK_FILE__SETATTR 0x00000020UL
156#define BLK_FILE__LOCK 0x00000040UL
157#define BLK_FILE__RELABELFROM 0x00000080UL
158#define BLK_FILE__RELABELTO 0x00000100UL
159#define BLK_FILE__APPEND 0x00000200UL
160#define BLK_FILE__UNLINK 0x00000400UL
161#define BLK_FILE__LINK 0x00000800UL
162#define BLK_FILE__RENAME 0x00001000UL
163#define BLK_FILE__EXECUTE 0x00002000UL
164#define BLK_FILE__SWAPON 0x00004000UL
165#define BLK_FILE__QUOTAON 0x00008000UL
166#define BLK_FILE__MOUNTON 0x00010000UL
167
168#define SOCK_FILE__IOCTL 0x00000001UL
169#define SOCK_FILE__READ 0x00000002UL
170#define SOCK_FILE__WRITE 0x00000004UL
171#define SOCK_FILE__CREATE 0x00000008UL
172#define SOCK_FILE__GETATTR 0x00000010UL
173#define SOCK_FILE__SETATTR 0x00000020UL
174#define SOCK_FILE__LOCK 0x00000040UL
175#define SOCK_FILE__RELABELFROM 0x00000080UL
176#define SOCK_FILE__RELABELTO 0x00000100UL
177#define SOCK_FILE__APPEND 0x00000200UL
178#define SOCK_FILE__UNLINK 0x00000400UL
179#define SOCK_FILE__LINK 0x00000800UL
180#define SOCK_FILE__RENAME 0x00001000UL
181#define SOCK_FILE__EXECUTE 0x00002000UL
182#define SOCK_FILE__SWAPON 0x00004000UL
183#define SOCK_FILE__QUOTAON 0x00008000UL
184#define SOCK_FILE__MOUNTON 0x00010000UL
185
186#define FIFO_FILE__IOCTL 0x00000001UL
187#define FIFO_FILE__READ 0x00000002UL
188#define FIFO_FILE__WRITE 0x00000004UL
189#define FIFO_FILE__CREATE 0x00000008UL
190#define FIFO_FILE__GETATTR 0x00000010UL
191#define FIFO_FILE__SETATTR 0x00000020UL
192#define FIFO_FILE__LOCK 0x00000040UL
193#define FIFO_FILE__RELABELFROM 0x00000080UL
194#define FIFO_FILE__RELABELTO 0x00000100UL
195#define FIFO_FILE__APPEND 0x00000200UL
196#define FIFO_FILE__UNLINK 0x00000400UL
197#define FIFO_FILE__LINK 0x00000800UL
198#define FIFO_FILE__RENAME 0x00001000UL
199#define FIFO_FILE__EXECUTE 0x00002000UL
200#define FIFO_FILE__SWAPON 0x00004000UL
201#define FIFO_FILE__QUOTAON 0x00008000UL
202#define FIFO_FILE__MOUNTON 0x00010000UL
203
204#define FD__USE 0x00000001UL
205
206#define SOCKET__IOCTL 0x00000001UL
207#define SOCKET__READ 0x00000002UL
208#define SOCKET__WRITE 0x00000004UL
209#define SOCKET__CREATE 0x00000008UL
210#define SOCKET__GETATTR 0x00000010UL
211#define SOCKET__SETATTR 0x00000020UL
212#define SOCKET__LOCK 0x00000040UL
213#define SOCKET__RELABELFROM 0x00000080UL
214#define SOCKET__RELABELTO 0x00000100UL
215#define SOCKET__APPEND 0x00000200UL
216#define SOCKET__BIND 0x00000400UL
217#define SOCKET__CONNECT 0x00000800UL
218#define SOCKET__LISTEN 0x00001000UL
219#define SOCKET__ACCEPT 0x00002000UL
220#define SOCKET__GETOPT 0x00004000UL
221#define SOCKET__SETOPT 0x00008000UL
222#define SOCKET__SHUTDOWN 0x00010000UL
223#define SOCKET__RECVFROM 0x00020000UL
224#define SOCKET__SENDTO 0x00040000UL
225#define SOCKET__RECV_MSG 0x00080000UL
226#define SOCKET__SEND_MSG 0x00100000UL
227#define SOCKET__NAME_BIND 0x00200000UL
228
229#define TCP_SOCKET__IOCTL 0x00000001UL
230#define TCP_SOCKET__READ 0x00000002UL
231#define TCP_SOCKET__WRITE 0x00000004UL
232#define TCP_SOCKET__CREATE 0x00000008UL
233#define TCP_SOCKET__GETATTR 0x00000010UL
234#define TCP_SOCKET__SETATTR 0x00000020UL
235#define TCP_SOCKET__LOCK 0x00000040UL
236#define TCP_SOCKET__RELABELFROM 0x00000080UL
237#define TCP_SOCKET__RELABELTO 0x00000100UL
238#define TCP_SOCKET__APPEND 0x00000200UL
239#define TCP_SOCKET__BIND 0x00000400UL
240#define TCP_SOCKET__CONNECT 0x00000800UL
241#define TCP_SOCKET__LISTEN 0x00001000UL
242#define TCP_SOCKET__ACCEPT 0x00002000UL
243#define TCP_SOCKET__GETOPT 0x00004000UL
244#define TCP_SOCKET__SETOPT 0x00008000UL
245#define TCP_SOCKET__SHUTDOWN 0x00010000UL
246#define TCP_SOCKET__RECVFROM 0x00020000UL
247#define TCP_SOCKET__SENDTO 0x00040000UL
248#define TCP_SOCKET__RECV_MSG 0x00080000UL
249#define TCP_SOCKET__SEND_MSG 0x00100000UL
250#define TCP_SOCKET__NAME_BIND 0x00200000UL
251
252#define TCP_SOCKET__CONNECTTO 0x00400000UL
253#define TCP_SOCKET__NEWCONN 0x00800000UL
254#define TCP_SOCKET__ACCEPTFROM 0x01000000UL
255#define TCP_SOCKET__NODE_BIND 0x02000000UL
256#define TCP_SOCKET__NAME_CONNECT 0x04000000UL
257
258#define UDP_SOCKET__IOCTL 0x00000001UL
259#define UDP_SOCKET__READ 0x00000002UL
260#define UDP_SOCKET__WRITE 0x00000004UL
261#define UDP_SOCKET__CREATE 0x00000008UL
262#define UDP_SOCKET__GETATTR 0x00000010UL
263#define UDP_SOCKET__SETATTR 0x00000020UL
264#define UDP_SOCKET__LOCK 0x00000040UL
265#define UDP_SOCKET__RELABELFROM 0x00000080UL
266#define UDP_SOCKET__RELABELTO 0x00000100UL
267#define UDP_SOCKET__APPEND 0x00000200UL
268#define UDP_SOCKET__BIND 0x00000400UL
269#define UDP_SOCKET__CONNECT 0x00000800UL
270#define UDP_SOCKET__LISTEN 0x00001000UL
271#define UDP_SOCKET__ACCEPT 0x00002000UL
272#define UDP_SOCKET__GETOPT 0x00004000UL
273#define UDP_SOCKET__SETOPT 0x00008000UL
274#define UDP_SOCKET__SHUTDOWN 0x00010000UL
275#define UDP_SOCKET__RECVFROM 0x00020000UL
276#define UDP_SOCKET__SENDTO 0x00040000UL
277#define UDP_SOCKET__RECV_MSG 0x00080000UL
278#define UDP_SOCKET__SEND_MSG 0x00100000UL
279#define UDP_SOCKET__NAME_BIND 0x00200000UL
280
281#define UDP_SOCKET__NODE_BIND 0x00400000UL
282
283#define RAWIP_SOCKET__IOCTL 0x00000001UL
284#define RAWIP_SOCKET__READ 0x00000002UL
285#define RAWIP_SOCKET__WRITE 0x00000004UL
286#define RAWIP_SOCKET__CREATE 0x00000008UL
287#define RAWIP_SOCKET__GETATTR 0x00000010UL
288#define RAWIP_SOCKET__SETATTR 0x00000020UL
289#define RAWIP_SOCKET__LOCK 0x00000040UL
290#define RAWIP_SOCKET__RELABELFROM 0x00000080UL
291#define RAWIP_SOCKET__RELABELTO 0x00000100UL
292#define RAWIP_SOCKET__APPEND 0x00000200UL
293#define RAWIP_SOCKET__BIND 0x00000400UL
294#define RAWIP_SOCKET__CONNECT 0x00000800UL
295#define RAWIP_SOCKET__LISTEN 0x00001000UL
296#define RAWIP_SOCKET__ACCEPT 0x00002000UL
297#define RAWIP_SOCKET__GETOPT 0x00004000UL
298#define RAWIP_SOCKET__SETOPT 0x00008000UL
299#define RAWIP_SOCKET__SHUTDOWN 0x00010000UL
300#define RAWIP_SOCKET__RECVFROM 0x00020000UL
301#define RAWIP_SOCKET__SENDTO 0x00040000UL
302#define RAWIP_SOCKET__RECV_MSG 0x00080000UL
303#define RAWIP_SOCKET__SEND_MSG 0x00100000UL
304#define RAWIP_SOCKET__NAME_BIND 0x00200000UL
305
306#define RAWIP_SOCKET__NODE_BIND 0x00400000UL
