rpms / selinux-policy

Clone
Source Code
GIT

Blame targeted/flask/access_vectors

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   ce3145e323652c3c96d3376a42c8158c3f3f5cf6
  2.   targeted
  3.   flask
  4.   access_vectors
Blob History Raw
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define common prefixes for access vectors
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# common common_name { permission_name ... }
Chris PeBenito ab58ad
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define a common prefix for file access vectors.
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
common file
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	ioctl
Chris PeBenito ab58ad 
	read
Chris PeBenito ab58ad 
	write
Chris PeBenito ab58ad 
	create
Chris PeBenito ab58ad 
	getattr
Chris PeBenito ab58ad 
	setattr
Chris PeBenito ab58ad 
	lock
Chris PeBenito ab58ad 
	relabelfrom
Chris PeBenito ab58ad 
	relabelto
Chris PeBenito ab58ad 
	append
Chris PeBenito ab58ad 
	unlink
Chris PeBenito ab58ad 
	link
Chris PeBenito ab58ad 
	rename
Chris PeBenito ab58ad 
	execute
Chris PeBenito ab58ad 
	swapon
Chris PeBenito ab58ad 
	quotaon
Chris PeBenito ab58ad 
	mounton
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define a common prefix for socket access vectors.
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
common socket
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
# inherited from file
Chris PeBenito ab58ad 
	ioctl
Chris PeBenito ab58ad 
	read
Chris PeBenito ab58ad 
	write
Chris PeBenito ab58ad 
	create
Chris PeBenito ab58ad 
	getattr
Chris PeBenito ab58ad 
	setattr
Chris PeBenito ab58ad 
	lock
Chris PeBenito ab58ad 
	relabelfrom
Chris PeBenito ab58ad 
	relabelto
Chris PeBenito ab58ad 
	append
Chris PeBenito ab58ad 
# socket-specific
Chris PeBenito ab58ad 
	bind
Chris PeBenito ab58ad 
	connect
Chris PeBenito ab58ad 
	listen
Chris PeBenito ab58ad 
	accept
Chris PeBenito ab58ad 
	getopt
Chris PeBenito ab58ad 
	setopt
Chris PeBenito ab58ad 
	shutdown
Chris PeBenito ab58ad 
	recvfrom
Chris PeBenito ab58ad 
	sendto
Chris PeBenito ab58ad 
	recv_msg
Chris PeBenito ab58ad 
	send_msg
Chris PeBenito ab58ad 
	name_bind
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define a common prefix for ipc access vectors.
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
common ipc
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	create
Chris PeBenito ab58ad 
	destroy
Chris PeBenito ab58ad 
	getattr
Chris PeBenito ab58ad 
	setattr
Chris PeBenito ab58ad 
	read
Chris PeBenito ab58ad 
	write
Chris PeBenito ab58ad 
	associate
Chris PeBenito ab58ad 
	unix_read
Chris PeBenito ab58ad 
	unix_write
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define the access vectors.
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# class class_name [ inherits common_name ] { permission_name ... }
Chris PeBenito ab58ad
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define the access vector interpretation for file-related objects.
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class filesystem
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	mount
Chris PeBenito ab58ad 
	remount
Chris PeBenito ab58ad 
	unmount
Chris PeBenito ab58ad 
	getattr
Chris PeBenito ab58ad 
	relabelfrom
Chris PeBenito ab58ad 
	relabelto
Chris PeBenito ab58ad 
	transition
Chris PeBenito ab58ad 
	associate
Chris PeBenito ab58ad 
	quotamod
Chris PeBenito ab58ad 
	quotaget
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class dir
Chris PeBenito ab58ad 
inherits file
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	add_name
Chris PeBenito ab58ad 
	remove_name
Chris PeBenito ab58ad 
	reparent
Chris PeBenito ab58ad 
	search
Chris PeBenito ab58ad 
	rmdir
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class file
Chris PeBenito ab58ad 
inherits file
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	execute_no_trans
Chris PeBenito ab58ad 
	entrypoint
Chris PeBenito ab58ad 
	execmod
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class lnk_file
Chris PeBenito ab58ad 
inherits file
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class chr_file
Chris PeBenito ab58ad 
inherits file
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	execute_no_trans
Chris PeBenito ab58ad 
	entrypoint
Chris PeBenito ab58ad 
	execmod
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class blk_file
Chris PeBenito ab58ad 
inherits file
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class sock_file
Chris PeBenito ab58ad 
inherits file
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class fifo_file
Chris PeBenito ab58ad 
inherits file
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class fd
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	use
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define the access vector interpretation for network-related objects.
