|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Define common prefixes for access vectors
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# common common_name { permission_name ... }
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Define a common prefix for file access vectors.
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
common file
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
ioctl
|
|
Chris PeBenito |
134191 |
read
|
|
Chris PeBenito |
134191 |
write
|
|
Chris PeBenito |
134191 |
create
|
|
Chris PeBenito |
134191 |
getattr
|
|
Chris PeBenito |
134191 |
setattr
|
|
Chris PeBenito |
134191 |
lock
|
|
Chris PeBenito |
134191 |
relabelfrom
|
|
Chris PeBenito |
134191 |
relabelto
|
|
Chris PeBenito |
134191 |
append
|
|
Chris PeBenito |
134191 |
unlink
|
|
Chris PeBenito |
134191 |
link
|
|
Chris PeBenito |
134191 |
rename
|
|
Chris PeBenito |
134191 |
execute
|
|
Chris PeBenito |
134191 |
swapon
|
|
Chris PeBenito |
134191 |
quotaon
|
|
Chris PeBenito |
134191 |
mounton
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Define a common prefix for socket access vectors.
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
common socket
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
# inherited from file
|
|
Chris PeBenito |
134191 |
ioctl
|
|
Chris PeBenito |
134191 |
read
|
|
Chris PeBenito |
134191 |
write
|
|
Chris PeBenito |
134191 |
create
|
|
Chris PeBenito |
134191 |
getattr
|
|
Chris PeBenito |
134191 |
setattr
|
|
Chris PeBenito |
134191 |
lock
|
|
Chris PeBenito |
134191 |
relabelfrom
|
|
Chris PeBenito |
134191 |
relabelto
|
|
Chris PeBenito |
134191 |
append
|
|
Chris PeBenito |
134191 |
# socket-specific
|
|
Chris PeBenito |
134191 |
bind
|
|
Chris PeBenito |
134191 |
connect
|
|
Chris PeBenito |
134191 |
listen
|
|
Chris PeBenito |
134191 |
accept
|
|
Chris PeBenito |
134191 |
getopt
|
|
Chris PeBenito |
134191 |
setopt
|
|
Chris PeBenito |
134191 |
shutdown
|
|
Chris PeBenito |
134191 |
recvfrom
|
|
Chris PeBenito |
134191 |
sendto
|
|
Chris PeBenito |
134191 |
recv_msg
|
|
Chris PeBenito |
134191 |
send_msg
|
|
Chris PeBenito |
134191 |
name_bind
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Define a common prefix for ipc access vectors.
