From owner-p4-projects@FreeBSD.ORG Thu Apr 20 15:32:43 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 55A8E16A404; Thu, 20 Apr 2006 15:32:43 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12B8F16A402 for ; Thu, 20 Apr 2006 15:32:43 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id B2B4C43D48 for ; Thu, 20 Apr 2006 15:32:42 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k3KFWgSr088135 for ; Thu, 20 Apr 2006 15:32:42 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k3KFWgMn088129 for perforce@freebsd.org; Thu, 20 Apr 2006 15:32:42 GMT (envelope-from millert@freebsd.org) Date: Thu, 20 Apr 2006 15:32:42 GMT Message-Id: <200604201532.k3KFWgMn088129@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 95684 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2006 15:32:43 -0000 http://perforce.freebsd.org/chv.cgi?CH=95684 Change 95684 by millert@millert_g5tower on 2006/04/20 15:32:03 Merge in the new av cache code. Since Darwin doesn't have rcu style locking, use rwlocks instead. In the future, it may be possible to reduce the amount of time we hold a write lock by doing atomic list operations (which is what Linux does). The new avc code expects different versions of the generated flask .h files so mkaccess_vector.sh and mkflask.sh have been updated based on policy-1.28. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_inherit.h#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#10 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#9 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#13 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.h#7 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc_ss.h#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/class_to_string.h#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/common_perm_to_string.h#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask.h#8 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/Makefile#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/mkaccess_vector.sh#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/mkflask.sh#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#15 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#40 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#9 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_labels.h#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#13 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscalls.h#8 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_sysctl.c#8 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#12 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_inherit.h#4 (text+ko) ==== @@ -1,37 +1,21 @@ /* This file is automatically generated. Do not edit. */ -/* FLASK */ - -typedef struct -{ - u16 tclass; - char **common_pts; - u32 common_base; -} av_inherit_t; - -static av_inherit_t av_inherit[] = { - { SECCLASS_DIR, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_FILE, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_LNK_FILE, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_CHR_FILE, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_BLK_FILE, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_SOCK_FILE, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_FIFO_FILE, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_TCP_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_UDP_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_RAWIP_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_NETLINK_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_PACKET_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_KEY_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_UNIX_STREAM_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_UNIX_DGRAM_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_IPC, common_ipc_perm_to_string, 0x0000000000000200UL }, - { SECCLASS_SEM, common_ipc_perm_to_string, 0x0000000000000200UL }, - { SECCLASS_MSGQ, common_ipc_perm_to_string, 0x0000000000000200UL }, - { SECCLASS_SHM, common_ipc_perm_to_string, 0x0000000000000200UL }, -}; - -#define AV_INHERIT_SIZE (sizeof(av_inherit)/sizeof(av_inherit_t)) - - -/* FLASK */ + S_(SECCLASS_DIR, file, 0x00100000UL) + S_(SECCLASS_FILE, file, 0x00100000UL) + S_(SECCLASS_LNK_FILE, file, 0x00100000UL) + S_(SECCLASS_CHR_FILE, file, 0x00100000UL) + S_(SECCLASS_BLK_FILE, file, 0x00100000UL) + S_(SECCLASS_SOCK_FILE, file, 0x00100000UL) + S_(SECCLASS_FIFO_FILE, file, 0x00100000UL) + S_(SECCLASS_SOCKET, socket, 0x01000000UL) + S_(SECCLASS_TCP_SOCKET, socket, 0x01000000UL) + S_(SECCLASS_UDP_SOCKET, socket, 0x01000000UL) + S_(SECCLASS_RAWIP_SOCKET, socket, 0x01000000UL) + S_(SECCLASS_NETLINK_SOCKET, socket, 0x01000000UL) + S_(SECCLASS_PACKET_SOCKET, socket, 0x01000000UL) + S_(SECCLASS_KEY_SOCKET, socket, 0x01000000UL) + S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x01000000UL) + S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x01000000UL) + S_(SECCLASS_IPC, ipc, 0x00000200UL) + S_(SECCLASS_SEM, ipc, 0x00000200UL) + S_(SECCLASS_MSGQ, ipc, 0x00000200UL) + S_(SECCLASS_SHM, ipc, 0x00000200UL) ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#10 (text+ko) ==== @@ -1,148 +1,132 @@ /* This file is automatically generated. Do not edit. */ -/* FLASK */ - -typedef struct -{ - u16 tclass; - u32 value; - char *name; -} av_perm_to_string_t; - -static av_perm_to_string_t av_perm_to_string[] = { - { SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget" }, - { SECCLASS_DIR, DIR__ADD_NAME, "add_name" }, - { SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name" }, - { SECCLASS_DIR, DIR__REPARENT, "reparent" }, - { SECCLASS_DIR, DIR__SEARCH, "search" }, - { SECCLASS_DIR, DIR__RMDIR, "rmdir" }, - { SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans" }, - { SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint" }, - { SECCLASS_FD, FD__CREATE, "create" }, - { SECCLASS_FD, FD__USE, "use" }, - { SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto" }, - { SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn" }, - { SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom" }, - { SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind" }, - { SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind" }, - { SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind" }, - { SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv" }, - { SECCLASS_NODE, NODE__TCP_SEND, "tcp_send" }, - { SECCLASS_NODE, NODE__UDP_RECV, "udp_recv" }, - { SECCLASS_NODE, NODE__UDP_SEND, "udp_send" }, - { SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv" }, - { SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send" }, - { SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest" }, - { SECCLASS_NETIF, NETIF__GETATTR, "getattr" }, - { SECCLASS_NETIF, NETIF__SETATTR, "setattr" }, - { SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv" }, - { SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send" }, - { SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv" }, - { SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send" }, - { SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv" }, - { SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send" }, - { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto" }, - { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn" }, - { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom" }, - { SECCLASS_PROCESS, PROCESS__FORK, "fork" }, - { SECCLASS_PROCESS, PROCESS__TRANSITION, "transition" }, - { SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld" }, - { SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill" }, - { SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop" }, - { SECCLASS_PROCESS, PROCESS__SIGNULL, "signull" }, - { SECCLASS_PROCESS, PROCESS__SIGNAL, "signal" }, - { SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace" }, - { SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched" }, - { SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched" }, - { SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession" }, - { SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid" }, - { SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid" }, - { SECCLASS_PROCESS, PROCESS__GETCAP, "getcap" }, - { SECCLASS_PROCESS, PROCESS__SETCAP, "setcap" }, - { SECCLASS_PROCESS, PROCESS__SHARE, "share" }, - { SECCLASS_PROCESS, PROCESS__GETATTR, "getattr" }, - { SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec" }, - { SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate" }, - { SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure" }, - { SECCLASS_PROCESS, PROCESS__SIGINH, "siginh" }, - { SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit" }, - { SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh" }, - { SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition" }, - { SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue" }, - { SECCLASS_MSG, MSG__SEND, "send" }, - { SECCLASS_MSG, MSG__RECEIVE, "receive" }, - { SECCLASS_MSG, MSG__DESTROY, "destroy" }, - { SECCLASS_SHM, SHM__LOCK, "lock" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member" }, - { SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context" }, - { SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user" }, - { SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce" }, - { SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool" }, - { SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info" }, - { SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read" }, - { SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod" }, - { SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console" }, - { SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown" }, - { SECCLASS_CAPABILITY, CAPABILITY__DAC_EXECUTE, "dac_execute" }, - { SECCLASS_CAPABILITY, CAPABILITY__DAC_WRITE, "dac_write" }, - { SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search" }, - { SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner" }, - { SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid" }, - { SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill" }, - { SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap" }, - { SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid" }, - { SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid" }, - { SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control" }, - { SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write" }, - { SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable" }, - { SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service" }, - { SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast" }, - { SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin" }, - { SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw" }, - { SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock" }, - { SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config" }, - { SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod" }, - { SECCLASS_MACH_PORT, MACH_PORT__RELABELFROM, "relabelfrom" }, - { SECCLASS_MACH_PORT, MACH_PORT__RELABELTO, "relabelto" }, - { SECCLASS_MACH_PORT, MACH_PORT__SEND, "send" }, - { SECCLASS_MACH_PORT, MACH_PORT__RECV, "recv" }, - { SECCLASS_MACH_PORT, MACH_PORT__MAKE_SEND, "make_send" }, - { SECCLASS_MACH_PORT, MACH_PORT__MAKE_SEND_ONCE, "make_send_once" }, - { SECCLASS_MACH_PORT, MACH_PORT__COPY_SEND, "copy_send" }, - { SECCLASS_MACH_PORT, MACH_PORT__MOVE_SEND, "move_send" }, - { SECCLASS_MACH_PORT, MACH_PORT__MOVE_SEND_ONCE, "move_send_once" }, - { SECCLASS_MACH_PORT, MACH_PORT__MOVE_RECV, "move_recv" }, - { SECCLASS_MACH_PORT, MACH_PORT__HOLD_SEND, "hold_send" }, - { SECCLASS_MACH_PORT, MACH_PORT__HOLD_SEND_ONCE, "hold_send_once" }, - { SECCLASS_MACH_PORT, MACH_PORT__HOLD_RECV, "hold_recv" }, - { SECCLASS_MACH_TASK, MACH_TASK__TERMINATE, "terminate" }, - { SECCLASS_MACH_TASK, MACH_TASK__SET_SPECIAL_PORT, "set_special_port" }, -}; - -#define AV_PERM_TO_STRING_SIZE (sizeof(av_perm_to_string)/sizeof(av_perm_to_string_t)) - - -/* FLASK */ + S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget") + S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name") + S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name") + S_(SECCLASS_DIR, DIR__REPARENT, "reparent") + S_(SECCLASS_DIR, DIR__SEARCH, "search") + S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") + S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") + S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") + S_(SECCLASS_FD, FD__CREATE, "create") + S_(SECCLASS_FD, FD__USE, "use") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv") + S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send") + S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv") + S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send") + S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv") + S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send") + S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") + S_(SECCLASS_NETIF, NETIF__GETATTR, "getattr") + S_(SECCLASS_NETIF, NETIF__SETATTR, "setattr") + S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") + S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") + S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") + S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send") + S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv") + S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") + S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") + S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") + S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") + S_(SECCLASS_PROCESS, PROCESS__FORK, "fork") + S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition") + S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld") + S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill") + S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop") + S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull") + S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal") + S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace") + S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched") + S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched") + S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession") + S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid") + S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid") + S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap") + S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap") + S_(SECCLASS_PROCESS, PROCESS__SHARE, "share") + S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr") + S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec") + S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate") + S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure") + S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") + S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") + S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") + S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") + S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") + S_(SECCLASS_MSG, MSG__SEND, "send") + S_(SECCLASS_MSG, MSG__RECEIVE, "receive") + S_(SECCLASS_MSG, MSG__DESTROY, "destroy") + S_(SECCLASS_SHM, SHM__LOCK, "lock") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") + S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") + S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") + S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") + S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") + S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info") + S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") + S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") + S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") + S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") + S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_EXECUTE, "dac_execute") + S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_WRITE, "dac_write") + S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") + S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner") + S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid") + S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid") + S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") + S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") + S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw") + S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock") + S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config") + S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod") + S_(SECCLASS_MACH_PORT, MACH_PORT__RELABELFROM, "relabelfrom") + S_(SECCLASS_MACH_PORT, MACH_PORT__RELABELTO, "relabelto") + S_(SECCLASS_MACH_PORT, MACH_PORT__SEND, "send") + S_(SECCLASS_MACH_PORT, MACH_PORT__RECV, "recv") + S_(SECCLASS_MACH_PORT, MACH_PORT__MAKE_SEND, "make_send") + S_(SECCLASS_MACH_PORT, MACH_PORT__MAKE_SEND_ONCE, "make_send_once") + S_(SECCLASS_MACH_PORT, MACH_PORT__COPY_SEND, "copy_send") + S_(SECCLASS_MACH_PORT, MACH_PORT__MOVE_SEND, "move_send") + S_(SECCLASS_MACH_PORT, MACH_PORT__MOVE_SEND_ONCE, "move_send_once") + S_(SECCLASS_MACH_PORT, MACH_PORT__MOVE_RECV, "move_recv") + S_(SECCLASS_MACH_PORT, MACH_PORT__HOLD_SEND, "hold_send") + S_(SECCLASS_MACH_PORT, MACH_PORT__HOLD_SEND_ONCE, "hold_send_once") + S_(SECCLASS_MACH_PORT, MACH_PORT__HOLD_RECV, "hold_recv") + S_(SECCLASS_MACH_TASK, MACH_TASK__TERMINATE, "terminate") + S_(SECCLASS_MACH_TASK, MACH_TASK__SET_SPECIAL_PORT, "set_special_port") ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#9 (text+ko) ==== @@ -1,623 +1,619 @@ /* This file is automatically generated. Do not edit. */ -/* FLASK */ +#define COMMON_FILE__POLL 0x00000001UL +#define COMMON_FILE__IOCTL 0x00000002UL +#define COMMON_FILE__READ 0x00000004UL +#define COMMON_FILE__WRITE 0x00000008UL +#define COMMON_FILE__CREATE 0x00000010UL +#define COMMON_FILE__GETATTR 0x00000020UL +#define COMMON_FILE__SETATTR 0x00000040UL +#define COMMON_FILE__LOCK 0x00000080UL +#define COMMON_FILE__RELABELFROM 0x00000100UL +#define COMMON_FILE__RELABELTO 0x00000200UL +#define COMMON_FILE__TRANSITION 0x00000400UL +#define COMMON_FILE__APPEND 0x00000800UL +#define COMMON_FILE__ACCESS 0x00001000UL +#define COMMON_FILE__UNLINK 0x00002000UL +#define COMMON_FILE__LINK 0x00004000UL +#define COMMON_FILE__RENAME 0x00008000UL +#define COMMON_FILE__EXECUTE 0x00010000UL +#define COMMON_FILE__SWAPON 0x00020000UL +#define COMMON_FILE__QUOTAON 0x00040000UL +#define COMMON_FILE__MOUNTON 0x00080000UL -#define COMMON_FILE__POLL 0x0000000000000001UL -#define COMMON_FILE__IOCTL 0x0000000000000002UL -#define COMMON_FILE__READ 0x0000000000000004UL -#define COMMON_FILE__WRITE 0x0000000000000008UL -#define COMMON_FILE__CREATE 0x0000000000000010UL -#define COMMON_FILE__GETATTR 0x0000000000000020UL -#define COMMON_FILE__SETATTR 0x0000000000000040UL -#define COMMON_FILE__LOCK 0x0000000000000080UL -#define COMMON_FILE__RELABELFROM 0x0000000000000100UL -#define COMMON_FILE__RELABELTO 0x0000000000000200UL -#define COMMON_FILE__TRANSITION 0x0000000000000400UL -#define COMMON_FILE__APPEND 0x0000000000000800UL -#define COMMON_FILE__ACCESS 0x0000000000001000UL -#define COMMON_FILE__UNLINK 0x0000000000002000UL -#define COMMON_FILE__LINK 0x0000000000004000UL -#define COMMON_FILE__RENAME 0x0000000000008000UL -#define COMMON_FILE__EXECUTE 0x0000000000010000UL -#define COMMON_FILE__SWAPON 0x0000000000020000UL -#define COMMON_FILE__QUOTAON 0x0000000000040000UL -#define COMMON_FILE__MOUNTON 0x0000000000080000UL +#define COMMON_SOCKET__POLL 0x00000001UL +#define COMMON_SOCKET__IOCTL 0x00000002UL +#define COMMON_SOCKET__READ 0x00000004UL +#define COMMON_SOCKET__WRITE 0x00000008UL +#define COMMON_SOCKET__CREATE 0x00000010UL +#define COMMON_SOCKET__GETATTR 0x00000020UL +#define COMMON_SOCKET__SETATTR 0x00000040UL +#define COMMON_SOCKET__LOCK 0x00000080UL +#define COMMON_SOCKET__RELABELFROM 0x00000100UL +#define COMMON_SOCKET__RELABELTO 0x00000200UL +#define COMMON_SOCKET__TRANSITION 0x00000400UL +#define COMMON_SOCKET__APPEND 0x00000800UL +#define COMMON_SOCKET__BIND 0x00001000UL +#define COMMON_SOCKET__CONNECT 0x00002000UL +#define COMMON_SOCKET__LISTEN 0x00004000UL +#define COMMON_SOCKET__ACCEPT 0x00008000UL +#define COMMON_SOCKET__GETOPT 0x00010000UL +#define COMMON_SOCKET__SETOPT 0x00020000UL +#define COMMON_SOCKET__SHUTDOWN 0x00040000UL +#define COMMON_SOCKET__RECVFROM 0x00080000UL +#define COMMON_SOCKET__SENDTO 0x00100000UL +#define COMMON_SOCKET__RECV_MSG 0x00200000UL +#define COMMON_SOCKET__SEND_MSG 0x00400000UL +#define COMMON_SOCKET__NAME_BIND 0x00800000UL -#define COMMON_SOCKET__POLL 0x0000000000000001UL -#define COMMON_SOCKET__IOCTL 0x0000000000000002UL -#define COMMON_SOCKET__READ 0x0000000000000004UL -#define COMMON_SOCKET__WRITE 0x0000000000000008UL -#define COMMON_SOCKET__CREATE 0x0000000000000010UL -#define COMMON_SOCKET__GETATTR 0x0000000000000020UL -#define COMMON_SOCKET__SETATTR 0x0000000000000040UL -#define COMMON_SOCKET__LOCK 0x0000000000000080UL -#define COMMON_SOCKET__RELABELFROM 0x0000000000000100UL -#define COMMON_SOCKET__RELABELTO 0x0000000000000200UL -#define COMMON_SOCKET__TRANSITION 0x0000000000000400UL -#define COMMON_SOCKET__APPEND 0x0000000000000800UL -#define COMMON_SOCKET__BIND 0x0000000000001000UL -#define COMMON_SOCKET__CONNECT 0x0000000000002000UL -#define COMMON_SOCKET__LISTEN 0x0000000000004000UL -#define COMMON_SOCKET__ACCEPT 0x0000000000008000UL -#define COMMON_SOCKET__GETOPT 0x0000000000010000UL -#define COMMON_SOCKET__SETOPT 0x0000000000020000UL -#define COMMON_SOCKET__SHUTDOWN 0x0000000000040000UL -#define COMMON_SOCKET__RECVFROM 0x0000000000080000UL -#define COMMON_SOCKET__SENDTO 0x0000000000100000UL -#define COMMON_SOCKET__RECV_MSG 0x0000000000200000UL -#define COMMON_SOCKET__SEND_MSG 0x0000000000400000UL -#define COMMON_SOCKET__NAME_BIND 0x0000000000800000UL +#define COMMON_IPC__CREATE 0x00000001UL +#define COMMON_IPC__DESTROY 0x00000002UL +#define COMMON_IPC__GETATTR 0x00000004UL +#define COMMON_IPC__SETATTR 0x00000008UL +#define COMMON_IPC__READ 0x00000010UL +#define COMMON_IPC__WRITE 0x00000020UL +#define COMMON_IPC__ASSOCIATE 0x00000040UL +#define COMMON_IPC__UNIX_READ 0x00000080UL +#define COMMON_IPC__UNIX_WRITE 0x00000100UL -#define COMMON_IPC__CREATE 0x0000000000000001UL -#define COMMON_IPC__DESTROY 0x0000000000000002UL -#define COMMON_IPC__GETATTR 0x0000000000000004UL -#define COMMON_IPC__SETATTR 0x0000000000000008UL -#define COMMON_IPC__READ 0x0000000000000010UL -#define COMMON_IPC__WRITE 0x0000000000000020UL -#define COMMON_IPC__ASSOCIATE 0x0000000000000040UL -#define COMMON_IPC__UNIX_READ 0x0000000000000080UL -#define COMMON_IPC__UNIX_WRITE 0x0000000000000100UL +#define FILESYSTEM__MOUNT 0x00000001UL +#define FILESYSTEM__REMOUNT 0x00000002UL +#define FILESYSTEM__UNMOUNT 0x00000004UL +#define FILESYSTEM__GETATTR 0x00000008UL +#define FILESYSTEM__RELABELFROM 0x00000010UL +#define FILESYSTEM__RELABELTO 0x00000020UL +#define FILESYSTEM__TRANSITION 0x00000040UL +#define FILESYSTEM__ASSOCIATE 0x00000080UL +#define FILESYSTEM__QUOTAMOD 0x00000100UL +#define FILESYSTEM__QUOTAGET 0x00000200UL -#define FILESYSTEM__MOUNT 0x0000000000000001UL -#define FILESYSTEM__REMOUNT 0x0000000000000002UL -#define FILESYSTEM__UNMOUNT 0x0000000000000004UL -#define FILESYSTEM__GETATTR 0x0000000000000008UL -#define FILESYSTEM__RELABELFROM 0x0000000000000010UL -#define FILESYSTEM__RELABELTO 0x0000000000000020UL -#define FILESYSTEM__TRANSITION 0x0000000000000040UL -#define FILESYSTEM__ASSOCIATE 0x0000000000000080UL -#define FILESYSTEM__QUOTAMOD 0x0000000000000100UL -#define FILESYSTEM__QUOTAGET 0x0000000000000200UL +#define DIR__POLL 0x00000001UL +#define DIR__IOCTL 0x00000002UL +#define DIR__READ 0x00000004UL +#define DIR__WRITE 0x00000008UL +#define DIR__CREATE 0x00000010UL +#define DIR__GETATTR 0x00000020UL +#define DIR__SETATTR 0x00000040UL +#define DIR__LOCK 0x00000080UL +#define DIR__RELABELFROM 0x00000100UL +#define DIR__RELABELTO 0x00000200UL +#define DIR__TRANSITION 0x00000400UL +#define DIR__APPEND 0x00000800UL +#define DIR__ACCESS 0x00001000UL +#define DIR__UNLINK 0x00002000UL +#define DIR__LINK 0x00004000UL +#define DIR__RENAME 0x00008000UL +#define DIR__EXECUTE 0x00010000UL +#define DIR__SWAPON 0x00020000UL +#define DIR__QUOTAON 0x00040000UL +#define DIR__MOUNTON 0x00080000UL -#define DIR__WRITE 0x0000000000000008UL -#define DIR__EXECUTE 0x0000000000010000UL -#define DIR__RENAME 0x0000000000008000UL -#define DIR__READ 0x0000000000000004UL -#define DIR__CREATE 0x0000000000000010UL -#define DIR__SETATTR 0x0000000000000040UL -#define DIR__LINK 0x0000000000004000UL -#define DIR__IOCTL 0x0000000000000002UL -#define DIR__QUOTAON 0x0000000000040000UL -#define DIR__APPEND 0x0000000000000800UL -#define DIR__RELABELTO 0x0000000000000200UL -#define DIR__MOUNTON 0x0000000000080000UL -#define DIR__RELABELFROM 0x0000000000000100UL -#define DIR__TRANSITION 0x0000000000000400UL -#define DIR__GETATTR 0x0000000000000020UL -#define DIR__POLL 0x0000000000000001UL -#define DIR__SWAPON 0x0000000000020000UL -#define DIR__ACCESS 0x0000000000001000UL -#define DIR__UNLINK 0x0000000000002000UL -#define DIR__LOCK 0x0000000000000080UL +#define DIR__ADD_NAME 0x00100000UL +#define DIR__REMOVE_NAME 0x00200000UL +#define DIR__REPARENT 0x00400000UL +#define DIR__SEARCH 0x00800000UL +#define DIR__RMDIR 0x01000000UL -#define DIR__ADD_NAME 0x0000000000100000UL -#define DIR__REMOVE_NAME 0x0000000000200000UL -#define DIR__REPARENT 0x0000000000400000UL -#define DIR__SEARCH 0x0000000000800000UL -#define DIR__RMDIR 0x0000000001000000UL +#define FILE__POLL 0x00000001UL +#define FILE__IOCTL 0x00000002UL +#define FILE__READ 0x00000004UL +#define FILE__WRITE 0x00000008UL +#define FILE__CREATE 0x00000010UL +#define FILE__GETATTR 0x00000020UL +#define FILE__SETATTR 0x00000040UL +#define FILE__LOCK 0x00000080UL +#define FILE__RELABELFROM 0x00000100UL +#define FILE__RELABELTO 0x00000200UL +#define FILE__TRANSITION 0x00000400UL +#define FILE__APPEND 0x00000800UL +#define FILE__ACCESS 0x00001000UL +#define FILE__UNLINK 0x00002000UL +#define FILE__LINK 0x00004000UL +#define FILE__RENAME 0x00008000UL +#define FILE__EXECUTE 0x00010000UL +#define FILE__SWAPON 0x00020000UL +#define FILE__QUOTAON 0x00040000UL +#define FILE__MOUNTON 0x00080000UL -#define FILE__WRITE 0x0000000000000008UL -#define FILE__EXECUTE 0x0000000000010000UL -#define FILE__RENAME 0x0000000000008000UL -#define FILE__READ 0x0000000000000004UL -#define FILE__CREATE 0x0000000000000010UL -#define FILE__SETATTR 0x0000000000000040UL -#define FILE__LINK 0x0000000000004000UL -#define FILE__IOCTL 0x0000000000000002UL -#define FILE__QUOTAON 0x0000000000040000UL -#define FILE__APPEND 0x0000000000000800UL -#define FILE__RELABELTO 0x0000000000000200UL -#define FILE__MOUNTON 0x0000000000080000UL -#define FILE__RELABELFROM 0x0000000000000100UL -#define FILE__TRANSITION 0x0000000000000400UL -#define FILE__GETATTR 0x0000000000000020UL -#define FILE__POLL 0x0000000000000001UL -#define FILE__SWAPON 0x0000000000020000UL -#define FILE__ACCESS 0x0000000000001000UL -#define FILE__UNLINK 0x0000000000002000UL -#define FILE__LOCK 0x0000000000000080UL +#define FILE__EXECUTE_NO_TRANS 0x00100000UL +#define FILE__ENTRYPOINT 0x00200000UL -#define FILE__EXECUTE_NO_TRANS 0x0000000000100000UL -#define FILE__ENTRYPOINT 0x0000000000200000UL +#define LNK_FILE__POLL 0x00000001UL +#define LNK_FILE__IOCTL 0x00000002UL +#define LNK_FILE__READ 0x00000004UL +#define LNK_FILE__WRITE 0x00000008UL +#define LNK_FILE__CREATE 0x00000010UL +#define LNK_FILE__GETATTR 0x00000020UL +#define LNK_FILE__SETATTR 0x00000040UL +#define LNK_FILE__LOCK 0x00000080UL +#define LNK_FILE__RELABELFROM 0x00000100UL +#define LNK_FILE__RELABELTO 0x00000200UL +#define LNK_FILE__TRANSITION 0x00000400UL +#define LNK_FILE__APPEND 0x00000800UL +#define LNK_FILE__ACCESS 0x00001000UL +#define LNK_FILE__UNLINK 0x00002000UL +#define LNK_FILE__LINK 0x00004000UL +#define LNK_FILE__RENAME 0x00008000UL +#define LNK_FILE__EXECUTE 0x00010000UL +#define LNK_FILE__SWAPON 0x00020000UL +#define LNK_FILE__QUOTAON 0x00040000UL +#define LNK_FILE__MOUNTON 0x00080000UL -#define LNK_FILE__WRITE 0x0000000000000008UL -#define LNK_FILE__EXECUTE 0x0000000000010000UL -#define LNK_FILE__RENAME 0x0000000000008000UL -#define LNK_FILE__READ 0x0000000000000004UL -#define LNK_FILE__CREATE 0x0000000000000010UL -#define LNK_FILE__SETATTR 0x0000000000000040UL -#define LNK_FILE__LINK 0x0000000000004000UL -#define LNK_FILE__IOCTL 0x0000000000000002UL -#define LNK_FILE__QUOTAON 0x0000000000040000UL -#define LNK_FILE__APPEND 0x0000000000000800UL -#define LNK_FILE__RELABELTO 0x0000000000000200UL -#define LNK_FILE__MOUNTON 0x0000000000080000UL -#define LNK_FILE__RELABELFROM 0x0000000000000100UL -#define LNK_FILE__TRANSITION 0x0000000000000400UL -#define LNK_FILE__GETATTR 0x0000000000000020UL -#define LNK_FILE__POLL 0x0000000000000001UL -#define LNK_FILE__SWAPON 0x0000000000020000UL -#define LNK_FILE__ACCESS 0x0000000000001000UL -#define LNK_FILE__UNLINK 0x0000000000002000UL -#define LNK_FILE__LOCK 0x0000000000000080UL +#define CHR_FILE__POLL 0x00000001UL +#define CHR_FILE__IOCTL 0x00000002UL +#define CHR_FILE__READ 0x00000004UL +#define CHR_FILE__WRITE 0x00000008UL +#define CHR_FILE__CREATE 0x00000010UL +#define CHR_FILE__GETATTR 0x00000020UL +#define CHR_FILE__SETATTR 0x00000040UL +#define CHR_FILE__LOCK 0x00000080UL +#define CHR_FILE__RELABELFROM 0x00000100UL +#define CHR_FILE__RELABELTO 0x00000200UL +#define CHR_FILE__TRANSITION 0x00000400UL +#define CHR_FILE__APPEND 0x00000800UL +#define CHR_FILE__ACCESS 0x00001000UL +#define CHR_FILE__UNLINK 0x00002000UL +#define CHR_FILE__LINK 0x00004000UL +#define CHR_FILE__RENAME 0x00008000UL +#define CHR_FILE__EXECUTE 0x00010000UL +#define CHR_FILE__SWAPON 0x00020000UL +#define CHR_FILE__QUOTAON 0x00040000UL +#define CHR_FILE__MOUNTON 0x00080000UL -#define CHR_FILE__WRITE 0x0000000000000008UL -#define CHR_FILE__EXECUTE 0x0000000000010000UL -#define CHR_FILE__RENAME 0x0000000000008000UL -#define CHR_FILE__READ 0x0000000000000004UL -#define CHR_FILE__CREATE 0x0000000000000010UL -#define CHR_FILE__SETATTR 0x0000000000000040UL -#define CHR_FILE__LINK 0x0000000000004000UL -#define CHR_FILE__IOCTL 0x0000000000000002UL -#define CHR_FILE__QUOTAON 0x0000000000040000UL -#define CHR_FILE__APPEND 0x0000000000000800UL -#define CHR_FILE__RELABELTO 0x0000000000000200UL -#define CHR_FILE__MOUNTON 0x0000000000080000UL -#define CHR_FILE__RELABELFROM 0x0000000000000100UL -#define CHR_FILE__TRANSITION 0x0000000000000400UL -#define CHR_FILE__GETATTR 0x0000000000000020UL -#define CHR_FILE__POLL 0x0000000000000001UL -#define CHR_FILE__SWAPON 0x0000000000020000UL -#define CHR_FILE__ACCESS 0x0000000000001000UL -#define CHR_FILE__UNLINK 0x0000000000002000UL -#define CHR_FILE__LOCK 0x0000000000000080UL +#define BLK_FILE__POLL 0x00000001UL +#define BLK_FILE__IOCTL 0x00000002UL +#define BLK_FILE__READ 0x00000004UL +#define BLK_FILE__WRITE 0x00000008UL +#define BLK_FILE__CREATE 0x00000010UL +#define BLK_FILE__GETATTR 0x00000020UL +#define BLK_FILE__SETATTR 0x00000040UL +#define BLK_FILE__LOCK 0x00000080UL +#define BLK_FILE__RELABELFROM 0x00000100UL +#define BLK_FILE__RELABELTO 0x00000200UL +#define BLK_FILE__TRANSITION 0x00000400UL +#define BLK_FILE__APPEND 0x00000800UL +#define BLK_FILE__ACCESS 0x00001000UL +#define BLK_FILE__UNLINK 0x00002000UL +#define BLK_FILE__LINK 0x00004000UL +#define BLK_FILE__RENAME 0x00008000UL +#define BLK_FILE__EXECUTE 0x00010000UL +#define BLK_FILE__SWAPON 0x00020000UL +#define BLK_FILE__QUOTAON 0x00040000UL +#define BLK_FILE__MOUNTON 0x00080000UL -#define BLK_FILE__WRITE 0x0000000000000008UL -#define BLK_FILE__EXECUTE 0x0000000000010000UL -#define BLK_FILE__RENAME 0x0000000000008000UL -#define BLK_FILE__READ 0x0000000000000004UL -#define BLK_FILE__CREATE 0x0000000000000010UL -#define BLK_FILE__SETATTR 0x0000000000000040UL -#define BLK_FILE__LINK 0x0000000000004000UL -#define BLK_FILE__IOCTL 0x0000000000000002UL -#define BLK_FILE__QUOTAON 0x0000000000040000UL -#define BLK_FILE__APPEND 0x0000000000000800UL -#define BLK_FILE__RELABELTO 0x0000000000000200UL -#define BLK_FILE__MOUNTON 0x0000000000080000UL -#define BLK_FILE__RELABELFROM 0x0000000000000100UL -#define BLK_FILE__TRANSITION 0x0000000000000400UL -#define BLK_FILE__GETATTR 0x0000000000000020UL -#define BLK_FILE__POLL 0x0000000000000001UL -#define BLK_FILE__SWAPON 0x0000000000020000UL -#define BLK_FILE__ACCESS 0x0000000000001000UL -#define BLK_FILE__UNLINK 0x0000000000002000UL -#define BLK_FILE__LOCK 0x0000000000000080UL +#define SOCK_FILE__POLL 0x00000001UL +#define SOCK_FILE__IOCTL 