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class tcp_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	connectto
Chris PeBenito ab58ad 
	newconn
Chris PeBenito ab58ad 
	acceptfrom
Chris PeBenito ab58ad 
	node_bind
Chris PeBenito ab58ad 
	name_connect
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class udp_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	node_bind
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class rawip_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	node_bind
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class node
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	tcp_recv
Chris PeBenito ab58ad 
	tcp_send
Chris PeBenito ab58ad 
	udp_recv
Chris PeBenito ab58ad 
	udp_send
Chris PeBenito ab58ad 
	rawip_recv
Chris PeBenito ab58ad 
	rawip_send
Chris PeBenito ab58ad 
	enforce_dest
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class netif
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	tcp_recv
Chris PeBenito ab58ad 
	tcp_send
Chris PeBenito ab58ad 
	udp_recv
Chris PeBenito ab58ad 
	udp_send
Chris PeBenito ab58ad 
	rawip_recv
Chris PeBenito ab58ad 
	rawip_send
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class netlink_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class packet_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class key_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class unix_stream_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	connectto
Chris PeBenito ab58ad 
	newconn
Chris PeBenito ab58ad 
	acceptfrom
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class unix_dgram_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define the access vector interpretation for process-related objects
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class process
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	fork
Chris PeBenito ab58ad 
	transition
Chris PeBenito ab58ad 
	sigchld # commonly granted from child to parent
Chris PeBenito ab58ad 
	sigkill # cannot be caught or ignored
Chris PeBenito ab58ad 
	sigstop # cannot be caught or ignored
Chris PeBenito ab58ad 
	signull # for kill(pid, 0)
Chris PeBenito ab58ad 
	signal  # all other signals
Chris PeBenito ab58ad 
	ptrace
Chris PeBenito ab58ad 
	getsched
Chris PeBenito ab58ad 
	setsched
Chris PeBenito ab58ad 
	getsession
Chris PeBenito ab58ad 
	getpgid
Chris PeBenito ab58ad 
	setpgid
Chris PeBenito ab58ad 
	getcap
Chris PeBenito ab58ad 
	setcap
Chris PeBenito ab58ad 
	share
Chris PeBenito ab58ad 
	getattr
Chris PeBenito ab58ad 
	setexec
Chris PeBenito ab58ad 
	setfscreate
Chris PeBenito ab58ad 
	noatsecure
Chris PeBenito ab58ad 
	siginh
Chris PeBenito ab58ad 
	setrlimit
Chris PeBenito ab58ad 
	rlimitinh
Chris PeBenito ab58ad 
	dyntransition
Chris PeBenito ab58ad 
	setcurrent
Chris PeBenito ab58ad 
	execmem
Chris PeBenito ab58ad 
	execstack
Chris PeBenito ab58ad 
	execheap
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define the access vector interpretation for ipc-related objects
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class ipc
Chris PeBenito ab58ad 
inherits ipc
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class sem
Chris PeBenito ab58ad 
inherits ipc
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class msgq
Chris PeBenito ab58ad 
inherits ipc
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	enqueue
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class msg
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	send
Chris PeBenito ab58ad 
	receive
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class shm
Chris PeBenito ab58ad 
inherits ipc
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	lock
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define the access vector interpretation for the security server.
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class security
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	compute_av
Chris PeBenito ab58ad 
	compute_create
Chris PeBenito ab58ad 
	compute_member
Chris PeBenito ab58ad 
	check_context
Chris PeBenito ab58ad 
	load_policy
Chris PeBenito ab58ad 
	compute_relabel
Chris PeBenito ab58ad 
	compute_user
Chris PeBenito ab58ad 
	setenforce     # was avc_toggle in system class
Chris PeBenito ab58ad 
	setbool
Chris PeBenito ab58ad 
	setsecparam
Chris PeBenito ab58ad 
	setcheckreqprot
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define the access vector interpretation for system operations.