307
308#define NODE__TCP_RECV 0x00000001UL
309#define NODE__TCP_SEND 0x00000002UL
310#define NODE__UDP_RECV 0x00000004UL
311#define NODE__UDP_SEND 0x00000008UL
312#define NODE__RAWIP_RECV 0x00000010UL
313#define NODE__RAWIP_SEND 0x00000020UL
314#define NODE__ENFORCE_DEST 0x00000040UL
315
316#define NETIF__TCP_RECV 0x00000001UL
317#define NETIF__TCP_SEND 0x00000002UL
318#define NETIF__UDP_RECV 0x00000004UL
319#define NETIF__UDP_SEND 0x00000008UL
320#define NETIF__RAWIP_RECV 0x00000010UL
321#define NETIF__RAWIP_SEND 0x00000020UL
322
323#define NETLINK_SOCKET__IOCTL 0x00000001UL
324#define NETLINK_SOCKET__READ 0x00000002UL
325#define NETLINK_SOCKET__WRITE 0x00000004UL
326#define NETLINK_SOCKET__CREATE 0x00000008UL
327#define NETLINK_SOCKET__GETATTR 0x00000010UL
328#define NETLINK_SOCKET__SETATTR 0x00000020UL
329#define NETLINK_SOCKET__LOCK 0x00000040UL
330#define NETLINK_SOCKET__RELABELFROM 0x00000080UL
331#define NETLINK_SOCKET__RELABELTO 0x00000100UL
332#define NETLINK_SOCKET__APPEND 0x00000200UL
333#define NETLINK_SOCKET__BIND 0x00000400UL
334#define NETLINK_SOCKET__CONNECT 0x00000800UL
335#define NETLINK_SOCKET__LISTEN 0x00001000UL
336#define NETLINK_SOCKET__ACCEPT 0x00002000UL
337#define NETLINK_SOCKET__GETOPT 0x00004000UL
338#define NETLINK_SOCKET__SETOPT 0x00008000UL
339#define NETLINK_SOCKET__SHUTDOWN 0x00010000UL
340#define NETLINK_SOCKET__RECVFROM 0x00020000UL
341#define NETLINK_SOCKET__SENDTO 0x00040000UL
342#define NETLINK_SOCKET__RECV_MSG 0x00080000UL
343#define NETLINK_SOCKET__SEND_MSG 0x00100000UL
344#define NETLINK_SOCKET__NAME_BIND 0x00200000UL
345
346#define PACKET_SOCKET__IOCTL 0x00000001UL
347#define PACKET_SOCKET__READ 0x00000002UL
348#define PACKET_SOCKET__WRITE 0x00000004UL
349#define PACKET_SOCKET__CREATE 0x00000008UL
350#define PACKET_SOCKET__GETATTR 0x00000010UL
351#define PACKET_SOCKET__SETATTR 0x00000020UL
352#define PACKET_SOCKET__LOCK 0x00000040UL
353#define PACKET_SOCKET__RELABELFROM 0x00000080UL
354#define PACKET_SOCKET__RELABELTO 0x00000100UL
355#define PACKET_SOCKET__APPEND 0x00000200UL
356#define PACKET_SOCKET__BIND 0x00000400UL
357#define PACKET_SOCKET__CONNECT 0x00000800UL
358#define PACKET_SOCKET__LISTEN 0x00001000UL
359#define PACKET_SOCKET__ACCEPT 0x00002000UL
360#define PACKET_SOCKET__GETOPT 0x00004000UL
361#define PACKET_SOCKET__SETOPT 0x00008000UL
362#define PACKET_SOCKET__SHUTDOWN 0x00010000UL
363#define PACKET_SOCKET__RECVFROM 0x00020000UL
364#define PACKET_SOCKET__SENDTO 0x00040000UL
365#define PACKET_SOCKET__RECV_MSG 0x00080000UL
366#define PACKET_SOCKET__SEND_MSG 0x00100000UL
367#define PACKET_SOCKET__NAME_BIND 0x00200000UL
368
369#define KEY_SOCKET__IOCTL 0x00000001UL
370#define KEY_SOCKET__READ 0x00000002UL
371#define KEY_SOCKET__WRITE 0x00000004UL
372#define KEY_SOCKET__CREATE 0x00000008UL
373#define KEY_SOCKET__GETATTR 0x00000010UL
374#define KEY_SOCKET__SETATTR 0x00000020UL
375#define KEY_SOCKET__LOCK 0x00000040UL
376#define KEY_SOCKET__RELABELFROM 0x00000080UL
377#define KEY_SOCKET__RELABELTO 0x00000100UL
378#define KEY_SOCKET__APPEND 0x00000200UL
379#define KEY_SOCKET__BIND 0x00000400UL
380#define KEY_SOCKET__CONNECT 0x00000800UL
381#define KEY_SOCKET__LISTEN 0x00001000UL
382#define KEY_SOCKET__ACCEPT 0x00002000UL
383#define KEY_SOCKET__GETOPT 0x00004000UL
384#define KEY_SOCKET__SETOPT 0x00008000UL
385#define KEY_SOCKET__SHUTDOWN 0x00010000UL
386#define KEY_SOCKET__RECVFROM 0x00020000UL
387#define KEY_SOCKET__SENDTO 0x00040000UL
388#define KEY_SOCKET__RECV_MSG 0x00080000UL
389#define KEY_SOCKET__SEND_MSG 0x00100000UL
390#define KEY_SOCKET__NAME_BIND 0x00200000UL
391
392#define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL
393#define UNIX_STREAM_SOCKET__READ 0x00000002UL
394#define UNIX_STREAM_SOCKET__WRITE 0x00000004UL
395#define UNIX_STREAM_SOCKET__CREATE 0x00000008UL
396#define UNIX_STREAM_SOCKET__GETATTR 0x00000010UL
397#define UNIX_STREAM_SOCKET__SETATTR 0x00000020UL
398#define UNIX_STREAM_SOCKET__LOCK 0x00000040UL
399#define UNIX_STREAM_SOCKET__RELABELFROM 0x00000080UL
400#define UNIX_STREAM_SOCKET__RELABELTO 0x00000100UL
401#define UNIX_STREAM_SOCKET__APPEND 0x00000200UL
402#define UNIX_STREAM_SOCKET__BIND 0x00000400UL
403#define UNIX_STREAM_SOCKET__CONNECT 0x00000800UL
404#define UNIX_STREAM_SOCKET__LISTEN 0x00001000UL
405#define UNIX_STREAM_SOCKET__ACCEPT 0x00002000UL
406#define UNIX_STREAM_SOCKET__GETOPT 0x00004000UL
407#define UNIX_STREAM_SOCKET__SETOPT 0x00008000UL
408#define UNIX_STREAM_SOCKET__SHUTDOWN 0x00010000UL
409#define UNIX_STREAM_SOCKET__RECVFROM 0x00020000UL
410#define UNIX_STREAM_SOCKET__SENDTO 0x00040000UL
411#define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL
412#define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL
413#define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL
414
415#define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL
416#define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL
417#define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL
418
419#define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL
420#define UNIX_DGRAM_SOCKET__READ 0x00000002UL
421#define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL
422#define UNIX_DGRAM_SOCKET__CREATE 0x00000008UL
423#define UNIX_DGRAM_SOCKET__GETATTR 0x00000010UL
424#define UNIX_DGRAM_SOCKET__SETATTR 0x00000020UL
425#define UNIX_DGRAM_SOCKET__LOCK 0x00000040UL
426#define UNIX_DGRAM_SOCKET__RELABELFROM 0x00000080UL
427#define UNIX_DGRAM_SOCKET__RELABELTO 0x00000100UL
428#define UNIX_DGRAM_SOCKET__APPEND 0x00000200UL
429#define UNIX_DGRAM_SOCKET__BIND 0x00000400UL
430#define UNIX_DGRAM_SOCKET__CONNECT 0x00000800UL
431#define UNIX_DGRAM_SOCKET__LISTEN 0x00001000UL
432#define UNIX_DGRAM_SOCKET__ACCEPT 0x00002000UL
433#define UNIX_DGRAM_SOCKET__GETOPT 0x00004000UL
434#define UNIX_DGRAM_SOCKET__SETOPT 0x00008000UL
435#define UNIX_DGRAM_SOCKET__SHUTDOWN 0x00010000UL
436#define UNIX_DGRAM_SOCKET__RECVFROM 0x00020000UL
437#define UNIX_DGRAM_SOCKET__SENDTO 0x00040000UL
438#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL
439#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL
440#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL
441
442#define PROCESS__FORK 0x00000001UL
443#define PROCESS__TRANSITION 0x00000002UL
444#define PROCESS__SIGCHLD 0x00000004UL
445#define PROCESS__SIGKILL 0x00000008UL
446#define PROCESS__SIGSTOP 0x00000010UL
447#define PROCESS__SIGNULL 0x00000020UL
448#define PROCESS__SIGNAL 0x00000040UL
449#define PROCESS__PTRACE 0x00000080UL
450#define PROCESS__GETSCHED 0x00000100UL
451#define PROCESS__SETSCHED 0x00000200UL
452#define PROCESS__GETSESSION 0x00000400UL
453#define PROCESS__GETPGID 0x00000800UL
454#define PROCESS__SETPGID 0x00001000UL
455#define PROCESS__GETCAP 0x00002000UL
456#define PROCESS__SETCAP 0x00004000UL
457#define PROCESS__SHARE 0x00008000UL
458#define PROCESS__GETATTR 0x00010000UL
459#define PROCESS__SETEXEC 0x00020000UL
460#define PROCESS__SETFSCREATE 0x00040000UL
461#define PROCESS__NOATSECURE 0x00080000UL
462#define PROCESS__SIGINH 0x00100000UL
463#define PROCESS__SETRLIMIT 0x00200000UL
464#define PROCESS__RLIMITINH 0x00400000UL
465#define PROCESS__DYNTRANSITION 0x00800000UL
466#define PROCESS__SETCURRENT 0x01000000UL
467#define PROCESS__EXECMEM 0x02000000UL
468
469#define IPC__CREATE 0x00000001UL
470#define IPC__DESTROY 0x00000002UL
471#define IPC__GETATTR 0x00000004UL
472#define IPC__SETATTR 0x00000008UL
473#define IPC__READ 0x00000010UL
474#define IPC__WRITE 0x00000020UL
475#define IPC__ASSOCIATE 0x00000040UL
476#define IPC__UNIX_READ 0x00000080UL
477#define IPC__UNIX_WRITE 0x00000100UL
478
479#define SEM__CREATE 0x00000001UL
480#define SEM__DESTROY 0x00000002UL
481#define SEM__GETATTR 0x00000004UL
482#define SEM__SETATTR 0x00000008UL
483#define SEM__READ 0x00000010UL
484#define SEM__WRITE 0x00000020UL
485#define SEM__ASSOCIATE 0x00000040UL
486#define SEM__UNIX_READ 0x00000080UL
487#define SEM__UNIX_WRITE 0x00000100UL
488
489#define MSGQ__CREATE 0x00000001UL
490#define MSGQ__DESTROY 0x00000002UL
491#define MSGQ__GETATTR 0x00000004UL
492#define MSGQ__SETATTR 0x00000008UL
493#define MSGQ__READ 0x00000010UL
494#define MSGQ__WRITE 0x00000020UL
495#define MSGQ__ASSOCIATE 0x00000040UL
496#define MSGQ__UNIX_READ 0x00000080UL
497#define MSGQ__UNIX_WRITE 0x00000100UL
498
499#define MSGQ__ENQUEUE 0x00000200UL
500
501#define MSG__SEND 0x00000001UL
502#define MSG__RECEIVE 0x00000002UL
503
504#define SHM__CREATE 0x00000001UL
505#define SHM__DESTROY 0x00000002UL
506#define SHM__GETATTR 0x00000004UL
507#define SHM__SETATTR 0x00000008UL
508#define SHM__READ 0x00000010UL
509#define SHM__WRITE 0x00000020UL
510#define SHM__ASSOCIATE 0x00000040UL
511#define SHM__UNIX_READ 0x00000080UL
512#define SHM__UNIX_WRITE 0x00000100UL
513
514#define SHM__LOCK 0x00000200UL
515
516#define SECURITY__COMPUTE_AV 0x00000001UL
517#define SECURITY__COMPUTE_CREATE 0x00000002UL
518#define SECURITY__COMPUTE_MEMBER 0x00000004UL
519#define SECURITY__CHECK_CONTEXT 0x00000008UL
520#define SECURITY__LOAD_POLICY 0x00000010UL
521#define SECURITY__COMPUTE_RELABEL 0x00000020UL
522#define SECURITY__COMPUTE_USER 0x00000040UL
523#define SECURITY__SETENFORCE 0x00000080UL
524#define SECURITY__SETBOOL 0x00000100UL
525#define SECURITY__SETSECPARAM 0x00000200UL
526#define SECURITY__SETCHECKREQPROT 0x00000400UL
527
528#define SYSTEM__IPC_INFO 0x00000001UL
529#define SYSTEM__SYSLOG_READ 0x00000002UL
530#define SYSTEM__SYSLOG_MOD 0x00000004UL
531#define SYSTEM__SYSLOG_CONSOLE 0x00000008UL
532
533#define CAPABILITY__CHOWN 0x00000001UL
534#define CAPABILITY__DAC_OVERRIDE 0x00000002UL
535#define CAPABILITY__DAC_READ_SEARCH 0x00000004UL
536#define CAPABILITY__FOWNER 0x00000008UL
537#define CAPABILITY__FSETID 0x00000010UL
538#define CAPABILITY__KILL 0x00000020UL
539#define CAPABILITY__SETGID 0x00000040UL
540#define CAPABILITY__SETUID 0x00000080UL
541#define CAPABILITY__SETPCAP 0x00000100UL
542#define CAPABILITY__LINUX_IMMUTABLE 0x00000200UL
543#define CAPABILITY__NET_BIND_SERVICE 0x00000400UL
544#define CAPABILITY__NET_BROADCAST 0x00000800UL
545#define CAPABILITY__NET_ADMIN 0x00001000UL
546#define CAPABILITY__NET_RAW 0x00002000UL
547#define CAPABILITY__IPC_LOCK 0x00004000UL
548#define CAPABILITY__IPC_OWNER 0x00008000UL
549#define CAPABILITY__SYS_MODULE 0x00010000UL
550#define CAPABILITY__SYS_RAWIO 0x00020000UL
551#define CAPABILITY__SYS_CHROOT 0x00040000UL
552#define CAPABILITY__SYS_PTRACE 0x00080000UL
553#define CAPABILITY__SYS_PACCT 0x00100000UL
554#define CAPABILITY__SYS_ADMIN 0x00200000UL
555#define CAPABILITY__SYS_BOOT 0x00400000UL
556#define CAPABILITY__SYS_NICE 0x00800000UL
557#define CAPABILITY__SYS_RESOURCE 0x01000000UL
558#define CAPABILITY__SYS_TIME 0x02000000UL
559#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL
560#define CAPABILITY__MKNOD 0x08000000UL
561#define CAPABILITY__LEASE 0x10000000UL
562
563#define PASSWD__PASSWD 0x00000001UL
564#define PASSWD__CHFN 0x00000002UL
565#define PASSWD__CHSH 0x00000004UL
566#define PASSWD__ROOTOK 0x00000008UL
567#define PASSWD__CRONTAB 0x00000010UL
568
569#define DRAWABLE__CREATE 0x00000001UL
570#define DRAWABLE__DESTROY 0x00000002UL
571#define DRAWABLE__DRAW 0x00000004UL
572#define DRAWABLE__COPY 0x00000008UL
573#define DRAWABLE__GETATTR 0x00000010UL
574
575#define GC__CREATE 0x00000001UL
576#define GC__FREE 0x00000002UL
577#define GC__GETATTR 0x00000004UL
578#define GC__SETATTR 0x00000008UL
579
580#define WINDOW__ADDCHILD 0x00000001UL
581#define WINDOW__CREATE 0x00000002UL
582#define WINDOW__DESTROY 0x00000004UL
583#define WINDOW__MAP 0x00000008UL
584#define WINDOW__UNMAP 0x00000010UL
585#define WINDOW__CHSTACK 0x00000020UL
586#define WINDOW__CHPROPLIST 0x00000040UL
587#define WINDOW__CHPROP 0x00000080UL
588#define WINDOW__LISTPROP 0x00000100UL
589#define WINDOW__GETATTR 0x00000200UL
590#define WINDOW__SETATTR 0x00000400UL
591#define WINDOW__SETFOCUS 0x00000800UL
592#define WINDOW__MOVE 0x00001000UL
593#define WINDOW__CHSELECTION 0x00002000UL
594#define WINDOW__CHPARENT 0x00004000UL
595#define WINDOW__CTRLLIFE 0x00008000UL
596#define WINDOW__ENUMERATE 0x00010000UL
597#define WINDOW__TRANSPARENT 0x00020000UL
598#define WINDOW__MOUSEMOTION 0x00040000UL
599#define WINDOW__CLIENTCOMEVENT 0x00080000UL
600#define WINDOW__INPUTEVENT 0x00100000UL
