Chris PeBenito 134191
#
Chris PeBenito 134191
# Define common prefixes for access vectors
Chris PeBenito 134191
#
Chris PeBenito 134191
# common common_name { permission_name ... }
Chris PeBenito 134191
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Define a common prefix for file access vectors.
Chris PeBenito 134191
#
Chris PeBenito 134191
Chris PeBenito 134191
common file
Chris PeBenito 134191
{
Chris PeBenito 134191
	ioctl
Chris PeBenito 134191
	read
Chris PeBenito 134191
	write
Chris PeBenito 134191
	create
Chris PeBenito 134191
	getattr
Chris PeBenito 134191
	setattr
Chris PeBenito 134191
	lock
Chris PeBenito 134191
	relabelfrom
Chris PeBenito 134191
	relabelto
Chris PeBenito 134191
	append
Chris PeBenito 134191
	unlink
Chris PeBenito 134191
	link
Chris PeBenito 134191
	rename
Chris PeBenito 134191
	execute
Chris PeBenito 134191
	swapon
Chris PeBenito 134191
	quotaon
Chris PeBenito 134191
	mounton
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Define a common prefix for socket access vectors.
Chris PeBenito 134191
#
Chris PeBenito 134191
Chris PeBenito 134191
common socket
Chris PeBenito 134191
{
Chris PeBenito 134191
# inherited from file
Chris PeBenito 134191
	ioctl
Chris PeBenito 134191
	read
Chris PeBenito 134191
	write
Chris PeBenito 134191
	create
Chris PeBenito 134191
	getattr
Chris PeBenito 134191
	setattr
Chris PeBenito 134191
	lock
Chris PeBenito 134191
	relabelfrom
Chris PeBenito 134191
	relabelto
Chris PeBenito 134191
	append
Chris PeBenito 134191
# socket-specific
Chris PeBenito 134191
	bind
Chris PeBenito 134191
	connect
Chris PeBenito 134191
	listen
Chris PeBenito 134191
	accept
Chris PeBenito 134191
	getopt
Chris PeBenito 134191
	setopt
Chris PeBenito 134191
	shutdown
Chris PeBenito 134191
	recvfrom
Chris PeBenito 134191
	sendto
Chris PeBenito 134191
	recv_msg
Chris PeBenito 134191
	send_msg
Chris PeBenito 134191
	name_bind
Chris PeBenito 134191
}	
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Define a common prefix for ipc access vectors.
Chris PeBenito 134191
#
Chris PeBenito 134191
Chris PeBenito 134191
common ipc
Chris PeBenito 134191
{
Chris PeBenito 134191
	create
Chris PeBenito 134191
	destroy
Chris PeBenito 134191
	getattr
Chris PeBenito 134191
	setattr
Chris PeBenito 134191
	read
Chris PeBenito 134191
	write
Chris PeBenito 134191
	associate
Chris PeBenito 134191
	unix_read
Chris PeBenito 134191
	unix_write
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 9760cb
#  Define a common prefix for userspace database object access vectors.
Chris PeBenito 9760cb
#
Chris PeBenito 9760cb
Chris PeBenito 9760cb
common database
Chris PeBenito 9760cb
{
Chris PeBenito 9760cb
	create
Chris PeBenito 9760cb
	drop
Chris PeBenito 9760cb
	getattr
Chris PeBenito 9760cb
	setattr
Chris PeBenito 9760cb
	relabelfrom
Chris PeBenito 9760cb
	relabelto
Chris PeBenito 9760cb
}
Chris PeBenito 9760cb
Chris PeBenito 9760cb
#
Chris PeBenito 134191
# Define the access vectors.
Chris PeBenito 134191
#
Chris PeBenito 134191
# class class_name [ inherits common_name ] { permission_name ... }
Chris PeBenito 134191
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Define the access vector interpretation for file-related objects.
Chris PeBenito 134191
#
Chris PeBenito 134191
Chris PeBenito 134191
class filesystem
Chris PeBenito 134191
{
Chris PeBenito 134191
	mount
Chris PeBenito 134191
	remount
Chris PeBenito 134191
	unmount
Chris PeBenito 134191
	getattr
Chris PeBenito 134191
	relabelfrom
Chris PeBenito 134191
	relabelto
Chris PeBenito 134191
	transition
Chris PeBenito 134191
	associate
Chris PeBenito 134191
	quotamod
Chris PeBenito 134191
	quotaget
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class dir
Chris PeBenito 134191
inherits file
Chris PeBenito 134191
{
Chris PeBenito 134191
	add_name
Chris PeBenito 134191
	remove_name
Chris PeBenito 134191
	reparent
Chris PeBenito 134191
	search
Chris PeBenito 134191
	rmdir
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class file
Chris PeBenito 134191
inherits file
Chris PeBenito 134191
{
Chris PeBenito 134191
	execute_no_trans
Chris PeBenito 134191
	entrypoint
Chris PeBenito 134191
	execmod
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class lnk_file
Chris PeBenito 134191
inherits file
Chris PeBenito 134191
Chris PeBenito 134191
class chr_file
Chris PeBenito 134191
inherits file
Chris PeBenito 134191
{
Chris PeBenito 134191
	execute_no_trans
Chris PeBenito 134191
	entrypoint
Chris PeBenito 134191
	execmod
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class blk_file
Chris PeBenito 134191
inherits file
Chris PeBenito 134191
Chris PeBenito 134191
class sock_file
Chris PeBenito 134191
inherits file
Chris PeBenito 134191
Chris PeBenito 134191
class fifo_file
Chris PeBenito 134191
inherits file
Chris PeBenito 134191
Chris PeBenito 134191
class fd
Chris PeBenito 134191
{
Chris PeBenito 134191
	use
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Define the access vector interpretation for network-related objects.
Chris PeBenito 134191
#
Chris PeBenito 134191
Chris PeBenito 134191
class socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
Chris PeBenito 134191
class tcp_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
{
Chris PeBenito 134191
	connectto
Chris PeBenito 134191
	newconn
Chris PeBenito 134191
	acceptfrom
Chris PeBenito 134191
	node_bind
Chris PeBenito 134191
	name_connect
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class udp_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
{
Chris PeBenito 134191
	node_bind
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class rawip_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
{
Chris PeBenito 134191
	node_bind
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class node 
Chris PeBenito 134191
{
Chris PeBenito 134191
	tcp_recv
Chris PeBenito 134191
	tcp_send
Chris PeBenito 134191
	udp_recv
Chris PeBenito 134191
	udp_send
Chris PeBenito 134191
	rawip_recv
Chris PeBenito 134191
	rawip_send
Chris PeBenito 134191
	enforce_dest
Chris PeBenito a715dc
	dccp_recv
Chris PeBenito a715dc
	dccp_send
Chris PeBenito f3da31
	recvfrom
Chris PeBenito f3da31
	sendto
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class netif
Chris PeBenito 134191
{
Chris PeBenito 134191
	tcp_recv
Chris PeBenito 134191
	tcp_send
Chris PeBenito 134191
	udp_recv
Chris PeBenito 134191
	udp_send
Chris PeBenito 134191
	rawip_recv
Chris PeBenito 134191
	rawip_send
Chris PeBenito a715dc
	dccp_recv
Chris PeBenito a715dc
	dccp_send
Chris PeBenito f3da31
	ingress
Chris PeBenito f3da31
	egress
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class netlink_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
Chris PeBenito 134191
class packet_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
Chris PeBenito 134191
class key_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
Chris PeBenito 134191
class unix_stream_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
{
Chris PeBenito 134191
	connectto
Chris PeBenito 134191
	newconn
Chris PeBenito 134191
	acceptfrom
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class unix_dgram_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Define the access vector interpretation for process-related objects
Chris PeBenito 134191
#
Chris PeBenito 134191
Chris PeBenito 134191
class process
Chris PeBenito 134191
{
Chris PeBenito 134191
	fork
Chris PeBenito 134191
	transition
Chris PeBenito 134191
	sigchld # commonly granted from child to parent
Chris PeBenito 134191
	sigkill # cannot be caught or ignored
Chris PeBenito 134191
	sigstop # cannot be caught or ignored
Chris PeBenito 134191
	signull # for kill(pid, 0)
Chris PeBenito 134191
	signal  # all other signals
Chris PeBenito 134191
	ptrace
Chris PeBenito 134191
	getsched
Chris PeBenito 134191
	setsched
Chris PeBenito 134191
	getsession
Chris PeBenito 134191
	getpgid
Chris PeBenito 134191
	setpgid
Chris PeBenito 134191
	getcap
Chris PeBenito 134191
	setcap
Chris PeBenito 134191
	share
Chris PeBenito 134191
	getattr
Chris PeBenito 134191
	setexec
Chris PeBenito 134191
	setfscreate
Chris PeBenito 134191
	noatsecure
Chris PeBenito 134191
	siginh
Chris PeBenito 134191
	setrlimit
Chris PeBenito 134191
	rlimitinh
Chris PeBenito 134191
	dyntransition
Chris PeBenito 134191
	setcurrent
Chris PeBenito 134191
	execmem
Chris PeBenito 134191
	execstack
Chris PeBenito 134191
	execheap
Chris PeBenito fe3a1e
	setkeycreate
Chris PeBenito a8671a
	setsockcreate
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Define the access vector interpretation for ipc-related objects
Chris PeBenito 134191
#
Chris PeBenito 134191
Chris PeBenito 134191
class ipc
Chris PeBenito 134191
inherits ipc
Chris PeBenito 134191
Chris PeBenito 134191
class sem
Chris PeBenito 134191
inherits ipc
Chris PeBenito 134191
Chris PeBenito 134191
class msgq
Chris PeBenito 134191
inherits ipc
Chris PeBenito 134191
{
Chris PeBenito 134191
	enqueue
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class msg
Chris PeBenito 134191
{
Chris PeBenito 134191
	send
Chris PeBenito 134191
	receive
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class shm
Chris PeBenito 134191
inherits ipc
Chris PeBenito 134191
{
Chris PeBenito 134191
	lock
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Define the access vector interpretation for the security server. 
Chris PeBenito 134191
#
Chris PeBenito 134191
Chris PeBenito 134191
class security
Chris PeBenito 134191
{
Chris PeBenito 134191
	compute_av
Chris PeBenito 134191
	compute_create
Chris PeBenito 134191
	compute_member
Chris PeBenito 134191
	check_context
Chris PeBenito 134191
	load_policy
Chris PeBenito 134191
	compute_relabel
Chris PeBenito 134191
	compute_user
Chris PeBenito 134191
	setenforce     # was avc_toggle in system class
Chris PeBenito 134191
	setbool
Chris PeBenito 134191
	setsecparam
Chris PeBenito 134191
	setcheckreqprot
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Define the access vector interpretation for system operations.
Chris PeBenito 134191
#
Chris PeBenito 134191
Chris PeBenito 134191
class system
Chris PeBenito 134191
{
Chris PeBenito 134191
	ipc_info
Chris PeBenito 134191
	syslog_read  
Chris PeBenito 134191
	syslog_mod
Chris PeBenito 134191
	syslog_console
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Define the access vector interpretation for controling capabilies
Chris PeBenito 134191
#
Chris PeBenito 134191
Chris PeBenito 134191
class capability
Chris PeBenito 134191
{
Chris PeBenito 134191
	# The capabilities are defined in include/linux/capability.h
Chris PeBenito 134191
	# Care should be taken to ensure that these are consistent with
Chris PeBenito 134191
	# those definitions. (Order matters)
Chris PeBenito 134191
Chris PeBenito 134191
	chown           
Chris PeBenito 134191
	dac_override    
Chris PeBenito 134191
	dac_read_search 
Chris PeBenito 134191
	fowner          
Chris PeBenito 134191
	fsetid          
Chris PeBenito 134191
	kill            
Chris PeBenito 134191
	setgid           
Chris PeBenito 134191
	setuid           
Chris PeBenito 134191
	setpcap          
Chris PeBenito 134191
	linux_immutable  
Chris PeBenito 134191
	net_bind_service 
Chris PeBenito 134191
	net_broadcast    
Chris PeBenito 134191
	net_admin        
Chris PeBenito 134191
	net_raw          
Chris PeBenito 134191
	ipc_lock         
Chris PeBenito 134191
	ipc_owner        
Chris PeBenito 134191
	sys_module       
Chris PeBenito 134191
	sys_rawio        
Chris PeBenito 134191
	sys_chroot       
Chris PeBenito 134191
	sys_ptrace       
Chris PeBenito 134191
	sys_pacct        
Chris PeBenito 134191
	sys_admin        
Chris PeBenito 134191
	sys_boot         
Chris PeBenito 134191
	sys_nice         
Chris PeBenito 134191
	sys_resource     
Chris PeBenito 134191
	sys_time         
Chris PeBenito 134191
	sys_tty_config  
Chris PeBenito 134191
	mknod
Chris PeBenito 134191
	lease
Chris PeBenito 134191
	audit_write
Chris PeBenito 134191
	audit_control
Chris PeBenito d4623f
	setfcap
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Define the access vector interpretation for controlling
Chris PeBenito 134191
# changes to passwd information.
Chris PeBenito 134191
#
Chris PeBenito 134191
class passwd
Chris PeBenito 134191
{
Chris PeBenito 134191
	passwd	# change another user passwd
Chris PeBenito 134191
	chfn	# change another user finger info
Chris PeBenito 134191
	chsh	# change another user shell
Chris PeBenito 134191
	rootok  # pam_rootok check (skip auth)
Chris PeBenito 134191
	crontab # crontab on another user
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# SE-X Windows stuff
Chris PeBenito 134191
#
Chris PeBenito 134191
class drawable
Chris PeBenito 134191
{
Chris PeBenito 134191
	create
Chris PeBenito 134191
	destroy
Chris PeBenito 134191
	draw
Chris PeBenito 134191
	copy
Chris PeBenito 134191
	getattr
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class gc
Chris PeBenito 134191
{
Chris PeBenito 134191
	create
Chris PeBenito 134191
	free
Chris PeBenito 134191
	getattr
Chris PeBenito 134191
	setattr
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class window 
Chris PeBenito 134191
{
Chris PeBenito 134191
	addchild
Chris PeBenito 134191
	create
Chris PeBenito 134191
	destroy
Chris PeBenito 134191
	map
Chris PeBenito 134191
	unmap
Chris PeBenito 134191
	chstack
Chris PeBenito 134191
	chproplist
Chris PeBenito 134191
	chprop	
Chris PeBenito 134191
	listprop
Chris PeBenito 134191
	getattr
Chris PeBenito 134191
	setattr
Chris PeBenito 134191
	setfocus
Chris PeBenito 134191
	move
Chris PeBenito 134191
	chselection
Chris PeBenito 134191
	chparent
Chris PeBenito 134191
	ctrllife
Chris PeBenito 134191
	enumerate
Chris PeBenito 134191
	transparent
Chris PeBenito 134191
	mousemotion
Chris PeBenito 134191
	clientcomevent
Chris PeBenito 134191
	inputevent
Chris PeBenito 134191
	drawevent
Chris PeBenito 134191
	windowchangeevent
Chris PeBenito 134191
	windowchangerequest
Chris PeBenito 134191
	serverchangeevent
Chris PeBenito 134191
	extensionevent
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class font
Chris PeBenito 134191
{
Chris PeBenito 134191
	load
Chris PeBenito 134191
	free
Chris PeBenito 134191
	getattr
Chris PeBenito 134191
	use
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class colormap
Chris PeBenito 134191
{
Chris PeBenito 134191
	create
Chris PeBenito 134191
	free
Chris PeBenito 134191
	install
Chris PeBenito 134191
	uninstall
Chris PeBenito 134191
	list
Chris PeBenito 134191
	read
Chris PeBenito 134191
	store
Chris PeBenito 134191
	getattr
Chris PeBenito 134191
	setattr
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class property
Chris PeBenito 134191
{
Chris PeBenito 134191
	create
Chris PeBenito 134191
	free
Chris PeBenito 134191
	read
Chris PeBenito 134191
	write
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class cursor
Chris PeBenito 134191
{
Chris PeBenito 134191
	create
Chris PeBenito 134191
	createglyph
Chris PeBenito 134191
	free
Chris PeBenito 134191
	assign
Chris PeBenito 134191
	setattr
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class xclient
Chris PeBenito 134191
{
Chris PeBenito 134191
	kill
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class xinput
Chris PeBenito 134191
{
Chris PeBenito 134191
	lookup
Chris PeBenito 134191
	getattr
Chris PeBenito 134191
	setattr
Chris PeBenito 134191
	setfocus
Chris PeBenito 134191
	warppointer
Chris PeBenito 134191
	activegrab
Chris PeBenito 134191
	passivegrab
Chris PeBenito 134191
	ungrab
Chris PeBenito 134191
	bell
Chris PeBenito 134191
	mousemotion
Chris PeBenito 134191
	relabelinput
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class xserver
Chris PeBenito 134191
{
Chris PeBenito 134191
	screensaver
Chris PeBenito 134191
	gethostlist
Chris PeBenito 134191
	sethostlist
Chris PeBenito 134191
	getfontpath
Chris PeBenito 134191
	setfontpath
Chris PeBenito 134191
	getattr
Chris PeBenito 134191
	grab
Chris PeBenito 134191
	ungrab
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class xextension
Chris PeBenito 134191
{
Chris PeBenito 134191
	query
Chris PeBenito 134191
	use
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Define the access vector interpretation for controlling
Chris PeBenito 134191
# PaX flags
Chris PeBenito 134191
#
Chris PeBenito 134191
class pax
Chris PeBenito 134191
{
Chris PeBenito 134191
	pageexec	# Paging based non-executable pages
Chris PeBenito 134191
	emutramp	# Emulate trampolines
Chris PeBenito 134191
	mprotect	# Restrict mprotect()
Chris PeBenito 134191
	randmmap	# Randomize mmap() base
Chris PeBenito 134191
	randexec	# Randomize ET_EXEC base
Chris PeBenito 134191
	segmexec	# Segmentation based non-executable pages
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
#
Chris PeBenito 134191
# Extended Netlink classes
Chris PeBenito 134191
#
Chris PeBenito 134191
class netlink_route_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
{
Chris PeBenito 134191
	nlmsg_read
Chris PeBenito 134191
	nlmsg_write
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class netlink_firewall_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
{
Chris PeBenito 134191
	nlmsg_read
Chris PeBenito 134191
	nlmsg_write
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class netlink_tcpdiag_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
{
Chris PeBenito 134191
	nlmsg_read
Chris PeBenito 134191
	nlmsg_write
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class netlink_nflog_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
Chris PeBenito 134191
class netlink_xfrm_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
{
Chris PeBenito 134191
	nlmsg_read
Chris PeBenito 134191
	nlmsg_write
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class netlink_selinux_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
Chris PeBenito 134191
class netlink_audit_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
{
Chris PeBenito 134191
	nlmsg_read
Chris PeBenito 134191
	nlmsg_write
Chris PeBenito 134191
	nlmsg_relay
Chris PeBenito 134191
	nlmsg_readpriv
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class netlink_ip6fw_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
{
Chris PeBenito 134191
	nlmsg_read
Chris PeBenito 134191
	nlmsg_write
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
class netlink_dnrt_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito 134191
Chris PeBenito 134191
# Define the access vector interpretation for controlling
Chris PeBenito 134191
# access and communication through the D-BUS messaging
Chris PeBenito 134191
# system.
Chris PeBenito 134191
#
Chris PeBenito 134191
class dbus
Chris PeBenito 134191
{
Chris PeBenito 134191
	acquire_svc
Chris PeBenito 134191
	send_msg
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
# Define the access vector interpretation for controlling
Chris PeBenito 134191
# access through the name service cache daemon (nscd).
Chris PeBenito 134191
#
Chris PeBenito 134191
class nscd
Chris PeBenito 134191
{
Chris PeBenito 134191
	getpwd
Chris PeBenito 134191
	getgrp
Chris PeBenito 134191
	gethost
Chris PeBenito 134191
	getstat
Chris PeBenito 134191
	admin
Chris PeBenito 4d0d41
	shmempwd
Chris PeBenito 4d0d41
	shmemgrp
Chris PeBenito 4d0d41
	shmemhost
Chris PeBenito 924f3c
	getserv
Chris PeBenito 924f3c
	shmemserv
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
# Define the access vector interpretation for controlling
Chris PeBenito 134191
# access to IPSec network data by association
Chris PeBenito 134191
#
Chris PeBenito 134191
class association
Chris PeBenito 134191
{
Chris PeBenito 4d0d41
	sendto
Chris PeBenito 4d0d41
	recvfrom
Chris PeBenito 765bd9
	setcontext
Chris PeBenito 9b45c6
	polmatch
Chris PeBenito 134191
}
Chris PeBenito 134191
Chris PeBenito 134191
# Updated Netlink class for KOBJECT_UEVENT family.
Chris PeBenito 134191
class netlink_kobject_uevent_socket
Chris PeBenito 134191
inherits socket
Chris PeBenito f40b22
Chris PeBenito f40b22
class appletalk_socket
Chris PeBenito f40b22
inherits socket
Chris PeBenito c55b6f
Chris PeBenito c55b6f
class packet
Chris PeBenito c55b6f
{
Chris PeBenito c55b6f
	send
Chris PeBenito c55b6f
	recv
Chris PeBenito c55b6f
	relabelto
Chris PeBenito c55b6f
}
Chris PeBenito fe3a1e
Chris PeBenito fe3a1e
class key
Chris PeBenito fe3a1e
{
Chris PeBenito fe3a1e
	view
Chris PeBenito fe3a1e
	read
Chris PeBenito fe3a1e
	write
Chris PeBenito fe3a1e
	search
Chris PeBenito fe3a1e
	link
Chris PeBenito fe3a1e
	setattr
Chris PeBenito fe3a1e
	create
Chris PeBenito fe3a1e
}
Chris PeBenito a8671a
Chris PeBenito a8671a
class context
Chris PeBenito a8671a
{
Chris PeBenito a8671a
	translate
Chris PeBenito c6a60b
	contains
Chris PeBenito a8671a
}
Chris PeBenito a715dc
Chris PeBenito a715dc
class dccp_socket
Chris PeBenito a715dc
inherits socket
Chris PeBenito a715dc
{
Chris PeBenito a715dc
	node_bind
Chris PeBenito a715dc
	name_connect
Chris PeBenito a715dc
}
Chris PeBenito 41337a
Chris PeBenito 41337a
class memprotect
Chris PeBenito 41337a
{
Chris PeBenito 41337a
	mmap_zero
Chris PeBenito 41337a
}
Chris PeBenito 9760cb
Chris PeBenito 9760cb
class db_database
Chris PeBenito 9760cb
inherits database
Chris PeBenito 9760cb
{
Chris PeBenito 9760cb
	access
Chris PeBenito 9760cb
	install_module
Chris PeBenito 9760cb
	load_module
Chris PeBenito 9760cb
	get_param
Chris PeBenito 9760cb
	set_param
Chris PeBenito 9760cb
}
Chris PeBenito 9760cb
Chris PeBenito 9760cb
class db_table
Chris PeBenito 9760cb
inherits database
Chris PeBenito 9760cb
{
Chris PeBenito 9760cb
	use
Chris PeBenito 9760cb
	select
Chris PeBenito 9760cb
	update
Chris PeBenito 9760cb
	insert
Chris PeBenito 9760cb
	delete
Chris PeBenito 9760cb
	lock
Chris PeBenito 9760cb
}
Chris PeBenito 9760cb
Chris PeBenito 9760cb
class db_procedure
Chris PeBenito 9760cb
inherits database
Chris PeBenito 9760cb
{
Chris PeBenito 9760cb
	execute
Chris PeBenito 9760cb
	entrypoint
Chris PeBenito 9760cb
}
Chris PeBenito 9760cb
Chris PeBenito 9760cb
class db_column
Chris PeBenito 9760cb
inherits database
Chris PeBenito 9760cb
{
Chris PeBenito 9760cb
	use
Chris PeBenito 9760cb
	select
Chris PeBenito 9760cb
	update
Chris PeBenito 9760cb
	insert
Chris PeBenito 9760cb
}
Chris PeBenito 9760cb
Chris PeBenito 9760cb
class db_tuple
Chris PeBenito 9760cb
{
Chris PeBenito 9760cb
	relabelfrom
Chris PeBenito 9760cb
	relabelto
Chris PeBenito 9760cb
	use
Chris PeBenito 9760cb
	select
Chris PeBenito 9760cb
	update
Chris PeBenito 9760cb
	insert
Chris PeBenito 9760cb
	delete
Chris PeBenito 9760cb
}
Chris PeBenito 9760cb
Chris PeBenito 9760cb
class db_blob
Chris PeBenito 9760cb
inherits database
Chris PeBenito 9760cb
{
Chris PeBenito 9760cb
	read
Chris PeBenito 9760cb
	write
Chris PeBenito 9760cb
	import
Chris PeBenito 9760cb
	export
Chris PeBenito 9760cb
}
Chris PeBenito f3da31
Chris PeBenito f3da31
# network peer labels
Chris PeBenito f3da31
class peer
Chris PeBenito f3da31
{
Chris PeBenito f3da31
	recv
Chris PeBenito f3da31
}