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class system
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	ipc_info
Chris PeBenito ab58ad 
	syslog_read
Chris PeBenito ab58ad 
	syslog_mod
Chris PeBenito ab58ad 
	syslog_console
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define the access vector interpretation for controling capabilies
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class capability
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	# The capabilities are defined in include/linux/capability.h
Chris PeBenito ab58ad 
	# Care should be taken to ensure that these are consistent with
Chris PeBenito ab58ad 
	# those definitions. (Order matters)
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
	chown
Chris PeBenito ab58ad 
	dac_override
Chris PeBenito ab58ad 
	dac_read_search
Chris PeBenito ab58ad 
	fowner
Chris PeBenito ab58ad 
	fsetid
Chris PeBenito ab58ad 
	kill
Chris PeBenito ab58ad 
	setgid
Chris PeBenito ab58ad 
	setuid
Chris PeBenito ab58ad 
	setpcap
Chris PeBenito ab58ad 
	linux_immutable
Chris PeBenito ab58ad 
	net_bind_service
Chris PeBenito ab58ad 
	net_broadcast
Chris PeBenito ab58ad 
	net_admin
Chris PeBenito ab58ad 
	net_raw
Chris PeBenito ab58ad 
	ipc_lock
Chris PeBenito ab58ad 
	ipc_owner
Chris PeBenito ab58ad 
	sys_module
Chris PeBenito ab58ad 
	sys_rawio
Chris PeBenito ab58ad 
	sys_chroot
Chris PeBenito ab58ad 
	sys_ptrace
Chris PeBenito ab58ad 
	sys_pacct
Chris PeBenito ab58ad 
	sys_admin
Chris PeBenito ab58ad 
	sys_boot
Chris PeBenito ab58ad 
	sys_nice
Chris PeBenito ab58ad 
	sys_resource
Chris PeBenito ab58ad 
	sys_time
Chris PeBenito ab58ad 
	sys_tty_config
Chris PeBenito ab58ad 
	mknod
Chris PeBenito ab58ad 
	lease
Chris PeBenito ab58ad 
	audit_write
Chris PeBenito ab58ad 
	audit_control
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define the access vector interpretation for controlling
Chris PeBenito ab58ad 
# changes to passwd information.
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
class passwd
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	passwd	# change another user passwd
Chris PeBenito ab58ad 
	chfn	# change another user finger info
Chris PeBenito ab58ad 
	chsh	# change another user shell
Chris PeBenito ab58ad 
	rootok  # pam_rootok check (skip auth)
Chris PeBenito ab58ad 
	crontab # crontab on another user
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# SE-X Windows stuff
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
class drawable
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	create
Chris PeBenito ab58ad 
	destroy
Chris PeBenito ab58ad 
	draw
Chris PeBenito ab58ad 
	copy
Chris PeBenito ab58ad 
	getattr
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class gc
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	create
Chris PeBenito ab58ad 
	free
Chris PeBenito ab58ad 
	getattr
Chris PeBenito ab58ad 
	setattr
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class window
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	addchild
Chris PeBenito ab58ad 
	create
Chris PeBenito ab58ad 
	destroy
Chris PeBenito ab58ad 
	map
Chris PeBenito ab58ad 
	unmap
Chris PeBenito ab58ad 
	chstack
Chris PeBenito ab58ad 
	chproplist
Chris PeBenito ab58ad 
	chprop
Chris PeBenito ab58ad 
	listprop
Chris PeBenito ab58ad 
	getattr
Chris PeBenito ab58ad 
	setattr
Chris PeBenito ab58ad 
	setfocus
Chris PeBenito ab58ad 
	move
Chris PeBenito ab58ad 
	chselection
Chris PeBenito ab58ad 
	chparent
Chris PeBenito ab58ad 
	ctrllife
Chris PeBenito ab58ad 
	enumerate
Chris PeBenito ab58ad 
	transparent
Chris PeBenito ab58ad 
	mousemotion
Chris PeBenito ab58ad 
	clientcomevent
Chris PeBenito ab58ad 
	inputevent
Chris PeBenito ab58ad 
	drawevent
Chris PeBenito ab58ad 
	windowchangeevent
Chris PeBenito ab58ad 
	windowchangerequest
Chris PeBenito ab58ad 
	serverchangeevent
Chris PeBenito ab58ad 
	extensionevent
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class font
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	load
Chris PeBenito ab58ad 
	free
Chris PeBenito ab58ad 
	getattr
Chris PeBenito ab58ad 
	use
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class colormap
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	create
Chris PeBenito ab58ad 
	free
Chris PeBenito ab58ad 
	install
Chris PeBenito ab58ad 
	uninstall
Chris PeBenito ab58ad 
	list
Chris PeBenito ab58ad 
	read
Chris PeBenito ab58ad 
	store
Chris PeBenito ab58ad 
	getattr
Chris PeBenito ab58ad 
	setattr
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class property
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	create
Chris PeBenito ab58ad 
	free
Chris PeBenito ab58ad 
	read
Chris PeBenito ab58ad 
	write
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class cursor
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	create
Chris PeBenito ab58ad 
	createglyph
Chris PeBenito ab58ad 
	free
Chris PeBenito ab58ad 