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
common ipc
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
create
|
|
Chris PeBenito |
134191 |
destroy
|
|
Chris PeBenito |
134191 |
getattr
|
|
Chris PeBenito |
134191 |
setattr
|
|
Chris PeBenito |
134191 |
read
|
|
Chris PeBenito |
134191 |
write
|
|
Chris PeBenito |
134191 |
associate
|
|
Chris PeBenito |
134191 |
unix_read
|
|
Chris PeBenito |
134191 |
unix_write
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
9760cb |
# Define a common prefix for userspace database object access vectors.
|
|
Chris PeBenito |
9760cb |
#
|
|
Chris PeBenito |
9760cb |
|
|
Chris PeBenito |
9760cb |
common database
|
|
Chris PeBenito |
9760cb |
{
|
|
Chris PeBenito |
9760cb |
create
|
|
Chris PeBenito |
9760cb |
drop
|
|
Chris PeBenito |
9760cb |
getattr
|
|
Chris PeBenito |
9760cb |
setattr
|
|
Chris PeBenito |
9760cb |
relabelfrom
|
|
Chris PeBenito |
9760cb |
relabelto
|
|
Chris PeBenito |
9760cb |
}
|
|
Chris PeBenito |
9760cb |
|
|
Chris PeBenito |
9760cb |
#
|
|
Eamon Walsh |
e4928c |
# Define a common prefix for pointer and keyboard access vectors.
|
|
Eamon Walsh |
e4928c |
#
|
|
Eamon Walsh |
e4928c |
|
|
Eamon Walsh |
e4928c |
common x_device
|
|
Eamon Walsh |
e4928c |
{
|
|
Eamon Walsh |
e4928c |
getattr
|
|
Eamon Walsh |
e4928c |
setattr
|
|
Eamon Walsh |
e4928c |
use
|
|
Eamon Walsh |
e4928c |
read
|
|
Eamon Walsh |
e4928c |
write
|
|
Eamon Walsh |
e4928c |
getfocus
|
|
Eamon Walsh |
e4928c |
setfocus
|
|
Eamon Walsh |
e4928c |
bell
|
|
Eamon Walsh |
e4928c |
force_cursor
|
|
Eamon Walsh |
e4928c |
freeze
|
|
Eamon Walsh |
e4928c |
grab
|
|
Eamon Walsh |
e4928c |
manage
|
|
Eamon Walsh |
e4928c |
list_property
|
|
Eamon Walsh |
e4928c |
get_property
|
|
Eamon Walsh |
e4928c |
set_property
|
|
Eamon Walsh |
e4928c |
add
|
|
Eamon Walsh |
e4928c |
remove
|
|
Eamon Walsh |
e4928c |
create
|
|
Eamon Walsh |
e4928c |
destroy
|
|
Eamon Walsh |
e4928c |
}
|
|
Eamon Walsh |
e4928c |
|
|
Eamon Walsh |
e4928c |
#
|
|
Chris PeBenito |
134191 |
# Define the access vectors.
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# class class_name [ inherits common_name ] { permission_name ... }
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Define the access vector interpretation for file-related objects.
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class filesystem
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
mount
|
|
Chris PeBenito |
134191 |
remount
|
|
Chris PeBenito |
134191 |
unmount
|
|
Chris PeBenito |
134191 |
getattr
|
|
Chris PeBenito |
134191 |
relabelfrom
|
|
Chris PeBenito |
134191 |
relabelto
|
|
Chris PeBenito |
134191 |
transition
|
|
Chris PeBenito |
134191 |
associate
|
|
Chris PeBenito |
134191 |
quotamod
|
|
Chris PeBenito |
134191 |
quotaget
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class dir
|
|
Chris PeBenito |
134191 |
inherits file
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
add_name
|
|
Chris PeBenito |
134191 |
remove_name
|
|
Chris PeBenito |
134191 |
reparent
|
|
Chris PeBenito |
134191 |
search
|
|
Chris PeBenito |
134191 |
rmdir
|
|
Chris PeBenito |
210607 |
open
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class file
|
|
Chris PeBenito |
134191 |
inherits file
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
execute_no_trans
|
|
Chris PeBenito |
134191 |
entrypoint
|
|
Chris PeBenito |
134191 |
execmod
|
|
Chris PeBenito |
210607 |
open
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class lnk_file
|
|
Chris PeBenito |
134191 |
inherits file
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class chr_file
|
|
Chris PeBenito |
134191 |
inherits file
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
execute_no_trans
|
|
Chris PeBenito |
134191 |
entrypoint
|
|
Chris PeBenito |
134191 |
execmod
|
|
Chris PeBenito |
210607 |
open
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class blk_file
|
|
Chris PeBenito |
134191 |
inherits file
|
|
Chris PeBenito |
210607 |
{
|
|
Chris PeBenito |
210607 |
open
|
|
Chris PeBenito |
210607 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class sock_file
|
|
Chris PeBenito |
134191 |
inherits file
|
|
Chris PeBenito |
d3cdc3 |
{
|
|
Chris PeBenito |
d3cdc3 |
open
|
|
Chris PeBenito |
d3cdc3 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class fifo_file
|
|
Chris PeBenito |
134191 |
inherits file
|
|
Chris PeBenito |
210607 |
{
|
|
Chris PeBenito |
210607 |
open
|
|
Chris PeBenito |
210607 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class fd
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
use
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Define the access vector interpretation for network-related objects.
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class tcp_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
connectto
|
|
Chris PeBenito |
134191 |
newconn
|
|
Chris PeBenito |
134191 |
acceptfrom
|
|
Chris PeBenito |
134191 |
node_bind
|
|
Chris PeBenito |
134191 |
name_connect
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class udp_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
node_bind
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class rawip_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
node_bind
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class node
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
tcp_recv
|
|
Chris PeBenito |
134191 |
tcp_send
|
|
Chris PeBenito |
134191 |
udp_recv
|
|
Chris PeBenito |
134191 |
udp_send
|
|
Chris PeBenito |
134191 |
rawip_recv
|
|
Chris PeBenito |
134191 |
rawip_send
|
|
Chris PeBenito |
134191 |
enforce_dest
|
|
Chris PeBenito |
a715dc |
dccp_recv
|
|
Chris PeBenito |
a715dc |
dccp_send
|
|
Chris PeBenito |
f3da31 |
recvfrom
|
|
Chris PeBenito |
f3da31 |
sendto
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class netif
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
tcp_recv
|
|
Chris PeBenito |
134191 |
tcp_send
|
|
Chris PeBenito |
134191 |
udp_recv
|
|
Chris PeBenito |
134191 |
udp_send
|
|
Chris PeBenito |
134191 |
rawip_recv
|
|
Chris PeBenito |
134191 |
rawip_send
|
|
Chris PeBenito |
a715dc |
dccp_recv
|
|
Chris PeBenito |
a715dc |
dccp_send
|
|
Chris PeBenito |
f3da31 |
ingress
|
|
Chris PeBenito |
f3da31 |
egress
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class netlink_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class packet_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class key_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class unix_stream_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
connectto
|
|
Chris PeBenito |
134191 |
newconn
|
|
Chris PeBenito |
134191 |
acceptfrom
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class unix_dgram_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Define the access vector interpretation for process-related objects
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class process
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
fork
|
|
Chris PeBenito |
134191 |
transition
|
|
Chris PeBenito |
134191 |
sigchld # commonly granted from child to parent
|
|
Chris PeBenito |
134191 |
sigkill # cannot be caught or ignored
|
|
Chris PeBenito |
134191 |
sigstop # cannot be caught or ignored
|
|
Chris PeBenito |
134191 |
signull # for kill(pid, 0)
|
|
Chris PeBenito |
134191 |
signal # all other signals
|
|
Chris PeBenito |
134191 |
ptrace
|
|
Chris PeBenito |
134191 |
getsched
|
|
Chris PeBenito |
134191 |
setsched
|
|
Chris PeBenito |
134191 |
getsession
|
|
Chris PeBenito |
134191 |
getpgid
|
|
Chris PeBenito |
134191 |
setpgid
|
|
Chris PeBenito |
134191 |
getcap
|
|
Chris PeBenito |
134191 |
setcap
|
|
Chris PeBenito |
134191 |
share
|
|
Chris PeBenito |
134191 |
getattr
|
|
Chris PeBenito |
134191 |
setexec
|
|
Chris PeBenito |
134191 |
setfscreate
|
|
Chris PeBenito |
134191 |
noatsecure
|
|
Chris PeBenito |
134191 |
siginh
|
|
Chris PeBenito |
134191 |
setrlimit
|
|
Chris PeBenito |
134191 |
rlimitinh
|
|
Chris PeBenito |
134191 |
dyntransition
|
|
Chris PeBenito |
134191 |
setcurrent
|
|
Chris PeBenito |
134191 |
execmem
|
|
Chris PeBenito |
134191 |
execstack
|
|
Chris PeBenito |
134191 |
execheap
|
|
Chris PeBenito |
fe3a1e |
setkeycreate
|
|
Chris PeBenito |
a8671a |
setsockcreate
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Define the access vector interpretation for ipc-related objects
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class ipc
|
|
Chris PeBenito |
134191 |
inherits ipc
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class sem
|
|
Chris PeBenito |
134191 |
inherits ipc
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class msgq
|
|
Chris PeBenito |
134191 |
inherits ipc
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
enqueue
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class msg
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
send
|
|
Chris PeBenito |
134191 |
receive
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class shm
|
|
Chris PeBenito |
134191 |
inherits ipc
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
lock
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Define the access vector interpretation for the security server.
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class security
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
compute_av
|
|
Chris PeBenito |
134191 |
compute_create
|
|
Chris PeBenito |
134191 |
compute_member
|
|
Chris PeBenito |
134191 |
check_context
|
|
Chris PeBenito |
134191 |
load_policy
|
|
Chris PeBenito |
134191 |
compute_relabel
|
|
Chris PeBenito |
134191 |
compute_user
|
|
Chris PeBenito |
134191 |
setenforce # was avc_toggle in system class
|
|
Chris PeBenito |
134191 |
setbool
|
|
Chris PeBenito |
134191 |
setsecparam
|
|
Chris PeBenito |
134191 |
setcheckreqprot
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Define the access vector interpretation for system operations.
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class system
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
ipc_info
|
|
Chris PeBenito |
134191 |
syslog_read
|
|
Chris PeBenito |
134191 |
syslog_mod
|
|
Chris PeBenito |
134191 |
syslog_console
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Define the access vector interpretation for controling capabilies
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class capability
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
# The capabilities are defined in include/linux/capability.h
|
|
Chris PeBenito |
8b9ffe |
# Capabilities >= 32 are defined in the capability2 class.
|
|
Chris PeBenito |
134191 |
# Care should be taken to ensure that these are consistent with
|
|
Chris PeBenito |
134191 |
# those definitions. (Order matters)
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
chown
|
|
Chris PeBenito |
134191 |
dac_override
|
|
Chris PeBenito |
134191 |
dac_read_search
|
|
Chris PeBenito |
134191 |
fowner
|
|
Chris PeBenito |
134191 |
fsetid
|
|
Chris PeBenito |
134191 |
kill
|
|
Chris PeBenito |
134191 |
setgid
|
|
Chris PeBenito |
134191 |
setuid
|
|
Chris PeBenito |
134191 |
setpcap
|
|
Chris PeBenito |
134191 |
linux_immutable
|
|
Chris PeBenito |
134191 |
net_bind_service
|
|
Chris PeBenito |
134191 |
net_broadcast
|
|
Chris PeBenito |
134191 |
net_admin
|
|
Chris PeBenito |
134191 |
net_raw
|
|
Chris PeBenito |
134191 |
ipc_lock
|
|
Chris PeBenito |
134191 |
ipc_owner
|
|
Chris PeBenito |
134191 |
sys_module
|
|
Chris PeBenito |
134191 |
sys_rawio
|
|
Chris PeBenito |
134191 |
sys_chroot
|
|
Chris PeBenito |
134191 |
sys_ptrace
|
|
Chris PeBenito |
134191 |
sys_pacct
|
|
Chris PeBenito |
134191 |
sys_admin
|
|
Chris PeBenito |
134191 |
sys_boot
|
|
Chris PeBenito |
134191 |
sys_nice
|
|
Chris PeBenito |
134191 |
sys_resource
|
|
Chris PeBenito |
134191 |
sys_time
|
|
Chris PeBenito |
134191 |
sys_tty_config
|
|
Chris PeBenito |
134191 |
mknod
|
|
Chris PeBenito |
134191 |
lease
|
|
Chris PeBenito |
134191 |
audit_write
|
|
Chris PeBenito |
134191 |
audit_control
|
|
Chris PeBenito |
d4623f |
setfcap
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
8b9ffe |
class capability2
|
|
Chris PeBenito |
8b9ffe |
{
|
|
Chris PeBenito |
8b9ffe |
mac_override # unused by SELinux
|
|
Chris PeBenito |
8b9ffe |
mac_admin # unused by SELinux
|
|
Chris PeBenito |
8b9ffe |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Define the access vector interpretation for controlling
|
|
Chris PeBenito |
134191 |
# changes to passwd information.
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
class passwd
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
passwd # change another user passwd
|
|
Chris PeBenito |
134191 |
chfn # change another user finger info
|
|
Chris PeBenito |
134191 |
chsh # change another user shell
|
|
Chris PeBenito |
134191 |
rootok # pam_rootok check (skip auth)
|
|
Chris PeBenito |
134191 |
crontab # crontab on another user
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# SE-X Windows stuff
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
2c12b4 |
class x_drawable
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
create
|
|
Chris PeBenito |
134191 |
destroy
|
|
Chris PeBenito |
2c12b4 |
read
|
|
Chris PeBenito |
2c12b4 |
write
|
|
Chris PeBenito |
2c12b4 |
blend
|
|
Chris PeBenito |
134191 |
getattr
|
|
Chris PeBenito |
2c12b4 |
setattr
|
|
Chris PeBenito |
2c12b4 |
list_child
|
|
Chris PeBenito |
2c12b4 |
add_child
|
|
Chris PeBenito |
2c12b4 |
remove_child
|
|
Chris PeBenito |
2c12b4 |
list_property
|
|
Chris PeBenito |
2c12b4 |
get_property
|
|
Chris PeBenito |
2c12b4 |
set_property
|
|
Chris PeBenito |
2c12b4 |
manage
|
|
Chris PeBenito |
2c12b4 |
override
|
|
Chris PeBenito |
2c12b4 |
show
|
|
Chris PeBenito |
2c12b4 |
hide
|
|
Chris PeBenito |
2c12b4 |
send
|
|
Chris PeBenito |
2c12b4 |
receive
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
2c12b4 |
class x_screen
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
getattr
|
|
Chris PeBenito |
134191 |
setattr
|
|
Chris PeBenito |
2c12b4 |
hide_cursor
|
|
Chris PeBenito |
2c12b4 |
show_cursor
|
|
Chris PeBenito |
2c12b4 |
saver_getattr
|
|
Chris PeBenito |
2c12b4 |
saver_setattr
|
|
Chris PeBenito |
2c12b4 |
saver_hide
|
|
Chris PeBenito |
2c12b4 |
saver_show
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
2c12b4 |
class x_gc
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
create
|
|
Chris PeBenito |
134191 |
destroy
|
|
Chris PeBenito |
134191 |
getattr
|
|
Chris PeBenito |
134191 |
setattr
|
|
Chris PeBenito |
2c12b4 |
use
|
|
Chris PeBenito |
2c12b4 |
}
|
|
Chris PeBenito |
2c12b4 |
|
|
Chris PeBenito |
2c12b4 |
class x_font
|
|
Chris PeBenito |
2c12b4 |
{
|
|
Chris PeBenito |
2c12b4 |
create
|
|
Chris PeBenito |
2c12b4 |
destroy
|
|
Chris PeBenito |
134191 |
getattr
|
|
Chris PeBenito |
2c12b4 |
add_glyph
|
|
Chris PeBenito |
2c12b4 |
remove_glyph
|
|
Chris PeBenito |
134191 |
use
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
2c12b4 |
class x_colormap
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
create
|
|
Chris PeBenito |
2c12b4 |
destroy
|
|
Chris PeBenito |
2c12b4 |
read
|
|
Chris PeBenito |
2c12b4 |
write
|
|
Chris PeBenito |
2c12b4 |
getattr
|
|
Chris PeBenito |
2c12b4 |
add_color
|
|
Chris PeBenito |
2c12b4 |
remove_color
|
|
Chris PeBenito |
134191 |
install
|
|
Chris PeBenito |
134191 |
uninstall
|
|
Chris PeBenito |
2c12b4 |
use
|
|
Chris PeBenito |
2c12b4 |
}
|
|
Chris PeBenito |
2c12b4 |
|
|
Chris PeBenito |
2c12b4 |
class x_property
|
|
Chris PeBenito |
2c12b4 |
{
|
|
Chris PeBenito |
2c12b4 |
create
|
|
Chris PeBenito |
2c12b4 |
destroy
|
|
Chris PeBenito |
134191 |
read
|
|
Chris PeBenito |
2c12b4 |
write
|
|
Chris PeBenito |
2c12b4 |
append
|
|
Chris PeBenito |
134191 |
getattr
|
|
Chris PeBenito |
134191 |
setattr
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
2c12b4 |
class x_selection
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
read
|
|
Chris PeBenito |
134191 |
write
|
|
Chris PeBenito |
2c12b4 |
getattr
|
|
Chris PeBenito |
2c12b4 |
setattr
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
2c12b4 |
class x_cursor
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
create
|
|
Chris PeBenito |
2c12b4 |
destroy
|
|
Chris PeBenito |
2c12b4 |
read
|
|
Chris PeBenito |
2c12b4 |
write
|
|
Chris PeBenito |
2c12b4 |
getattr
|
|
Chris PeBenito |
134191 |
setattr
|
|
Chris PeBenito |
2c12b4 |
use
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
2c12b4 |
class x_client
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
2c12b4 |
destroy
|
|
Chris PeBenito |
2c12b4 |
getattr
|
|
Chris PeBenito |
2c12b4 |
setattr
|
|
Chris PeBenito |
2c12b4 |
manage
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
2c12b4 |
class x_device
|
|
Eamon Walsh |
e4928c |
inherits x_device
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
2c12b4 |
class x_server
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
getattr
|
|
Chris PeBenito |
2c12b4 |
setattr
|
|
Chris PeBenito |
2c12b4 |
record
|
|
Chris PeBenito |
2c12b4 |
debug
|
|
Chris PeBenito |
134191 |
grab
|
|
Chris PeBenito |
2c12b4 |
manage
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
2c12b4 |
class x_extension
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
query
|
|
Chris PeBenito |
134191 |
use
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
2c12b4 |
class x_resource
|
|
Chris PeBenito |
2c12b4 |
{
|
|
Chris PeBenito |
2c12b4 |
read
|
|
Chris PeBenito |
2c12b4 |
write
|
|
Chris PeBenito |
2c12b4 |
}
|
|
Chris PeBenito |
2c12b4 |
|
|
Chris PeBenito |
2c12b4 |
class x_event
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
2c12b4 |
send
|
|
Chris PeBenito |
2c12b4 |
receive
|
|
Chris PeBenito |
2c12b4 |
}
|
|
Chris PeBenito |
2c12b4 |
|
|
Chris PeBenito |
2c12b4 |
class x_synthetic_event
|
|
Chris PeBenito |
2c12b4 |
{
|
|
Chris PeBenito |
2c12b4 |
send
|
|
Chris PeBenito |
2c12b4 |
receive
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
# Extended Netlink classes
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
class netlink_route_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
nlmsg_read
|
|
Chris PeBenito |
134191 |
nlmsg_write
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class netlink_firewall_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
nlmsg_read
|
|
Chris PeBenito |
134191 |
nlmsg_write
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class netlink_tcpdiag_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
nlmsg_read
|
|
Chris PeBenito |
134191 |
nlmsg_write
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class netlink_nflog_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class netlink_xfrm_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
nlmsg_read
|
|
Chris PeBenito |
134191 |
nlmsg_write
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class netlink_selinux_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class netlink_audit_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
nlmsg_read
|
|
Chris PeBenito |
134191 |
nlmsg_write
|
|
Chris PeBenito |
134191 |
nlmsg_relay
|
|
Chris PeBenito |
134191 |
nlmsg_readpriv
|
|
Chris PeBenito |
b4ad69 |
nlmsg_tty_audit
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class netlink_ip6fw_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
nlmsg_read
|
|
Chris PeBenito |
134191 |
nlmsg_write
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
class netlink_dnrt_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
# Define the access vector interpretation for controlling
|
|
Chris PeBenito |
134191 |
# access and communication through the D-BUS messaging
|
|
Chris PeBenito |
134191 |
# system.
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
class dbus
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
acquire_svc
|
|
Chris PeBenito |
134191 |
send_msg
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
# Define the access vector interpretation for controlling
|
|
Chris PeBenito |
134191 |
# access through the name service cache daemon (nscd).
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
class nscd
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
134191 |
getpwd
|
|
Chris PeBenito |
134191 |
getgrp
|
|
Chris PeBenito |
134191 |
gethost
|
|
Chris PeBenito |
134191 |
getstat
|
|
Chris PeBenito |
134191 |
admin
|
|
Chris PeBenito |
4d0d41 |
shmempwd
|
|
Chris PeBenito |
4d0d41 |
shmemgrp
|
|
Chris PeBenito |
4d0d41 |
shmemhost
|
|
Chris PeBenito |
924f3c |
getserv
|
|
Chris PeBenito |
924f3c |
shmemserv
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
# Define the access vector interpretation for controlling
|
|
Chris PeBenito |
134191 |
# access to IPSec network data by association
|
|
Chris PeBenito |
134191 |
#
|
|
Chris PeBenito |
134191 |
class association
|
|
Chris PeBenito |
134191 |
{
|
|
Chris PeBenito |
4d0d41 |
sendto
|
|
Chris PeBenito |
4d0d41 |
recvfrom
|
|
Chris PeBenito |
765bd9 |
setcontext
|
|
Chris PeBenito |
9b45c6 |
polmatch
|
|
Chris PeBenito |
134191 |
}
|
|
Chris PeBenito |
134191 |
|
|
Chris PeBenito |
134191 |
# Updated Netlink class for KOBJECT_UEVENT family.
|
|
Chris PeBenito |
134191 |
class netlink_kobject_uevent_socket
|
|
Chris PeBenito |
134191 |
inherits socket
|
|
Chris PeBenito |
f40b22 |
|
|
Chris PeBenito |
f40b22 |
class appletalk_socket
|
|
Chris PeBenito |
f40b22 |
inherits socket
|
|
Chris PeBenito |
c55b6f |
|
|
Chris PeBenito |
c55b6f |
class packet
|
|
Chris PeBenito |
c55b6f |
{
|
|
Chris PeBenito |
c55b6f |
send
|
|
Chris PeBenito |
c55b6f |
recv
|
|
Chris PeBenito |
c55b6f |
relabelto
|
|
Chris PeBenito |
350ed8 |
flow_in # deprecated
|
|
Chris PeBenito |
350ed8 |
flow_out # deprecated
|
|
Chris PeBenito |
f03433 |
forward_in
|
|
Chris PeBenito |
f03433 |
forward_out
|
|
Chris PeBenito |
c55b6f |
}
|
|
Chris PeBenito |
fe3a1e |
|
|
Chris PeBenito |
fe3a1e |
class key
|
|
Chris PeBenito |
fe3a1e |
{
|
|
Chris PeBenito |
fe3a1e |
view
|
|
Chris PeBenito |
fe3a1e |
read
|
|
Chris PeBenito |
fe3a1e |
write
|
|
Chris PeBenito |
fe3a1e |
search
|
|
Chris PeBenito |
fe3a1e |
link
|
|
Chris PeBenito |
fe3a1e |
setattr
|
|
Chris PeBenito |
fe3a1e |
create
|
|
Chris PeBenito |
fe3a1e |
}
|
|
Chris PeBenito |
a8671a |
|
|
Chris PeBenito |
a8671a |
class context
|
|
Chris PeBenito |
a8671a |
{
|
|
Chris PeBenito |
a8671a |
translate
|
|
Chris PeBenito |
c6a60b |
contains
|
|
Chris PeBenito |
a8671a |
}
|
|
Chris PeBenito |
a715dc |
|
|
Chris PeBenito |
a715dc |
class dccp_socket
|
|
Chris PeBenito |
a715dc |
inherits socket
|
|
Chris PeBenito |
a715dc |
{
|
|
Chris PeBenito |
a715dc |
node_bind
|
|
Chris PeBenito |
a715dc |
name_connect
|
|
Chris PeBenito |
a715dc |
}
|
|
Chris PeBenito |
41337a |
|
|
Chris PeBenito |
41337a |
class memprotect
|
|
Chris PeBenito |
41337a |
{
|
|
Chris PeBenito |
41337a |
mmap_zero
|
|
Chris PeBenito |
41337a |
}
|
|
Chris PeBenito |
9760cb |
|
|
Chris PeBenito |
9760cb |
class db_database
|
|
Chris PeBenito |
9760cb |
inherits database
|
|
Chris PeBenito |
9760cb |
{
|
|
Chris PeBenito |
9760cb |
access
|
|
Chris PeBenito |
9760cb |
install_module
|
|
Chris PeBenito |
9760cb |
load_module
|
|
Chris PeBenito |
350ed8 |
get_param # deprecated
|
|
Chris PeBenito |
350ed8 |
set_param # deprecated
|
|
Chris PeBenito |
9760cb |
}
|
|
Chris PeBenito |
9760cb |
|
|
Chris PeBenito |
9760cb |
class db_table
|
|
Chris PeBenito |
9760cb |
inherits database
|
|
Chris PeBenito |
9760cb |
{
|
|
Chris PeBenito |
350ed8 |
use # deprecated
|
|
Chris PeBenito |
9760cb |
select
|
|
Chris PeBenito |
9760cb |
update
|
|
Chris PeBenito |
9760cb |
insert
|
|
Chris PeBenito |
9760cb |
delete
|
|
Chris PeBenito |
9760cb |
lock
|
|
Chris PeBenito |
9760cb |
}
|
|
Chris PeBenito |
9760cb |
|
|
Chris PeBenito |
9760cb |
class db_procedure
|
|
Chris PeBenito |
9760cb |
inherits database
|
|
Chris PeBenito |
9760cb |
{
|
|
Chris PeBenito |
9760cb |
execute
|
|
Chris PeBenito |
9760cb |
entrypoint
|
|
Chris PeBenito |
466e22 |
install
|
|
Chris PeBenito |
9760cb |
}
|
|
Chris PeBenito |
9760cb |
|
|
Chris PeBenito |
9760cb |
class db_column
|
|
Chris PeBenito |
9760cb |
inherits database
|
|
Chris PeBenito |
9760cb |
{
|
|
Chris PeBenito |
350ed8 |
use # deprecated
|
|
Chris PeBenito |
9760cb |
select
|
|
Chris PeBenito |
9760cb |
update
|
|
Chris PeBenito |
9760cb |
insert
|
|
Chris PeBenito |
9760cb |
}
|
|
Chris PeBenito |
9760cb |
|
|
Chris PeBenito |
9760cb |
class db_tuple
|
|
Chris PeBenito |
9760cb |
{
|
|
Chris PeBenito |
9760cb |
relabelfrom
|
|
Chris PeBenito |
9760cb |
relabelto
|
|
Chris PeBenito |
350ed8 |
use # deprecated
|
|
Chris PeBenito |
9760cb |
select
|
|
Chris PeBenito |
9760cb |
update
|
|
Chris PeBenito |
9760cb |
insert
|
|
Chris PeBenito |
9760cb |
delete
|
|
Chris PeBenito |
9760cb |
}
|
|
Chris PeBenito |
9760cb |
|
|
Chris PeBenito |
9760cb |
class db_blob
|
|
Chris PeBenito |
9760cb |
inherits database
|
|
Chris PeBenito |
9760cb |
{
|
|
Chris PeBenito |
9760cb |
read
|
|
Chris PeBenito |
9760cb |
write
|
|
Chris PeBenito |
9760cb |
import
|
|
Chris PeBenito |
9760cb |
export
|
|
Chris PeBenito |
9760cb |
}
|
|
Chris PeBenito |
f3da31 |
|
|
Chris PeBenito |
f3da31 |
# network peer labels
|
|
Chris PeBenito |
f3da31 |
class peer
|
|
Chris PeBenito |
f3da31 |
{
|
|
Chris PeBenito |
f3da31 |
recv
|
|
Chris PeBenito |
f3da31 |
}
|
|
Chris PeBenito |
d923d5 |
|
|
Chris PeBenito |
d923d5 |
class x_application_data
|
|
Chris PeBenito |
d923d5 |
{
|
|
Chris PeBenito |
d923d5 |
paste
|
|
Chris PeBenito |
d923d5 |
paste_after_confirm
|
|
Chris PeBenito |
d923d5 |
copy
|
|
Chris PeBenito |
d923d5 |
}
|
|
Chris PeBenito |
347a70 |
|
|
Chris PeBenito |
347a70 |
class kernel_service
|
|
Chris PeBenito |
347a70 |
{
|
|
Chris PeBenito |
347a70 |
use_as_override
|
|
Chris PeBenito |
347a70 |
create_files_as
|
|
Chris PeBenito |
347a70 |
}
|
|
Chris PeBenito |
bd7570 |
|
|
Chris PeBenito |
bd7570 |
class tun_socket
|
|
Chris PeBenito |
bd7570 |
inherits socket
|
|
Eamon Walsh |
e4928c |
|
|
Eamon Walsh |
e4928c |
class x_pointer
|
|
Eamon Walsh |
e4928c |
inherits x_device
|
|
Eamon Walsh |
e4928c |
|
|
Eamon Walsh |
e4928c |
class x_keyboard
|
|
Eamon Walsh |
e4928c |
inherits x_device
|