|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define common prefixes for access vectors
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# common common_name { permission_name ... }
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define a common prefix for file access vectors.
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
common file
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
ioctl
|
|
Chris PeBenito |
31b7c0 |
read
|
|
Chris PeBenito |
31b7c0 |
write
|
|
Chris PeBenito |
31b7c0 |
create
|
|
Chris PeBenito |
31b7c0 |
getattr
|
|
Chris PeBenito |
31b7c0 |
setattr
|
|
Chris PeBenito |
31b7c0 |
lock
|
|
Chris PeBenito |
31b7c0 |
relabelfrom
|
|
Chris PeBenito |
31b7c0 |
relabelto
|
|
Chris PeBenito |
31b7c0 |
append
|
|
Chris PeBenito |
31b7c0 |
unlink
|
|
Chris PeBenito |
31b7c0 |
link
|
|
Chris PeBenito |
31b7c0 |
rename
|
|
Chris PeBenito |
31b7c0 |
execute
|
|
Chris PeBenito |
31b7c0 |
swapon
|
|
Chris PeBenito |
31b7c0 |
quotaon
|
|
Chris PeBenito |
31b7c0 |
mounton
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define a common prefix for socket access vectors.
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
common socket
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
# inherited from file
|
|
Chris PeBenito |
31b7c0 |
ioctl
|
|
Chris PeBenito |
31b7c0 |
read
|
|
Chris PeBenito |
31b7c0 |
write
|
|
Chris PeBenito |
31b7c0 |
create
|
|
Chris PeBenito |
31b7c0 |
getattr
|
|
Chris PeBenito |
31b7c0 |
setattr
|
|
Chris PeBenito |
31b7c0 |
lock
|
|
Chris PeBenito |
31b7c0 |
relabelfrom
|
|
Chris PeBenito |
31b7c0 |
relabelto
|
|
Chris PeBenito |
31b7c0 |
append
|
|
Chris PeBenito |
31b7c0 |
# socket-specific
|
|
Chris PeBenito |
31b7c0 |
bind
|
|
Chris PeBenito |
31b7c0 |
connect
|
|
Chris PeBenito |
31b7c0 |
listen
|
|
Chris PeBenito |
31b7c0 |
accept
|
|
Chris PeBenito |
31b7c0 |
getopt
|
|
Chris PeBenito |
31b7c0 |
setopt
|
|
Chris PeBenito |
31b7c0 |
shutdown
|
|
Chris PeBenito |
31b7c0 |
recvfrom
|
|
Chris PeBenito |
31b7c0 |
sendto
|
|
Chris PeBenito |
31b7c0 |
recv_msg
|
|
Chris PeBenito |
31b7c0 |
send_msg
|
|
Chris PeBenito |
31b7c0 |
name_bind
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define a common prefix for ipc access vectors.
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
common ipc
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
create
|
|
Chris PeBenito |
31b7c0 |
destroy
|
|
Chris PeBenito |
31b7c0 |
getattr
|
|
Chris PeBenito |
31b7c0 |
setattr
|
|
Chris PeBenito |
31b7c0 |
read
|
|
Chris PeBenito |
31b7c0 |
write
|
|
Chris PeBenito |
31b7c0 |
associate
|
|
Chris PeBenito |
31b7c0 |
unix_read
|
|
Chris PeBenito |
31b7c0 |
unix_write
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define the access vectors.
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# class class_name [ inherits common_name ] { permission_name ... }
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define the access vector interpretation for file-related objects.
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class filesystem
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
mount
|
|
Chris PeBenito |
31b7c0 |
remount
|
|
Chris PeBenito |
31b7c0 |
unmount
|
|
Chris PeBenito |
31b7c0 |
getattr
|
|
Chris PeBenito |
31b7c0 |
relabelfrom
|
|
Chris PeBenito |
31b7c0 |
relabelto
|
|
Chris PeBenito |
31b7c0 |
transition
|
|
Chris PeBenito |
31b7c0 |
associate
|
|
Chris PeBenito |
31b7c0 |
quotamod
|
|
Chris PeBenito |
31b7c0 |
quotaget
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class dir
|
|
Chris PeBenito |
31b7c0 |
inherits file
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
add_name
|
|
Chris PeBenito |
31b7c0 |
remove_name
|
|
Chris PeBenito |
31b7c0 |
reparent
|
|
Chris PeBenito |
31b7c0 |
search
|
|
Chris PeBenito |
31b7c0 |
rmdir
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class file
|
|
Chris PeBenito |
31b7c0 |
inherits file
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
execute_no_trans
|
|
Chris PeBenito |
31b7c0 |
entrypoint
|
|
Chris PeBenito |
31b7c0 |
execmod
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class lnk_file
|
|
Chris PeBenito |
31b7c0 |
inherits file
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class chr_file
|
|
Chris PeBenito |
31b7c0 |
inherits file
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
execute_no_trans
|
|
Chris PeBenito |
31b7c0 |
entrypoint
|
|
Chris PeBenito |
31b7c0 |
execmod
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class blk_file
|
|
Chris PeBenito |
31b7c0 |
inherits file
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class sock_file
|
|
Chris PeBenito |
31b7c0 |
inherits file
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class fifo_file
|
|
Chris PeBenito |
31b7c0 |
inherits file
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class fd
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
use
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define the access vector interpretation for network-related objects.
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class tcp_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
connectto
|
|
Chris PeBenito |
31b7c0 |
newconn
|
|
Chris PeBenito |
31b7c0 |
acceptfrom
|
|
Chris PeBenito |
31b7c0 |
node_bind
|
|
Chris PeBenito |
31b7c0 |
name_connect
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class udp_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
node_bind
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class rawip_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
node_bind
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class node
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
tcp_recv
|
|
Chris PeBenito |
31b7c0 |
tcp_send
|
|
Chris PeBenito |
31b7c0 |
udp_recv
|
|
Chris PeBenito |
31b7c0 |
udp_send
|
|
Chris PeBenito |
31b7c0 |
rawip_recv
|
|
Chris PeBenito |
31b7c0 |
rawip_send
|
|
Chris PeBenito |
31b7c0 |
enforce_dest
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class netif
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
tcp_recv
|
|
Chris PeBenito |
31b7c0 |
tcp_send
|
|
Chris PeBenito |
31b7c0 |
udp_recv
|
|
Chris PeBenito |
31b7c0 |
udp_send
|
|
Chris PeBenito |
31b7c0 |
rawip_recv
|
|
Chris PeBenito |
31b7c0 |
rawip_send
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class netlink_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class packet_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class key_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class unix_stream_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
connectto
|
|
Chris PeBenito |
31b7c0 |
newconn
|
|
Chris PeBenito |
31b7c0 |
acceptfrom
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class unix_dgram_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define the access vector interpretation for process-related objects
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class process
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
fork
|
|
Chris PeBenito |
31b7c0 |
transition
|
|
Chris PeBenito |
31b7c0 |
sigchld # commonly granted from child to parent
|
|
Chris PeBenito |
31b7c0 |
sigkill # cannot be caught or ignored
|
|
Chris PeBenito |
31b7c0 |
sigstop # cannot be caught or ignored
|
|
Chris PeBenito |
31b7c0 |
signull # for kill(pid, 0)
|
|
Chris PeBenito |
31b7c0 |
signal # all other signals
|
|
Chris PeBenito |
31b7c0 |
ptrace
|
|
Chris PeBenito |
31b7c0 |
getsched
|
|
Chris PeBenito |
31b7c0 |
setsched
|
|
Chris PeBenito |
31b7c0 |
getsession
|
|
Chris PeBenito |
31b7c0 |
getpgid
|
|
Chris PeBenito |
31b7c0 |
setpgid
|
|
Chris PeBenito |
31b7c0 |
getcap
|
|
Chris PeBenito |
31b7c0 |
setcap
|
|
Chris PeBenito |
31b7c0 |
share
|
|
Chris PeBenito |
31b7c0 |
getattr
|
|
Chris PeBenito |
31b7c0 |
setexec
|
|
Chris PeBenito |
31b7c0 |
setfscreate
|
|
Chris PeBenito |
31b7c0 |
noatsecure
|
|
Chris PeBenito |
31b7c0 |
siginh
|
|
Chris PeBenito |
31b7c0 |
setrlimit
|
|
Chris PeBenito |
31b7c0 |
rlimitinh
|
|
Chris PeBenito |
31b7c0 |
dyntransition
|
|
Chris PeBenito |
31b7c0 |
setcurrent
|
|
Chris PeBenito |
31b7c0 |
execmem
|
|
Chris PeBenito |
31b7c0 |
execstack
|
|
Chris PeBenito |
31b7c0 |
execheap
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define the access vector interpretation for ipc-related objects
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class ipc
|
|
Chris PeBenito |
31b7c0 |
inherits ipc
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class sem
|
|
Chris PeBenito |
31b7c0 |
inherits ipc
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class msgq
|
|
Chris PeBenito |
31b7c0 |
inherits ipc
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
enqueue
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class msg
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
send
|
|
Chris PeBenito |
31b7c0 |
receive
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class shm
|
|
Chris PeBenito |
31b7c0 |
inherits ipc
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
lock
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define the access vector interpretation for the security server.
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class security
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
compute_av
|
|
Chris PeBenito |
31b7c0 |
compute_create
|
|
Chris PeBenito |
31b7c0 |
compute_member
|
|
Chris PeBenito |
31b7c0 |
check_context
|
|
Chris PeBenito |
31b7c0 |
load_policy
|
|
Chris PeBenito |
31b7c0 |
compute_relabel
|
|
Chris PeBenito |
31b7c0 |
compute_user
|
|
Chris PeBenito |
31b7c0 |
setenforce # was avc_toggle in system class
|
|
Chris PeBenito |
31b7c0 |
setbool
|
|
Chris PeBenito |
31b7c0 |
setsecparam
|
|
Chris PeBenito |
31b7c0 |
setcheckreqprot
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define the access vector interpretation for system operations.
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class system
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
ipc_info
|
|
Chris PeBenito |
31b7c0 |
syslog_read
|
|
Chris PeBenito |
31b7c0 |
syslog_mod
|
|
Chris PeBenito |
31b7c0 |
syslog_console
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define the access vector interpretation for controling capabilies
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class capability
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
# The capabilities are defined in include/linux/capability.h
|
|
Chris PeBenito |
31b7c0 |
# Care should be taken to ensure that these are consistent with
|
|
Chris PeBenito |
31b7c0 |
# those definitions. (Order matters)
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
chown
|
|
Chris PeBenito |
31b7c0 |
dac_override
|
|
Chris PeBenito |
31b7c0 |
dac_read_search
|
|
Chris PeBenito |
31b7c0 |
fowner
|
|
Chris PeBenito |
31b7c0 |
fsetid
|
|
Chris PeBenito |
31b7c0 |
kill
|
|
Chris PeBenito |
31b7c0 |
setgid
|
|
Chris PeBenito |
31b7c0 |
setuid
|
|
Chris PeBenito |
31b7c0 |
setpcap
|
|
Chris PeBenito |
31b7c0 |
linux_immutable
|
|
Chris PeBenito |
31b7c0 |
net_bind_service
|
|
Chris PeBenito |
31b7c0 |
net_broadcast
|
|
Chris PeBenito |
31b7c0 |
net_admin
|
|
Chris PeBenito |
31b7c0 |
net_raw
|
|
Chris PeBenito |
31b7c0 |
ipc_lock
|
|
Chris PeBenito |
31b7c0 |
ipc_owner
|
|
Chris PeBenito |
31b7c0 |
sys_module
|
|
Chris PeBenito |
31b7c0 |
sys_rawio
|
|
Chris PeBenito |
31b7c0 |
sys_chroot
|
|
Chris PeBenito |
31b7c0 |
sys_ptrace
|
|
Chris PeBenito |
31b7c0 |
sys_pacct
|
|
Chris PeBenito |
31b7c0 |
sys_admin
|
|
Chris PeBenito |
31b7c0 |
sys_boot
|
|
Chris PeBenito |
31b7c0 |
sys_nice
|
|
Chris PeBenito |
31b7c0 |
sys_resource
|
|
Chris PeBenito |
31b7c0 |
sys_time
|
|
Chris PeBenito |
31b7c0 |
sys_tty_config
|
|
Chris PeBenito |
31b7c0 |
mknod
|
|
Chris PeBenito |
31b7c0 |
lease
|
|
Chris PeBenito |
31b7c0 |
audit_write
|
|
Chris PeBenito |
31b7c0 |
audit_control
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define the access vector interpretation for controlling
|
|
Chris PeBenito |
31b7c0 |
# changes to passwd information.
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
class passwd
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
passwd # change another user passwd
|
|
Chris PeBenito |
31b7c0 |
chfn # change another user finger info
|
|
Chris PeBenito |
31b7c0 |
chsh # change another user shell
|
|
Chris PeBenito |
31b7c0 |
rootok # pam_rootok check (skip auth)
|
|
Chris PeBenito |
31b7c0 |
crontab # crontab on another user
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# SE-X Windows stuff
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
class drawable
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
create
|
|
Chris PeBenito |
31b7c0 |
destroy
|
|
Chris PeBenito |
31b7c0 |
draw
|
|
Chris PeBenito |
31b7c0 |
copy
|
|
Chris PeBenito |
31b7c0 |
getattr
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class gc
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
create
|
|
Chris PeBenito |
31b7c0 |
free
|
|
Chris PeBenito |
31b7c0 |
getattr
|
|
Chris PeBenito |
31b7c0 |
setattr
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class window
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
addchild
|
|
Chris PeBenito |
31b7c0 |
create
|
|
Chris PeBenito |
31b7c0 |
destroy
|
|
Chris PeBenito |
31b7c0 |
map
|
|
Chris PeBenito |
31b7c0 |
unmap
|
|
Chris PeBenito |
31b7c0 |
chstack
|
|
Chris PeBenito |
31b7c0 |
chproplist
|
|
Chris PeBenito |
31b7c0 |
chprop
|
|
Chris PeBenito |
31b7c0 |
listprop
|
|
Chris PeBenito |
31b7c0 |
getattr
|
|
Chris PeBenito |
31b7c0 |
setattr
|
|
Chris PeBenito |
31b7c0 |
setfocus
|
|
Chris PeBenito |
31b7c0 |
move
|
|
Chris PeBenito |
31b7c0 |
chselection
|
|
Chris PeBenito |
31b7c0 |
chparent
|
|
Chris PeBenito |
31b7c0 |
ctrllife
|
|
Chris PeBenito |
31b7c0 |
enumerate
|
|
Chris PeBenito |
31b7c0 |
transparent
|
|
Chris PeBenito |
31b7c0 |
mousemotion
|
|
Chris PeBenito |
31b7c0 |
clientcomevent
|
|
Chris PeBenito |
31b7c0 |
inputevent
|
|
Chris PeBenito |
31b7c0 |
drawevent
|
|
Chris PeBenito |
31b7c0 |
windowchangeevent
|
|
Chris PeBenito |
31b7c0 |
windowchangerequest
|
|
Chris PeBenito |
31b7c0 |
serverchangeevent
|
|
Chris PeBenito |
31b7c0 |
extensionevent
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class font
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
load
|
|
Chris PeBenito |
31b7c0 |
free
|
|
Chris PeBenito |
31b7c0 |
getattr
|
|
Chris PeBenito |
31b7c0 |
use
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class colormap
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
create
|
|
Chris PeBenito |
31b7c0 |
free
|
|
Chris PeBenito |
31b7c0 |
install
|
|
Chris PeBenito |
31b7c0 |
uninstall
|
|
Chris PeBenito |
31b7c0 |
list
|
|
Chris PeBenito |
31b7c0 |
read
|
|
Chris PeBenito |
31b7c0 |
store
|
|
Chris PeBenito |
31b7c0 |
getattr
|
|
Chris PeBenito |
31b7c0 |
setattr
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class property
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
create
|
|
Chris PeBenito |
31b7c0 |
free
|
|
Chris PeBenito |
31b7c0 |
read
|
|
Chris PeBenito |
31b7c0 |
write
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class cursor
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
create
|
|
Chris PeBenito |
31b7c0 |
createglyph
|
|
Chris PeBenito |
31b7c0 |
free
|
|
Chris PeBenito |
31b7c0 |
assign
|
|
Chris PeBenito |
31b7c0 |
setattr
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class xclient
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
kill
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class xinput
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
lookup
|
|
Chris PeBenito |
31b7c0 |
getattr
|
|
Chris PeBenito |
31b7c0 |
setattr
|
|
Chris PeBenito |
31b7c0 |
setfocus
|
|
Chris PeBenito |
31b7c0 |
warppointer
|
|
Chris PeBenito |
31b7c0 |
activegrab
|
|
Chris PeBenito |
31b7c0 |
passivegrab
|
|
Chris PeBenito |
31b7c0 |
ungrab
|
|
Chris PeBenito |
31b7c0 |
bell
|
|
Chris PeBenito |
31b7c0 |
mousemotion
|
|
Chris PeBenito |
31b7c0 |
relabelinput
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class xserver
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
screensaver
|
|
Chris PeBenito |
31b7c0 |
gethostlist
|
|
Chris PeBenito |
31b7c0 |
sethostlist
|
|
Chris PeBenito |
31b7c0 |
getfontpath
|
|
Chris PeBenito |
31b7c0 |
setfontpath
|
|
Chris PeBenito |
31b7c0 |
getattr
|
|
Chris PeBenito |
31b7c0 |
grab
|
|
Chris PeBenito |
31b7c0 |
ungrab
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class xextension
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
query
|
|
Chris PeBenito |
31b7c0 |
use
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Define the access vector interpretation for controlling
|
|
Chris PeBenito |
31b7c0 |
# PaX flags
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
class pax
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
pageexec # Paging based non-executable pages
|
|
Chris PeBenito |
31b7c0 |
emutramp # Emulate trampolines
|
|
Chris PeBenito |
31b7c0 |
mprotect # Restrict mprotect()
|
|
Chris PeBenito |
31b7c0 |
randmmap # Randomize mmap() base
|
|
Chris PeBenito |
31b7c0 |
randexec # Randomize ET_EXEC base
|
|
Chris PeBenito |
31b7c0 |
segmexec # Segmentation based non-executable pages
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
# Extended Netlink classes
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
class netlink_route_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
nlmsg_read
|
|
Chris PeBenito |
31b7c0 |
nlmsg_write
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class netlink_firewall_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
nlmsg_read
|
|
Chris PeBenito |
31b7c0 |
nlmsg_write
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class netlink_tcpdiag_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
nlmsg_read
|
|
Chris PeBenito |
31b7c0 |
nlmsg_write
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class netlink_nflog_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class netlink_xfrm_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
nlmsg_read
|
|
Chris PeBenito |
31b7c0 |
nlmsg_write
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class netlink_selinux_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class netlink_audit_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
nlmsg_read
|
|
Chris PeBenito |
31b7c0 |
nlmsg_write
|
|
Chris PeBenito |
31b7c0 |
nlmsg_relay
|
|
Chris PeBenito |
31b7c0 |
nlmsg_readpriv
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class netlink_ip6fw_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
nlmsg_read
|
|
Chris PeBenito |
31b7c0 |
nlmsg_write
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
class netlink_dnrt_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
# Define the access vector interpretation for controlling
|
|
Chris PeBenito |
31b7c0 |
# access and communication through the D-BUS messaging
|
|
Chris PeBenito |
31b7c0 |
# system.
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
class dbus
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
acquire_svc
|
|
Chris PeBenito |
31b7c0 |
send_msg
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
# Define the access vector interpretation for controlling
|
|
Chris PeBenito |
31b7c0 |
# access through the name service cache daemon (nscd).
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
class nscd
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
getpwd
|
|
Chris PeBenito |
31b7c0 |
getgrp
|
|
Chris PeBenito |
31b7c0 |
gethost
|
|
Chris PeBenito |
31b7c0 |
getstat
|
|
Chris PeBenito |
31b7c0 |
admin
|
|
Chris PeBenito |
31b7c0 |
shmempwd
|
|
Chris PeBenito |
31b7c0 |
shmemgrp
|
|
Chris PeBenito |
31b7c0 |
shmemhost
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
# Define the access vector interpretation for controlling
|
|
Chris PeBenito |
31b7c0 |
# access to IPSec network data by association
|
|
Chris PeBenito |
31b7c0 |
#
|
|
Chris PeBenito |
31b7c0 |
class association
|
|
Chris PeBenito |
31b7c0 |
{
|
|
Chris PeBenito |
31b7c0 |
sendto
|
|
Chris PeBenito |
31b7c0 |
recvfrom
|
|
Chris PeBenito |
31b7c0 |
}
|
|
Chris PeBenito |
31b7c0 |
|
|
Chris PeBenito |
31b7c0 |
# Updated Netlink class for KOBJECT_UEVENT family.
|
|
Chris PeBenito |
31b7c0 |
class netlink_kobject_uevent_socket
|
|
Chris PeBenito |
31b7c0 |
inherits socket
|