601#define WINDOW__DRAWEVENT 0x00200000UL
602#define WINDOW__WINDOWCHANGEEVENT 0x00400000UL
603#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL
604#define WINDOW__SERVERCHANGEEVENT 0x01000000UL
605#define WINDOW__EXTENSIONEVENT 0x02000000UL
606
607#define FONT__LOAD 0x00000001UL
608#define FONT__FREE 0x00000002UL
609#define FONT__GETATTR 0x00000004UL
610#define FONT__USE 0x00000008UL
611
612#define COLORMAP__CREATE 0x00000001UL
613#define COLORMAP__FREE 0x00000002UL
614#define COLORMAP__INSTALL 0x00000004UL
615#define COLORMAP__UNINSTALL 0x00000008UL
616#define COLORMAP__LIST 0x00000010UL
617#define COLORMAP__READ 0x00000020UL
618#define COLORMAP__STORE 0x00000040UL
619#define COLORMAP__GETATTR 0x00000080UL
620#define COLORMAP__SETATTR 0x00000100UL
621
622#define PROPERTY__CREATE 0x00000001UL
623#define PROPERTY__FREE 0x00000002UL
624#define PROPERTY__READ 0x00000004UL
625#define PROPERTY__WRITE 0x00000008UL
626
627#define CURSOR__CREATE 0x00000001UL
628#define CURSOR__CREATEGLYPH 0x00000002UL
629#define CURSOR__FREE 0x00000004UL
630#define CURSOR__ASSIGN 0x00000008UL
631#define CURSOR__SETATTR 0x00000010UL
632
633#define XCLIENT__KILL 0x00000001UL
634
635#define XINPUT__LOOKUP 0x00000001UL
636#define XINPUT__GETATTR 0x00000002UL
637#define XINPUT__SETATTR 0x00000004UL
638#define XINPUT__SETFOCUS 0x00000008UL
639#define XINPUT__WARPPOINTER 0x00000010UL
640#define XINPUT__ACTIVEGRAB 0x00000020UL
641#define XINPUT__PASSIVEGRAB 0x00000040UL
642#define XINPUT__UNGRAB 0x00000080UL
643#define XINPUT__BELL 0x00000100UL
644#define XINPUT__MOUSEMOTION 0x00000200UL
645#define XINPUT__RELABELINPUT 0x00000400UL
646
647#define XSERVER__SCREENSAVER 0x00000001UL
648#define XSERVER__GETHOSTLIST 0x00000002UL
649#define XSERVER__SETHOSTLIST 0x00000004UL
650#define XSERVER__GETFONTPATH 0x00000008UL
651#define XSERVER__SETFONTPATH 0x00000010UL
652#define XSERVER__GETATTR 0x00000020UL
653#define XSERVER__GRAB 0x00000040UL
654#define XSERVER__UNGRAB 0x00000080UL
655
656#define XEXTENSION__QUERY 0x00000001UL
657#define XEXTENSION__USE 0x00000002UL
658
659#define PAX__PAGEEXEC 0x00000001UL
660#define PAX__EMUTRAMP 0x00000002UL
661#define PAX__MPROTECT 0x00000004UL
662#define PAX__RANDMMAP 0x00000008UL
663#define PAX__RANDEXEC 0x00000010UL
664#define PAX__SEGMEXEC 0x00000020UL
665
666#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
667#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
668#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
669#define NETLINK_ROUTE_SOCKET__CREATE 0x00000008UL
670#define NETLINK_ROUTE_SOCKET__GETATTR 0x00000010UL
671#define NETLINK_ROUTE_SOCKET__SETATTR 0x00000020UL
672#define NETLINK_ROUTE_SOCKET__LOCK 0x00000040UL
673#define NETLINK_ROUTE_SOCKET__RELABELFROM 0x00000080UL
674#define NETLINK_ROUTE_SOCKET__RELABELTO 0x00000100UL
675#define NETLINK_ROUTE_SOCKET__APPEND 0x00000200UL
676#define NETLINK_ROUTE_SOCKET__BIND 0x00000400UL
677#define NETLINK_ROUTE_SOCKET__CONNECT 0x00000800UL
678#define NETLINK_ROUTE_SOCKET__LISTEN 0x00001000UL
679#define NETLINK_ROUTE_SOCKET__ACCEPT 0x00002000UL
680#define NETLINK_ROUTE_SOCKET__GETOPT 0x00004000UL
681#define NETLINK_ROUTE_SOCKET__SETOPT 0x00008000UL
682#define NETLINK_ROUTE_SOCKET__SHUTDOWN 0x00010000UL
683#define NETLINK_ROUTE_SOCKET__RECVFROM 0x00020000UL
684#define NETLINK_ROUTE_SOCKET__SENDTO 0x00040000UL
685#define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL
686#define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL
687#define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL
688
689#define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL
690#define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL
691
692#define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL
693#define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL
694#define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL
695#define NETLINK_FIREWALL_SOCKET__CREATE 0x00000008UL
696#define NETLINK_FIREWALL_SOCKET__GETATTR 0x00000010UL
697#define NETLINK_FIREWALL_SOCKET__SETATTR 0x00000020UL
698#define NETLINK_FIREWALL_SOCKET__LOCK 0x00000040UL
699#define NETLINK_FIREWALL_SOCKET__RELABELFROM 0x00000080UL
700#define NETLINK_FIREWALL_SOCKET__RELABELTO 0x00000100UL
701#define NETLINK_FIREWALL_SOCKET__APPEND 0x00000200UL
702#define NETLINK_FIREWALL_SOCKET__BIND 0x00000400UL
703#define NETLINK_FIREWALL_SOCKET__CONNECT 0x00000800UL
704#define NETLINK_FIREWALL_SOCKET__LISTEN 0x00001000UL
705#define NETLINK_FIREWALL_SOCKET__ACCEPT 0x00002000UL
706#define NETLINK_FIREWALL_SOCKET__GETOPT 0x00004000UL
707#define NETLINK_FIREWALL_SOCKET__SETOPT 0x00008000UL
708#define NETLINK_FIREWALL_SOCKET__SHUTDOWN 0x00010000UL
709#define NETLINK_FIREWALL_SOCKET__RECVFROM 0x00020000UL
710#define NETLINK_FIREWALL_SOCKET__SENDTO 0x00040000UL
711#define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL
712#define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL
713#define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL
714
715#define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL
716#define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL
717
718#define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL
719#define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL
720#define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL
721#define NETLINK_TCPDIAG_SOCKET__CREATE 0x00000008UL
722#define NETLINK_TCPDIAG_SOCKET__GETATTR 0x00000010UL
723#define NETLINK_TCPDIAG_SOCKET__SETATTR 0x00000020UL
724#define NETLINK_TCPDIAG_SOCKET__LOCK 0x00000040UL
725#define NETLINK_TCPDIAG_SOCKET__RELABELFROM 0x00000080UL
726#define NETLINK_TCPDIAG_SOCKET__RELABELTO 0x00000100UL
727#define NETLINK_TCPDIAG_SOCKET__APPEND 0x00000200UL
728#define NETLINK_TCPDIAG_SOCKET__BIND 0x00000400UL
729#define NETLINK_TCPDIAG_SOCKET__CONNECT 0x00000800UL
730#define NETLINK_TCPDIAG_SOCKET__LISTEN 0x00001000UL
731#define NETLINK_TCPDIAG_SOCKET__ACCEPT 0x00002000UL
732#define NETLINK_TCPDIAG_SOCKET__GETOPT 0x00004000UL
733#define NETLINK_TCPDIAG_SOCKET__SETOPT 0x00008000UL
734#define NETLINK_TCPDIAG_SOCKET__SHUTDOWN 0x00010000UL
735#define NETLINK_TCPDIAG_SOCKET__RECVFROM 0x00020000UL
736#define NETLINK_TCPDIAG_SOCKET__SENDTO 0x00040000UL
737#define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL
738#define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL
739#define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL
740
741#define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL
742#define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL
743
744#define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL
745#define NETLINK_NFLOG_SOCKET__READ 0x00000002UL
746#define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL
747#define NETLINK_NFLOG_SOCKET__CREATE 0x00000008UL
748#define NETLINK_NFLOG_SOCKET__GETATTR 0x00000010UL
749#define NETLINK_NFLOG_SOCKET__SETATTR 0x00000020UL
750#define NETLINK_NFLOG_SOCKET__LOCK 0x00000040UL
751#define NETLINK_NFLOG_SOCKET__RELABELFROM 0x00000080UL
752#define NETLINK_NFLOG_SOCKET__RELABELTO 0x00000100UL
753#define NETLINK_NFLOG_SOCKET__APPEND 0x00000200UL
754#define NETLINK_NFLOG_SOCKET__BIND 0x00000400UL
755#define NETLINK_NFLOG_SOCKET__CONNECT 0x00000800UL
756#define NETLINK_NFLOG_SOCKET__LISTEN 0x00001000UL
757#define NETLINK_NFLOG_SOCKET__ACCEPT 0x00002000UL
758#define NETLINK_NFLOG_SOCKET__GETOPT 0x00004000UL
759#define NETLINK_NFLOG_SOCKET__SETOPT 0x00008000UL
760#define NETLINK_NFLOG_SOCKET__SHUTDOWN 0x00010000UL
761#define NETLINK_NFLOG_SOCKET__RECVFROM 0x00020000UL
762#define NETLINK_NFLOG_SOCKET__SENDTO 0x00040000UL
763#define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL
764#define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL
765#define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL
766
767#define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL
768#define NETLINK_XFRM_SOCKET__READ 0x00000002UL
769#define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL
770#define NETLINK_XFRM_SOCKET__CREATE 0x00000008UL
771#define NETLINK_XFRM_SOCKET__GETATTR 0x00000010UL
772#define NETLINK_XFRM_SOCKET__SETATTR 0x00000020UL
773#define NETLINK_XFRM_SOCKET__LOCK 0x00000040UL
774#define NETLINK_XFRM_SOCKET__RELABELFROM 0x00000080UL
775#define NETLINK_XFRM_SOCKET__RELABELTO 0x00000100UL
776#define NETLINK_XFRM_SOCKET__APPEND 0x00000200UL
777#define NETLINK_XFRM_SOCKET__BIND 0x00000400UL
778#define NETLINK_XFRM_SOCKET__CONNECT 0x00000800UL
779#define NETLINK_XFRM_SOCKET__LISTEN 0x00001000UL
780#define NETLINK_XFRM_SOCKET__ACCEPT 0x00002000UL
781#define NETLINK_XFRM_SOCKET__GETOPT 0x00004000UL
782#define NETLINK_XFRM_SOCKET__SETOPT 0x00008000UL
783#define NETLINK_XFRM_SOCKET__SHUTDOWN 0x00010000UL
784#define NETLINK_XFRM_SOCKET__RECVFROM 0x00020000UL
785#define NETLINK_XFRM_SOCKET__SENDTO 0x00040000UL
786#define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL
787#define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL
788#define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL
789
790#define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL
791#define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL
792
793#define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL
794#define NETLINK_SELINUX_SOCKET__READ 0x00000002UL
795#define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL
796#define NETLINK_SELINUX_SOCKET__CREATE 0x00000008UL
797#define NETLINK_SELINUX_SOCKET__GETATTR 0x00000010UL
798#define NETLINK_SELINUX_SOCKET__SETATTR 0x00000020UL
799#define NETLINK_SELINUX_SOCKET__LOCK 0x00000040UL
800#define NETLINK_SELINUX_SOCKET__RELABELFROM 0x00000080UL
801#define NETLINK_SELINUX_SOCKET__RELABELTO 0x00000100UL
802#define NETLINK_SELINUX_SOCKET__APPEND 0x00000200UL
803#define NETLINK_SELINUX_SOCKET__BIND 0x00000400UL
804#define NETLINK_SELINUX_SOCKET__CONNECT 0x00000800UL
805#define NETLINK_SELINUX_SOCKET__LISTEN 0x00001000UL
806#define NETLINK_SELINUX_SOCKET__ACCEPT 0x00002000UL
807#define NETLINK_SELINUX_SOCKET__GETOPT 0x00004000UL
808#define NETLINK_SELINUX_SOCKET__SETOPT 0x00008000UL
809#define NETLINK_SELINUX_SOCKET__SHUTDOWN 0x00010000UL
810#define NETLINK_SELINUX_SOCKET__RECVFROM 0x00020000UL
811#define NETLINK_SELINUX_SOCKET__SENDTO 0x00040000UL
812#define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL
813#define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL
814#define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL
815
816#define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL
817#define NETLINK_AUDIT_SOCKET__READ 0x00000002UL
818#define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL
819#define NETLINK_AUDIT_SOCKET__CREATE 0x00000008UL
820#define NETLINK_AUDIT_SOCKET__GETATTR 0x00000010UL
821#define NETLINK_AUDIT_SOCKET__SETATTR 0x00000020UL
822#define NETLINK_AUDIT_SOCKET__LOCK 0x00000040UL
823#define NETLINK_AUDIT_SOCKET__RELABELFROM 0x00000080UL
824#define NETLINK_AUDIT_SOCKET__RELABELTO 0x00000100UL
825#define NETLINK_AUDIT_SOCKET__APPEND 0x00000200UL
826#define NETLINK_AUDIT_SOCKET__BIND 0x00000400UL
827#define NETLINK_AUDIT_SOCKET__CONNECT 0x00000800UL
828#define NETLINK_AUDIT_SOCKET__LISTEN 0x00001000UL
829#define NETLINK_AUDIT_SOCKET__ACCEPT 0x00002000UL
830#define NETLINK_AUDIT_SOCKET__GETOPT 0x00004000UL
831#define NETLINK_AUDIT_SOCKET__SETOPT 0x00008000UL
832#define NETLINK_AUDIT_SOCKET__SHUTDOWN 0x00010000UL
833#define NETLINK_AUDIT_SOCKET__RECVFROM 0x00020000UL
834#define NETLINK_AUDIT_SOCKET__SENDTO 0x00040000UL
835#define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL
836#define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL
837#define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL
838
839#define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL
840#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL
841
842#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL
843#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL
844#define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL
845#define NETLINK_IP6FW_SOCKET__CREATE 0x00000008UL
846#define NETLINK_IP6FW_SOCKET__GETATTR 0x00000010UL
847#define NETLINK_IP6FW_SOCKET__SETATTR 0x00000020UL
848#define NETLINK_IP6FW_SOCKET__LOCK 0x00000040UL