	assign
Chris PeBenito ab58ad 
	setattr
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class xclient
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	kill
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class xinput
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	lookup
Chris PeBenito ab58ad 
	getattr
Chris PeBenito ab58ad 
	setattr
Chris PeBenito ab58ad 
	setfocus
Chris PeBenito ab58ad 
	warppointer
Chris PeBenito ab58ad 
	activegrab
Chris PeBenito ab58ad 
	passivegrab
Chris PeBenito ab58ad 
	ungrab
Chris PeBenito ab58ad 
	bell
Chris PeBenito ab58ad 
	mousemotion
Chris PeBenito ab58ad 
	relabelinput
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class xserver
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	screensaver
Chris PeBenito ab58ad 
	gethostlist
Chris PeBenito ab58ad 
	sethostlist
Chris PeBenito ab58ad 
	getfontpath
Chris PeBenito ab58ad 
	setfontpath
Chris PeBenito ab58ad 
	getattr
Chris PeBenito ab58ad 
	grab
Chris PeBenito ab58ad 
	ungrab
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class xextension
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	query
Chris PeBenito ab58ad 
	use
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Define the access vector interpretation for controlling
Chris PeBenito ab58ad 
# PaX flags
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
class pax
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
        pageexec        # Paging based non-executable pages
Chris PeBenito ab58ad 
        emutramp        # Emulate trampolines
Chris PeBenito ab58ad 
        mprotect        # Restrict mprotect()
Chris PeBenito ab58ad 
        randmmap        # Randomize mmap() base
Chris PeBenito ab58ad 
        randexec        # Randomize ET_EXEC base
Chris PeBenito ab58ad 
        segmexec        # Segmentation based non-executable pages
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
# Extended Netlink classes
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
class netlink_route_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	nlmsg_read
Chris PeBenito ab58ad 
	nlmsg_write
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class netlink_firewall_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	nlmsg_read
Chris PeBenito ab58ad 
	nlmsg_write
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class netlink_tcpdiag_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	nlmsg_read
Chris PeBenito ab58ad 
	nlmsg_write
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class netlink_nflog_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class netlink_xfrm_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	nlmsg_read
Chris PeBenito ab58ad 
	nlmsg_write
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class netlink_selinux_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class netlink_audit_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	nlmsg_read
Chris PeBenito ab58ad 
	nlmsg_write
Chris PeBenito ab58ad 
	nlmsg_relay
Chris PeBenito ab58ad 
	nlmsg_readpriv
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class netlink_ip6fw_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	nlmsg_read
Chris PeBenito ab58ad 
	nlmsg_write
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
class netlink_dnrt_socket
Chris PeBenito ab58ad 
inherits socket
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
# Define the access vector interpretation for controlling
Chris PeBenito ab58ad 
# access and communication through the D-BUS messaging
Chris PeBenito ab58ad 
# system.
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
class dbus
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	acquire_svc
Chris PeBenito ab58ad 
	send_msg
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
# Define the access vector interpretation for controlling
Chris PeBenito ab58ad 
# access through the name service cache daemon (nscd).
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
class nscd
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
	getpwd
Chris PeBenito ab58ad 
	getgrp
Chris PeBenito ab58ad 
	gethost
Chris PeBenito ab58ad 
	getstat
Chris PeBenito ab58ad 
	admin
Chris PeBenito ab58ad 
       shmempwd
Chris PeBenito ab58ad 
       shmemgrp
Chris PeBenito ab58ad 
       shmemhost
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
# Define the access vector interpretation for controlling
Chris PeBenito ab58ad 
# access to IPSec network data by association
Chris PeBenito ab58ad 
#
Chris PeBenito ab58ad 
class association
Chris PeBenito ab58ad 
{
Chris PeBenito ab58ad 
       sendto
Chris PeBenito ab58ad 
       recvfrom
Chris PeBenito ab58ad 
}
Chris PeBenito ab58ad
Chris PeBenito ab58ad 
# Updated Netlink class for KOBJECT_UEVENT family.
Chris PeBenito ab58ad 
class netlink_kobject_uevent_socket
Chris PeBenito ab58ad 
inherits socket

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation