|
Chris PeBenito |
ca83af |
########################################
|
|
Chris PeBenito |
ca83af |
#
|
|
Karl MacMillan |
eb5e23 |
# Support macros for sets of object classes and permissions
|
|
Chris PeBenito |
ca83af |
#
|
|
Karl MacMillan |
eb5e23 |
# This file should only have object class and permission set macros - they
|
|
Karl MacMillan |
eb5e23 |
# can only reference object classes and/or permissions.
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# All directory and file classes
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`dir_file_class_set', `{ dir file lnk_file sock_file fifo_file chr_file blk_file }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# All non-directory file classes.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`file_class_set', `{ file lnk_file sock_file fifo_file chr_file blk_file }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Non-device file classes.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`notdevfile_class_set', `{ file lnk_file sock_file fifo_file }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Device file classes.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`devfile_class_set', `{ chr_file blk_file }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# All socket classes.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
f40b22 |
define(`socket_class_set', `{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Datagram socket classes.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Stream socket classes.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Unprivileged socket classes (exclude rawip, netlink, packet).
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
########################################
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Macros for sets of permissions
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for getting file attributes.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`stat_file_perms', `{ getattr }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for executing files.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`x_file_perms', `{ getattr execute }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for reading files and their attributes.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`r_file_perms', `{ read getattr lock ioctl }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for reading and executing files.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`rx_file_perms', `{ read getattr lock execute ioctl }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for reading and appending to files.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`ra_file_perms', `{ ioctl read getattr lock append }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for linking, unlinking and renaming files.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`link_file_perms', `{ getattr link unlink rename }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for creating lnk_files.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`create_lnk_perms', `{ create read getattr setattr link unlink rename }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for creating and using files.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`create_file_perms', `{ create ioctl read getattr lock write setattr append link unlink rename }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for reading directories and their attributes.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`r_dir_perms', `{ read getattr lock search ioctl }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for reading and writing directories and their attributes.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`rw_dir_perms', `{ read getattr lock search ioctl add_name remove_name write }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for reading and adding names to directories.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`ra_dir_perms', `{ read getattr lock search ioctl add_name write }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for creating and using directories.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`create_dir_perms', `{ create read getattr lock setattr ioctl link unlink rename search add_name remove_name reparent write rmdir }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions to mount and unmount file systems.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`mount_fs_perms', `{ mount remount unmount getattr }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for using sockets.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`rw_socket_perms', `{ ioctl read getattr write setattr append bind connect getopt setopt shutdown }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for creating and using sockets.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`create_socket_perms', `{ create rw_socket_perms }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for using stream sockets.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`rw_stream_socket_perms', `{ rw_socket_perms listen accept }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for creating and using stream sockets.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`create_stream_socket_perms', `{ create_socket_perms listen accept }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for creating and using sockets.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`connected_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for creating and using sockets.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`connected_stream_socket_perms', `{ connected_socket_perms listen accept }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for creating and using netlink sockets.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`create_netlink_socket_perms', `{ create_socket_perms nlmsg_read nlmsg_write }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for using netlink sockets for operations that modify state.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`rw_netlink_socket_perms', `{ create_socket_perms nlmsg_read nlmsg_write }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for using netlink sockets for operations that observe state.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`r_netlink_socket_perms', `{ create_socket_perms nlmsg_read }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for sending all signals.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`signal_perms', `{ sigchld sigkill sigstop signull signal }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for sending and receiving network packets.
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`packet_perms', `{ tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send }')
|
|
Chris PeBenito |
ca83af |
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
# Permissions for using System V IPC
|
|
Chris PeBenito |
ca83af |
#
|
|
Chris PeBenito |
ca83af |
define(`r_sem_perms', `{ associate getattr read unix_read }')
|
|
Chris PeBenito |
ca83af |
define(`rw_sem_perms', `{ associate getattr read write unix_read unix_write }')
|
|
Chris PeBenito |
ca83af |
define(`create_sem_perms', `{ associate getattr setattr create destroy read write unix_read unix_write }')
|
|
Chris PeBenito |
ca83af |
define(`r_msgq_perms', `{ associate getattr read unix_read }')
|
|
Chris PeBenito |
ca83af |
define(`rw_msgq_perms', `{ associate getattr read write enqueue unix_read unix_write }')
|
|
Chris PeBenito |
ca83af |
define(`create_msgq_perms', `{ associate getattr setattr create destroy read write enqueue unix_read unix_write }')
|
|
Chris PeBenito |
ca83af |
define(`r_shm_perms', `{ associate getattr read unix_read }')
|
|
Chris PeBenito |
ca83af |
define(`rw_shm_perms', `{ associate getattr read write lock unix_read unix_write }')
|
|
Chris PeBenito |
ca83af |
define(`create_shm_perms', `{ associate getattr setattr create destroy read write lock unix_read unix_write }')
|
|
Chris PeBenito |
c9b7f1 |
|
|
Chris PeBenito |
c9b7f1 |
########################################
|
|
Chris PeBenito |
c9b7f1 |
#
|
|
Chris PeBenito |
c4bf97 |
# New permission sets
|
|
Chris PeBenito |
c4bf97 |
#
|
|
Chris PeBenito |
c4bf97 |
|
|
Chris PeBenito |
c4bf97 |
#
|
|
Chris PeBenito |
c4bf97 |
# Directory
|
|
Chris PeBenito |
c4bf97 |
#
|
|
Chris PeBenito |
da4fc9 |
define(`search_dir_perms',`{ getattr search }')
|
|
Chris PeBenito |
c4bf97 |
define(`getattr_dir_perms',`{ getattr }')
|
|
Chris PeBenito |
c4bf97 |
define(`setattr_dir_perms',`{ setattr }')
|
|
Chris PeBenito |
c4bf97 |
define(`list_dir_perms',`{ getattr search read lock ioctl }')
|
|
Chris PeBenito |
c4bf97 |
define(`add_entry_dir_perms',`{ getattr search lock ioctl write add_name }')
|
|
Chris PeBenito |
c4bf97 |
define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }')
|
|
Chris PeBenito |
c4bf97 |
define(`manage_dir_perms',`{ create getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl }')
|
|
Chris PeBenito |
c4bf97 |
|
|
Chris PeBenito |
c4bf97 |
#
|
|
Chris PeBenito |
c4bf97 |
# File
|
|
Chris PeBenito |
c9b7f1 |
#
|
|
Chris PeBenito |
c4bf97 |
define(`getattr_file_perms',`{ getattr }')
|
|
Chris PeBenito |
c4bf97 |
define(`setattr_file_perms',`{ setattr }')
|
|
Chris PeBenito |
c4bf97 |
define(`read_file_perms',`{ getattr read lock ioctl }')
|
|
Chris PeBenito |
c4bf97 |
define(`append_file_perms',`{ getattr append lock ioctl }')
|
|
Chris PeBenito |
c4bf97 |
define(`write_file_perms',`{ getattr write append lock ioctl }')
|
|
Chris PeBenito |
1c1ac6 |
define(`rw_file_perms',`{ getattr read write append ioctl lock }')
|
|
Chris PeBenito |
1c1ac6 |
define(`delete_file_perms',`{ getattr unlink }')
|
|
Chris PeBenito |
c4bf97 |
define(`manage_file_perms',`{ create getattr setattr read write append rename link unlink ioctl lock }')
|
|
Chris PeBenito |
c9b7f1 |
|
|
Chris PeBenito |
c9b7f1 |
#
|
|
Chris PeBenito |
c9b7f1 |
# Use (read and write) terminals
|
|
Chris PeBenito |
c9b7f1 |
#
|
|
Chris PeBenito |
c9b7f1 |
define(`rw_term_perms', `{ getattr read write ioctl }')
|
|
Chris PeBenito |
157c69 |
|
|
Chris PeBenito |
b7b1d2 |
#
|
|
Chris PeBenito |
b7b1d2 |
# Sockets
|
|
Chris PeBenito |
b7b1d2 |
#
|
|
Chris PeBenito |
b7b1d2 |
define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
|
|
Chris PeBenito |
b7b1d2 |
define(`server_stream_socket_perms', `{ client_stream_socket_perms listen accept }')
|