849#define NETLINK_IP6FW_SOCKET__RELABELFROM 0x00000080UL
850#define NETLINK_IP6FW_SOCKET__RELABELTO 0x00000100UL
851#define NETLINK_IP6FW_SOCKET__APPEND 0x00000200UL
852#define NETLINK_IP6FW_SOCKET__BIND 0x00000400UL
853#define NETLINK_IP6FW_SOCKET__CONNECT 0x00000800UL
854#define NETLINK_IP6FW_SOCKET__LISTEN 0x00001000UL
855#define NETLINK_IP6FW_SOCKET__ACCEPT 0x00002000UL
856#define NETLINK_IP6FW_SOCKET__GETOPT 0x00004000UL
857#define NETLINK_IP6FW_SOCKET__SETOPT 0x00008000UL
858#define NETLINK_IP6FW_SOCKET__SHUTDOWN 0x00010000UL
859#define NETLINK_IP6FW_SOCKET__RECVFROM 0x00020000UL
860#define NETLINK_IP6FW_SOCKET__SENDTO 0x00040000UL
861#define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL
862#define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL
863#define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL
864
865#define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL
866#define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL
867
868#define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL
869#define NETLINK_DNRT_SOCKET__READ 0x00000002UL
870#define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL
871#define NETLINK_DNRT_SOCKET__CREATE 0x00000008UL
872#define NETLINK_DNRT_SOCKET__GETATTR 0x00000010UL
873#define NETLINK_DNRT_SOCKET__SETATTR 0x00000020UL
874#define NETLINK_DNRT_SOCKET__LOCK 0x00000040UL
875#define NETLINK_DNRT_SOCKET__RELABELFROM 0x00000080UL
876#define NETLINK_DNRT_SOCKET__RELABELTO 0x00000100UL
877#define NETLINK_DNRT_SOCKET__APPEND 0x00000200UL
878#define NETLINK_DNRT_SOCKET__BIND 0x00000400UL
879#define NETLINK_DNRT_SOCKET__CONNECT 0x00000800UL
880#define NETLINK_DNRT_SOCKET__LISTEN 0x00001000UL
881#define NETLINK_DNRT_SOCKET__ACCEPT 0x00002000UL
882#define NETLINK_DNRT_SOCKET__GETOPT 0x00004000UL
883#define NETLINK_DNRT_SOCKET__SETOPT 0x00008000UL
884#define NETLINK_DNRT_SOCKET__SHUTDOWN 0x00010000UL
885#define NETLINK_DNRT_SOCKET__RECVFROM 0x00020000UL
886#define NETLINK_DNRT_SOCKET__SENDTO 0x00040000UL
887#define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL
888#define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL
889#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL
890
891#define DBUS__ACQUIRE_SVC 0x00000001UL
892#define DBUS__SEND_MSG 0x00000002UL
893
894#define NSCD__GETPWD 0x00000001UL
895#define NSCD__GETGRP 0x00000002UL
896#define NSCD__GETHOST 0x00000004UL
897#define NSCD__GETSTAT 0x00000008UL
898#define NSCD__ADMIN 0x00000010UL
899#define NSCD__SHMEMPWD 0x00000020UL
900#define NSCD__SHMEMGRP 0x00000040UL
901#define NSCD__SHMEMHOST 0x00000080UL
902
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
new file mode 100644
index 000000000000..960ef18ddc41
--- /dev/null
+++ b/security/selinux/include/avc.h
@@ -0,0 +1,137 @@
1/*
2 * Access vector cache interface for object managers.
3 *
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5 */
6#ifndef _SELINUX_AVC_H_
7#define _SELINUX_AVC_H_
8
9#include <linux/stddef.h>
10#include <linux/errno.h>
11#include <linux/kernel.h>
12#include <linux/kdev_t.h>
13#include <linux/spinlock.h>
14#include <linux/init.h>
15#include <linux/in6.h>
16#include <asm/system.h>
17#include "flask.h"
18#include "av_permissions.h"
19#include "security.h"
20
21#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
22extern int selinux_enforcing;
23#else
24#define selinux_enforcing 1
25#endif
26
27/*
28 * An entry in the AVC.
29 */
30struct avc_entry;
31
32struct task_struct;
33struct vfsmount;
34struct dentry;
35struct inode;
36struct sock;
37struct sk_buff;
38
39/* Auxiliary data to use in generating the audit record. */
40struct avc_audit_data {
41 char type;
42#define AVC_AUDIT_DATA_FS 1
43#define AVC_AUDIT_DATA_NET 2
44#define AVC_AUDIT_DATA_CAP 3
45#define AVC_AUDIT_DATA_IPC 4
46 struct task_struct *tsk;
47 union {
48 struct {
49 struct vfsmount *mnt;
50 struct dentry *dentry;
51 struct inode *inode;
52 } fs;
53 struct {
54 char *netif;
55 struct sock *sk;
56 u16 family;
57 u16 dport;
58 u16 sport;
59 union {
60 struct {
61 u32 daddr;
62 u32 saddr;
63 } v4;
64 struct {
65 struct in6_addr daddr;
66 struct in6_addr saddr;
67 } v6;
68 } fam;
69 } net;
70 int cap;
71 int ipc_id;
72 } u;
73};
74
75#define v4info fam.v4
76#define v6info fam.v6
77
78/* Initialize an AVC audit data structure. */
79#define AVC_AUDIT_DATA_INIT(_d,_t) \
80 { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
81
82/*
83 * AVC statistics
84 */
85struct avc_cache_stats
86{
87 unsigned int lookups;
88 unsigned int hits;
89 unsigned int misses;
90 unsigned int allocations;
91 unsigned int reclaims;
92 unsigned int frees;
93};
94
95/*
96 * AVC operations
97 */
98
99void __init avc_init(void);
100
101void avc_audit(u32 ssid, u32 tsid,
102 u16 tclass, u32 requested,
103 struct av_decision *avd, int result, struct avc_audit_data *auditdata);
104
105int avc_has_perm_noaudit(u32 ssid, u32 tsid,
106 u16 tclass, u32 requested,
107 struct av_decision *avd);
108
109int avc_has_perm(u32 ssid, u32 tsid,
110 u16 tclass, u32 requested,
111 struct avc_audit_data *auditdata);
112
113#define AVC_CALLBACK_GRANT 1
114#define AVC_CALLBACK_TRY_REVOKE 2
115#define AVC_CALLBACK_REVOKE 4
116#define AVC_CALLBACK_RESET 8
117#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
118#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
119#define AVC_CALLBACK_AUDITDENY_ENABLE 64
120#define AVC_CALLBACK_AUDITDENY_DISABLE 128
121
122int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
123 u16 tclass, u32 perms,
124 u32 *out_retained),
125 u32 events, u32 ssid, u32 tsid,
126 u16 tclass, u32 perms);
127
128/* Exported to selinuxfs */
129int avc_get_hash_stats(char *page);
130extern unsigned int avc_cache_threshold;
131
132#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
133DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
134#endif
135
136#endif /* _SELINUX_AVC_H_ */
137
diff --git a/security/selinux/include/avc_ss.h b/security/selinux/include/avc_ss.h
new file mode 100644
index 000000000000..450a2831e2e3
--- /dev/null
+++ b/security/selinux/include/avc_ss.h
@@ -0,0 +1,14 @@
1/*
2 * Access vector cache interface for the security server.
3 *
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5 */
6#ifndef _SELINUX_AVC_SS_H_
7#define _SELINUX_AVC_SS_H_
8
9#include "flask.h"
10
11int avc_ss_reset(u32 seqno);
12
13#endif /* _SELINUX_AVC_SS_H_ */
14
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
new file mode 100644
index 000000000000..519a77d7394a
--- /dev/null
+++ b/security/selinux/include/class_to_string.h
@@ -0,0 +1,58 @@
1/* This file is automatically generated. Do not edit. */
2/*
3 * Security object class definitions
4 */
5 S_("null")
6 S_("security")
7 S_("process")
8 S_("system")
9 S_("capability")
10 S_("filesystem")
11 S_("file")
12 S_("dir")
13 S_("fd")
14 S_("lnk_file")
15 S_("chr_file")
16 S_("blk_file")
17 S_("sock_file")
18 S_("fifo_file")
19 S_("socket")
20 S_("tcp_socket")
21 S_("udp_socket")
22 S_("rawip_socket")
23 S_("node")
24 S_("netif")
25 S_("netlink_socket")
26 S_("packet_socket")
27 S_("key_socket")
28 S_("unix_stream_socket")
29 S_("unix_dgram_socket")
30 S_("sem")
31 S_("msg")
32 S_("msgq")
33 S_("shm")
34 S_("ipc")
35 S_("passwd")
36 S_("drawable")
37 S_("window")
38 S_("gc")
39 S_("font")
40 S_("colormap")
41 S_("property")
42 S_("cursor")
43 S_("xclient")
44 S_("xinput")
45 S_("xserver")
46 S_("xextension")
47 S_("pax")
48 S_("netlink_route_socket")
49 S_("netlink_firewall_socket")
50 S_("netlink_tcpdiag_socket")
51 S_("netlink_nflog_socket")
52 S_("netlink_xfrm_socket")
53 S_("netlink_selinux_socket")
54 S_("netlink_audit_socket")
55 S_("netlink_ip6fw_socket")
56 S_("netlink_dnrt_socket")
57 S_("dbus")
58 S_("nscd")
diff --git a/security/selinux/include/common_perm_to_string.h b/security/selinux/include/common_perm_to_string.h
new file mode 100644
index 000000000000..ce5b6e2fe9dd
--- /dev/null
+++ b/security/selinux/include/common_perm_to_string.h
@@ -0,0 +1,58 @@
1/* This file is automatically generated. Do not edit. */
2TB_(common_file_perm_to_string)
3 S_("ioctl")
4 S_("read")
5 S_("write")
6 S_("create")
7 S_("getattr")
8 S_("setattr")
9 S_("lock")
10 S_("relabelfrom")
11 S_("relabelto")
12 S_("append")
13 S_("unlink")
14 S_("link")
15 S_("rename")
16 S_("execute")
17 S_("swapon")
18 S_("quotaon")
19 S_("mounton")
20TE_(common_file_perm_to_string)
21
22TB_(common_socket_perm_to_string)
23 S_("ioctl")
24 S_("read")
25 S_("write")
26 S_("create")
27 S_("getattr")
28 S_("setattr")
29 S_("lock")
30 S_("relabelfrom")
31 S_("relabelto")
32 S_("append")
33 S_("bind")
34 S_("connect")
35 S_("listen")
36 S_("accept")
37 S_("getopt")
38 S_("setopt")
39 S_("shutdown")
40 S_("recvfrom")
41 S_("sendto")
42 S_("recv_msg")
43 S_("send_msg")
44 S_("name_bind")
45TE_(common_socket_perm_to_string)
46
47TB_(common_ipc_perm_to_string)
48 S_("create")
49 S_("destroy")
50 S_("getattr")
51 S_("setattr")
52 S_("read")
53 S_("write")
54 S_("associate")
55 S_("unix_read")
56 S_("unix_write")
57TE_(common_ipc_perm_to_string)
58
diff --git a/security/selinux/include/conditional.h b/security/selinux/include/conditional.h
new file mode 100644
index 000000000000..67ce7a8d8301
--- /dev/null
+++ b/security/selinux/include/conditional.h
@@ -0,0 +1,22 @@
1/*
2 * Interface to booleans in the security server. This is exported
3 * for the selinuxfs.
4 *
5 * Author: Karl MacMillan <kmacmillan@tresys.com>
6 *
7 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation, version 2.
11 */
12
13#ifndef _SELINUX_CONDITIONAL_H_
14#define _SELINUX_CONDITIONAL_H_
15
16int security_get_bools(int *len, char ***names, int **values);
17
18int security_set_bools(int len, int *values);
19
20int security_get_bool_value(int bool);
21
22#endif
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
new file mode 100644
index 000000000000..4eef1b654e92
--- /dev/null
+++ b/security/selinux/include/flask.h
@@ -0,0 +1,95 @@
1/* This file is automatically generated. Do not edit. */
2#ifndef _SELINUX_FLASK_H_
3#define _SELINUX_FLASK_H_
4
5/*
6 * Security object class definitions
7 */
8#define SECCLASS_SECURITY 1
9#define SECCLASS_PROCESS 2
10#define SECCLASS_SYSTEM 3
11#define SECCLASS_CAPABILITY 4
12#define SECCLASS_FILESYSTEM 5
13#define SECCLASS_FILE 6
14#define SECCLASS_DIR 7
15#define SECCLASS_FD 8
16#define SECCLASS_LNK_FILE 9
17#define SECCLASS_CHR_FILE 10
18#define SECCLASS_BLK_FILE 11
19#define SECCLASS_SOCK_FILE 12
20#define SECCLASS_FIFO_FILE 13
21#define SECCLASS_SOCKET 14
22#define SECCLASS_TCP_SOCKET 15
23#define SECCLASS_UDP_SOCKET 16
24#define SECCLASS_RAWIP_SOCKET 17
25#define SECCLASS_NODE 18
26#define SECCLASS_NETIF 19
27#define SECCLASS_NETLINK_SOCKET 20
28#define SECCLASS_PACKET_SOCKET 21
29#define SECCLASS_KEY_SOCKET 22
30#define SECCLASS_UNIX_STREAM_SOCKET 23
31#define SECCLASS_UNIX_DGRAM_SOCKET 24
32#define SECCLASS_SEM 25
33#define SECCLASS_MSG 26
34#define SECCLASS_MSGQ 27
35#define SECCLASS_SHM 28
36#define SECCLASS_IPC 29
37#define SECCLASS_PASSWD 30
38#define SECCLASS_DRAWABLE 31
39#define SECCLASS_WINDOW 32
40#define SECCLASS_GC 33
41#define SECCLASS_FONT 34
42#define SECCLASS_COLORMAP 35
43#define SECCLASS_PROPERTY 36
44#define SECCLASS_CURSOR 37
45#define SECCLASS_XCLIENT 38
46#define SECCLASS_XINPUT 39
47#define SECCLASS_XSERVER 40
48#define SECCLASS_XEXTENSION 41
49#define SECCLASS_PAX 42
50#define SECCLASS_NETLINK_ROUTE_SOCKET 43
51#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
52#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
53#define SECCLASS_NETLINK_NFLOG_SOCKET 46
54#define SECCLASS_NETLINK_XFRM_SOCKET 47
55#define SECCLASS_NETLINK_SELINUX_SOCKET 48
56#define SECCLASS_NETLINK_AUDIT_SOCKET 49
57#define SECCLASS_NETLINK_IP6FW_SOCKET 50
58#define SECCLASS_NETLINK_DNRT_SOCKET 51
59#define SECCLASS_DBUS 52
60#define SECCLASS_NSCD 53
61
62/*
63 * Security identifier indices for initial entities
64 */
65#define SECINITSID_KERNEL 1
66#define SECINITSID_SECURITY 2
67#define SECINITSID_UNLABELED 3
68#define SECINITSID_FS 4
69#define SECINITSID_FILE 5
70#define SECINITSID_FILE_LABELS 6
71#define SECINITSID_INIT 7
72#define SECINITSID_ANY_SOCKET 8
73#define SECINITSID_PORT 9
74#define SECINITSID_NETIF 10
75#define SECINITSID_NETMSG 11
76#define SECINITSID_NODE 12
77#define SECINITSID_IGMP_PACKET 13
78#define SECINITSID_ICMP_SOCKET 14
79#define SECINITSID_TCP_SOCKET 15
80#define SECINITSID_SYSCTL_MODPROBE 16
81#define SECINITSID_SYSCTL 17
82#define SECINITSID_SYSCTL_FS 18
83#define SECINITSID_SYSCTL_KERNEL 19
84#define SECINITSID_SYSCTL_NET 20
85#define SECINITSID_SYSCTL_NET_UNIX 21
86#define SECINITSID_SYSCTL_VM 22
87#define SECINITSID_SYSCTL_DEV 23
88#define SECINITSID_KMOD 24
89#define SECINITSID_POLICY 25
90#define SECINITSID_SCMP_PACKET 26
91#define SECINITSID_DEVNULL 27
92
93#define SECINITSID_NUM 27
94
95#endif
diff --git a/security/selinux/include/initial_sid_to_string.h b/security/selinux/include/initial_sid_to_string.h
new file mode 100644
index 000000000000..d4fac82793ae
--- /dev/null
+++ b/security/selinux/include/initial_sid_to_string.h
@@ -0,0 +1,33 @@
1/* This file is automatically generated. Do not edit. */
2static char *initial_sid_to_string[] =
3{
4 "null",
5 "kernel",
6 "security",
7 "unlabeled",
8 "fs",
9 "file",
10 "file_labels",
11 "init",
12 "any_socket",
13 "port",
14 "netif",
15 "netmsg",
16 "node",
17 "igmp_packet",
18 "icmp_socket",
19 "tcp_socket",
20 "sysctl_modprobe",
21 "sysctl",
22 "sysctl_fs",
23 "sysctl_kernel",
24 "sysctl_net",
25 "sysctl_net_unix",
26 "sysctl_vm",
27 "sysctl_dev",
28 "kmod",
29 "policy",
30 "scmp_packet",
31 "devnull",
32};
33
diff --git a/security/selinux/include/netif.h b/security/selinux/include/netif.h
new file mode 100644
index 000000000000..8bd6f9992d2b
--- /dev/null
+++ b/security/selinux/include/netif.h
@@ -0,0 +1,21 @@
1/*
2 * Network interface table.
3 *
4 * Network interfaces (devices) do not have a security field, so we
5 * maintain a table associating each interface with a SID.
6 *
7 * Author: James Morris <jmorris@redhat.com>
8 *
9 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2,
13 * as published by the Free Software Foundation.
14 */
15#ifndef _SELINUX_NETIF_H_
16#define _SELINUX_NETIF_H_
17
18int sel_netif_sids(struct net_device *dev, u32 *if_sid, u32 *msg_sid);
19
20#endif /* _SELINUX_NETIF_H_ */
21
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
new file mode 100644
index 000000000000..887937c8134a
--- /dev/null
+++ b/security/selinux/include/objsec.h
@@ -0,0 +1,112 @@
1/*
2 * NSA Security-Enhanced Linux (SELinux) security module
3 *
4 * This file contains the SELinux security data structures for kernel objects.
5 *
6 * Author(s): Stephen Smalley, <sds@epoch.ncsc.mil>
7 * Chris Vance, <cvance@nai.com>
8 * Wayne Salamon, <wsalamon@nai.com>
9 * James Morris <jmorris@redhat.com>
10 *
11 * Copyright (C) 2001,2002 Networks Associates Technology, Inc.
12 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
13 *
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License version 2,
16 * as published by the Free Software Foundation.
17 */
18#ifndef _SELINUX_OBJSEC_H_
19#define _SELINUX_OBJSEC_H_
20
21#include <linux/list.h>
22#include <linux/sched.h>
23#include <linux/fs.h>
24#include <linux/binfmts.h>
25#include <linux/in.h>
26#include "flask.h"
27#include "avc.h"
28
29struct task_security_struct {
30 unsigned long magic; /* magic number for this module */
31 struct task_struct *task; /* back pointer to task object */
32 u32 osid; /* SID prior to last execve */
33 u32 sid; /* current SID */
34 u32 exec_sid; /* exec SID */
35 u32 create_sid; /* fscreate SID */
36 u32 ptrace_sid; /* SID of ptrace parent */
37};
38
39struct inode_security_struct {
40 unsigned long magic; /* magic number for this module */
41 struct inode *inode; /* back pointer to inode object */
42 struct list_head list; /* list of inode_security_struct */
43 u32 task_sid; /* SID of creating task */
44 u32 sid; /* SID of this object */
45 u16 sclass; /* security class of this object */
46 unsigned char initialized; /* initialization flag */
47 struct semaphore sem;
48 unsigned char inherit; /* inherit SID from parent entry */
49};
50
51struct file_security_struct {
52 unsigned long magic; /* magic number for this module */
53 struct file *file; /* back pointer to file object */
54 u32 sid; /* SID of open file description */
55 u32 fown_sid; /* SID of file owner (for SIGIO) */
56};
57
58struct superblock_security_struct {
59 unsigned long magic; /* magic number for this module */
60 struct super_block *sb; /* back pointer to sb object */
61 struct list_head list; /* list of superblock_security_struct */
62 u32 sid; /* SID of file system */
63 u32 def_sid; /* default SID for labeling */
64 unsigned int behavior; /* labeling behavior */
65 unsigned char initialized; /* initialization flag */
66 unsigned char proc; /* proc fs */
67 struct semaphore sem;
68 struct list_head isec_head;
69 spinlock_t isec_lock;
70};
71
72struct msg_security_struct {
73 unsigned long magic; /* magic number for this module */
74 struct msg_msg *msg; /* back pointer */
75 u32 sid; /* SID of message */
76};
77
78struct ipc_security_struct {
79 unsigned long magic; /* magic number for this module */
80 struct kern_ipc_perm *ipc_perm; /* back pointer */
81 u16 sclass; /* security class of this object */
82 u32 sid; /* SID of IPC resource */
83};
84
85struct bprm_security_struct {
86 unsigned long magic; /* magic number for this module */
87 struct linux_binprm *bprm; /* back pointer to bprm object */
88 u32 sid; /* SID for transformed process */
89 unsigned char set;
90
91 /*
92 * unsafe is used to share failure information from bprm_apply_creds()
93 * to bprm_post_apply_creds().
94 */
95 char unsafe;
96};
97
98struct netif_security_struct {
99 struct net_device *dev; /* back pointer */
100 u32 if_sid; /* SID for this interface */
101 u32 msg_sid; /* default SID for messages received on this interface */
102};
103
104struct sk_security_struct {
105 unsigned long magic; /* magic number for this module */
106 struct sock *sk; /* back pointer to sk object */
107 u32 peer_sid; /* SID of peer */
108};
109
110extern unsigned int selinux_checkreqprot;
111
112#endif /* _SELINUX_OBJSEC_H_ */
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
new file mode 100644
index 000000000000..fa187c9a351d
--- /dev/null
+++ b/security/selinux/include/security.h
@@ -0,0 +1,97 @@
1/*
2 * Security server interface.
3 *
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5 *
6 */
7
8#ifndef _SELINUX_SECURITY_H_
9#define _SELINUX_SECURITY_H_
10
11#include "flask.h"
12
13#define SECSID_NULL 0x00000000 /* unspecified SID */
14#define SECSID_WILD 0xffffffff /* wildcard SID */
15#define SECCLASS_NULL 0x0000 /* no class */
16
17#define SELINUX_MAGIC 0xf97cff8c
18
19/* Identify specific policy version changes */
20#define POLICYDB_VERSION_BASE 15
21#define POLICYDB_VERSION_BOOL 16
22#define POLICYDB_VERSION_IPV6 17
23#define POLICYDB_VERSION_NLCLASS 18
24#define POLICYDB_VERSION_VALIDATETRANS 19
25#define POLICYDB_VERSION_MLS 19
26
27/* Range of policy versions we understand*/
28#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
29#define POLICYDB_VERSION_MAX POLICYDB_VERSION_MLS
30
31#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
32extern int selinux_enabled;
33#else
34#define selinux_enabled 1
35#endif
36
37extern int selinux_mls_enabled;
38
39int security_load_policy(void * data, size_t len);
40
41struct av_decision {
42 u32 allowed;
43 u32 decided;
44 u32 auditallow;
45 u32 auditdeny;
46 u32 seqno;
47};
48
49int security_compute_av(u32 ssid, u32 tsid,
50 u16 tclass, u32 requested,
51 struct av_decision *avd);
52
53int security_transition_sid(u32 ssid, u32 tsid,
54 u16 tclass, u32 *out_sid);
55
56int security_member_sid(u32 ssid, u32 tsid,
57 u16 tclass, u32 *out_sid);
58
59int security_change_sid(u32 ssid, u32 tsid,
60 u16 tclass, u32 *out_sid);
61
62int security_sid_to_context(u32 sid, char **scontext,
63 u32 *scontext_len);
64
65int security_context_to_sid(char *scontext, u32 scontext_len,
66 u32 *out_sid);
67
68int security_get_user_sids(u32 callsid, char *username,
69 u32 **sids, u32 *nel);
70
71int security_port_sid(u16 domain, u16 type, u8 protocol, u16 port,
72 u32 *out_sid);
73
74int security_netif_sid(char *name, u32 *if_sid,
75 u32 *msg_sid);
76
77int security_node_sid(u16 domain, void *addr, u32 addrlen,
78 u32 *out_sid);
79
80int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
81 u16 tclass);
82
83#define SECURITY_FS_USE_XATTR 1 /* use xattr */
84#define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */
85#define SECURITY_FS_USE_TASK 3 /* use task SIDs, e.g. pipefs/sockfs */
86#define SECURITY_FS_USE_GENFS 4 /* use the genfs support */
87#define SECURITY_FS_USE_NONE 5 /* no labeling support */
88#define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */
89
90int security_fs_use(const char *fstype, unsigned int *behavior,
91 u32 *sid);
92
93int security_genfs_sid(const char *fstype, char *name, u16 sclass,
94 u32 *sid);
95
96#endif /* _SELINUX_SECURITY_H_ */
97