0x00000002UL +#define SOCK_FILE__READ 0x00000004UL +#define SOCK_FILE__WRITE 0x00000008UL +#define SOCK_FILE__CREATE 0x00000010UL +#define SOCK_FILE__GETATTR 0x00000020UL +#define SOCK_FILE__SETATTR 0x00000040UL +#define SOCK_FILE__LOCK 0x00000080UL +#define SOCK_FILE__RELABELFROM 0x00000100UL +#define SOCK_FILE__RELABELTO 0x00000200UL +#define SOCK_FILE__TRANSITION 0x00000400UL +#define SOCK_FILE__APPEND 0x00000800UL +#define SOCK_FILE__ACCESS 0x00001000UL +#define SOCK_FILE__UNLINK 0x00002000UL +#define SOCK_FILE__LINK 0x00004000UL +#define SOCK_FILE__RENAME 0x00008000UL +#define SOCK_FILE__EXECUTE 0x00010000UL +#define SOCK_FILE__SWAPON 0x00020000UL +#define SOCK_FILE__QUOTAON 0x00040000UL +#define SOCK_FILE__MOUNTON 0x00080000UL -#define SOCK_FILE__WRITE 0x0000000000000008UL -#define SOCK_FILE__EXECUTE 0x0000000000010000UL -#define SOCK_FILE__RENAME 0x0000000000008000UL -#define SOCK_FILE__READ 0x0000000000000004UL -#define SOCK_FILE__CREATE 0x0000000000000010UL -#define SOCK_FILE__SETATTR 0x0000000000000040UL -#define SOCK_FILE__LINK 0x0000000000004000UL -#define SOCK_FILE__IOCTL 0x0000000000000002UL -#define SOCK_FILE__QUOTAON 0x0000000000040000UL -#define SOCK_FILE__APPEND 0x0000000000000800UL -#define SOCK_FILE__RELABELTO 0x0000000000000200UL -#define SOCK_FILE__MOUNTON 0x0000000000080000UL -#define SOCK_FILE__RELABELFROM 0x0000000000000100UL -#define SOCK_FILE__TRANSITION 0x0000000000000400UL -#define SOCK_FILE__GETATTR 0x0000000000000020UL -#define SOCK_FILE__POLL 0x0000000000000001UL -#define SOCK_FILE__SWAPON 0x0000000000020000UL -#define SOCK_FILE__ACCESS 0x0000000000001000UL -#define SOCK_FILE__UNLINK 0x0000000000002000UL -#define SOCK_FILE__LOCK 0x0000000000000080UL +#define FIFO_FILE__POLL 0x00000001UL +#define FIFO_FILE__IOCTL 0x00000002UL +#define FIFO_FILE__READ 0x00000004UL +#define FIFO_FILE__WRITE 0x00000008UL +#define FIFO_FILE__CREATE 0x00000010UL +#define FIFO_FILE__GETATTR 0x00000020UL +#define FIFO_FILE__SETATTR 0x00000040UL +#define FIFO_FILE__LOCK 0x00000080UL +#define FIFO_FILE__RELABELFROM 0x00000100UL +#define FIFO_FILE__RELABELTO 0x00000200UL +#define FIFO_FILE__TRANSITION 0x00000400UL +#define FIFO_FILE__APPEND 0x00000800UL +#define FIFO_FILE__ACCESS 0x00001000UL +#define FIFO_FILE__UNLINK 0x00002000UL +#define FIFO_FILE__LINK 0x00004000UL +#define FIFO_FILE__RENAME 0x00008000UL +#define FIFO_FILE__EXECUTE 0x00010000UL +#define FIFO_FILE__SWAPON 0x00020000UL +#define FIFO_FILE__QUOTAON 0x00040000UL +#define FIFO_FILE__MOUNTON 0x00080000UL -#define FIFO_FILE__WRITE 0x0000000000000008UL -#define FIFO_FILE__EXECUTE 0x0000000000010000UL -#define FIFO_FILE__RENAME 0x0000000000008000UL -#define FIFO_FILE__READ 0x0000000000000004UL -#define FIFO_FILE__CREATE 0x0000000000000010UL -#define FIFO_FILE__SETATTR 0x0000000000000040UL -#define FIFO_FILE__LINK 0x0000000000004000UL -#define FIFO_FILE__IOCTL 0x0000000000000002UL -#define FIFO_FILE__QUOTAON 0x0000000000040000UL -#define FIFO_FILE__APPEND 0x0000000000000800UL -#define FIFO_FILE__RELABELTO 0x0000000000000200UL -#define FIFO_FILE__MOUNTON 0x0000000000080000UL -#define FIFO_FILE__RELABELFROM 0x0000000000000100UL -#define FIFO_FILE__TRANSITION 0x0000000000000400UL -#define FIFO_FILE__GETATTR 0x0000000000000020UL -#define FIFO_FILE__POLL 0x0000000000000001UL -#define FIFO_FILE__SWAPON 0x0000000000020000UL -#define FIFO_FILE__ACCESS 0x0000000000001000UL -#define FIFO_FILE__UNLINK 0x0000000000002000UL -#define FIFO_FILE__LOCK 0x0000000000000080UL +#define FD__CREATE 0x00000001UL +#define FD__USE 0x00000002UL -#define FD__CREATE 0x0000000000000001UL -#define FD__USE 0x0000000000000002UL +#define SOCKET__POLL 0x00000001UL +#define SOCKET__IOCTL 0x00000002UL +#define SOCKET__READ 0x00000004UL +#define SOCKET__WRITE 0x00000008UL +#define SOCKET__CREATE 0x00000010UL +#define SOCKET__GETATTR 0x00000020UL +#define SOCKET__SETATTR 0x00000040UL +#define SOCKET__LOCK 0x00000080UL +#define SOCKET__RELABELFROM 0x00000100UL +#define SOCKET__RELABELTO 0x00000200UL +#define SOCKET__TRANSITION 0x00000400UL +#define SOCKET__APPEND 0x00000800UL +#define SOCKET__BIND 0x00001000UL +#define SOCKET__CONNECT 0x00002000UL +#define SOCKET__LISTEN 0x00004000UL +#define SOCKET__ACCEPT 0x00008000UL +#define SOCKET__GETOPT 0x00010000UL +#define SOCKET__SETOPT 0x00020000UL +#define SOCKET__SHUTDOWN 0x00040000UL +#define SOCKET__RECVFROM 0x00080000UL +#define SOCKET__SENDTO 0x00100000UL +#define SOCKET__RECV_MSG 0x00200000UL +#define SOCKET__SEND_MSG 0x00400000UL +#define SOCKET__NAME_BIND 0x00800000UL -#define SOCKET__TRANSITION 0x0000000000000400UL -#define SOCKET__SHUTDOWN 0x0000000000040000UL -#define SOCKET__POLL 0x0000000000000001UL -#define SOCKET__SEND_MSG 0x0000000000400000UL -#define SOCKET__LOCK 0x0000000000000080UL -#define SOCKET__RECVFROM 0x0000000000080000UL -#define SOCKET__BIND 0x0000000000001000UL -#define SOCKET__ACCEPT 0x0000000000008000UL -#define SOCKET__RELABELFROM 0x0000000000000100UL -#define SOCKET__GETOPT 0x0000000000010000UL -#define SOCKET__WRITE 0x0000000000000008UL -#define SOCKET__SETATTR 0x0000000000000040UL -#define SOCKET__READ 0x0000000000000004UL -#define SOCKET__NAME_BIND 0x0000000000800000UL -#define SOCKET__LISTEN 0x0000000000004000UL -#define SOCKET__CREATE 0x0000000000000010UL -#define SOCKET__SETOPT 0x0000000000020000UL -#define SOCKET__RECV_MSG 0x0000000000200000UL -#define SOCKET__SENDTO 0x0000000000100000UL -#define SOCKET__GETATTR 0x0000000000000020UL -#define SOCKET__CONNECT 0x0000000000002000UL -#define SOCKET__APPEND 0x0000000000000800UL -#define SOCKET__IOCTL 0x0000000000000002UL -#define SOCKET__RELABELTO 0x0000000000000200UL +#define TCP_SOCKET__POLL 0x00000001UL +#define TCP_SOCKET__IOCTL 0x00000002UL +#define TCP_SOCKET__READ 0x00000004UL +#define TCP_SOCKET__WRITE 0x00000008UL +#define TCP_SOCKET__CREATE 0x00000010UL +#define TCP_SOCKET__GETATTR 0x00000020UL +#define TCP_SOCKET__SETATTR 0x00000040UL +#define TCP_SOCKET__LOCK 0x00000080UL +#define TCP_SOCKET__RELABELFROM 0x00000100UL +#define TCP_SOCKET__RELABELTO 0x00000200UL +#define TCP_SOCKET__TRANSITION 0x00000400UL +#define TCP_SOCKET__APPEND 0x00000800UL +#define TCP_SOCKET__BIND 0x00001000UL +#define TCP_SOCKET__CONNECT 0x00002000UL +#define TCP_SOCKET__LISTEN 0x00004000UL +#define TCP_SOCKET__ACCEPT 0x00008000UL +#define TCP_SOCKET__GETOPT 0x00010000UL +#define TCP_SOCKET__SETOPT 0x00020000UL +#define TCP_SOCKET__SHUTDOWN 0x00040000UL +#define TCP_SOCKET__RECVFROM 0x00080000UL +#define TCP_SOCKET__SENDTO 0x00100000UL +#define TCP_SOCKET__RECV_MSG 0x00200000UL +#define TCP_SOCKET__SEND_MSG 0x00400000UL +#define TCP_SOCKET__NAME_BIND 0x00800000UL -#define TCP_SOCKET__TRANSITION 0x0000000000000400UL -#define TCP_SOCKET__SHUTDOWN 0x0000000000040000UL -#define TCP_SOCKET__POLL 0x0000000000000001UL -#define TCP_SOCKET__SEND_MSG 0x0000000000400000UL -#define TCP_SOCKET__LOCK 0x0000000000000080UL -#define TCP_SOCKET__RECVFROM 0x0000000000080000UL -#define TCP_SOCKET__BIND 0x0000000000001000UL -#define TCP_SOCKET__ACCEPT 0x0000000000008000UL -#define TCP_SOCKET__RELABELFROM 0x0000000000000100UL -#define TCP_SOCKET__GETOPT 0x0000000000010000UL -#define TCP_SOCKET__WRITE 0x0000000000000008UL -#define TCP_SOCKET__SETATTR 0x0000000000000040UL -#define TCP_SOCKET__READ 0x0000000000000004UL -#define TCP_SOCKET__NAME_BIND 0x0000000000800000UL -#define TCP_SOCKET__LISTEN 0x0000000000004000UL -#define TCP_SOCKET__CREATE 0x0000000000000010UL -#define TCP_SOCKET__SETOPT 0x0000000000020000UL -#define TCP_SOCKET__RECV_MSG 0x0000000000200000UL -#define TCP_SOCKET__SENDTO 0x0000000000100000UL -#define TCP_SOCKET__GETATTR 0x0000000000000020UL -#define TCP_SOCKET__CONNECT 0x0000000000002000UL -#define TCP_SOCKET__APPEND 0x0000000000000800UL -#define TCP_SOCKET__IOCTL 0x0000000000000002UL -#define TCP_SOCKET__RELABELTO 0x0000000000000200UL +#define TCP_SOCKET__CONNECTTO 0x01000000UL +#define TCP_SOCKET__NEWCONN 0x02000000UL +#define TCP_SOCKET__ACCEPTFROM 0x04000000UL +#define TCP_SOCKET__NODE_BIND 0x08000000UL -#define TCP_SOCKET__CONNECTTO 0x0000000001000000UL -#define TCP_SOCKET__NEWCONN 0x0000000002000000UL -#define TCP_SOCKET__ACCEPTFROM 0x0000000004000000UL -#define TCP_SOCKET__NODE_BIND 0x0000000008000000UL +#define UDP_SOCKET__POLL 0x00000001UL +#define UDP_SOCKET__IOCTL 0x00000002UL +#define UDP_SOCKET__READ 0x00000004UL +#define UDP_SOCKET__WRITE 0x00000008UL +#define UDP_SOCKET__CREATE 0x00000010UL +#define UDP_SOCKET__GETATTR 0x00000020UL +#define UDP_SOCKET__SETATTR 0x00000040UL +#define UDP_SOCKET__LOCK 0x00000080UL +#define UDP_SOCKET__RELABELFROM 0x00000100UL +#define UDP_SOCKET__RELABELTO 0x00000200UL +#define UDP_SOCKET__TRANSITION 0x00000400UL +#define UDP_SOCKET__APPEND 0x00000800UL +#define UDP_SOCKET__BIND 0x00001000UL +#define UDP_SOCKET__CONNECT 0x00002000UL +#define UDP_SOCKET__LISTEN 0x00004000UL +#define UDP_SOCKET__ACCEPT 0x00008000UL +#define UDP_SOCKET__GETOPT 0x00010000UL +#define UDP_SOCKET__SETOPT 0x00020000UL +#define UDP_SOCKET__SHUTDOWN 0x00040000UL +#define UDP_SOCKET__RECVFROM 0x00080000UL +#define UDP_SOCKET__SENDTO 0x00100000UL +#define UDP_SOCKET__RECV_MSG 0x00200000UL +#define UDP_SOCKET__SEND_MSG 0x00400000UL +#define UDP_SOCKET__NAME_BIND 0x00800000UL -#define UDP_SOCKET__TRANSITION 0x0000000000000400UL -#define UDP_SOCKET__SHUTDOWN 0x0000000000040000UL -#define UDP_SOCKET__POLL 0x0000000000000001UL -#define UDP_SOCKET__SEND_MSG 0x0000000000400000UL -#define UDP_SOCKET__LOCK 0x0000000000000080UL -#define UDP_SOCKET__RECVFROM 0x0000000000080000UL -#define UDP_SOCKET__BIND 0x0000000000001000UL -#define UDP_SOCKET__ACCEPT 0x0000000000008000UL -#define UDP_SOCKET__RELABELFROM 0x0000000000000100UL -#define UDP_SOCKET__GETOPT 0x0000000000010000UL -#define UDP_SOCKET__WRITE 0x0000000000000008UL -#define UDP_SOCKET__SETATTR 0x0000000000000040UL -#define UDP_SOCKET__READ 0x0000000000000004UL -#define UDP_SOCKET__NAME_BIND 0x0000000000800000UL -#define UDP_SOCKET__LISTEN 0x0000000000004000UL -#define UDP_SOCKET__CREATE 0x0000000000000010UL -#define UDP_SOCKET__SETOPT 0x0000000000020000UL -#define UDP_SOCKET__RECV_MSG 0x0000000000200000UL -#define UDP_SOCKET__SENDTO 0x0000000000100000UL -#define UDP_SOCKET__GETATTR 0x0000000000000020UL -#define UDP_SOCKET__CONNECT 0x0000000000002000UL -#define UDP_SOCKET__APPEND 0x0000000000000800UL -#define UDP_SOCKET__IOCTL 0x0000000000000002UL -#define UDP_SOCKET__RELABELTO 0x0000000000000200UL +#define UDP_SOCKET__NODE_BIND 0x01000000UL -#define UDP_SOCKET__NODE_BIND 0x0000000001000000UL +#define RAWIP_SOCKET__POLL 0x00000001UL +#define RAWIP_SOCKET__IOCTL 0x00000002UL +#define RAWIP_SOCKET__READ 0x00000004UL +#define RAWIP_SOCKET__WRITE 0x00000008UL +#define RAWIP_SOCKET__CREATE 0x00000010UL +#define RAWIP_SOCKET__GETATTR 0x00000020UL +#define RAWIP_SOCKET__SETATTR 0x00000040UL +#define RAWIP_SOCKET__LOCK 0x00000080UL +#define RAWIP_SOCKET__RELABELFROM 0x00000100UL +#define RAWIP_SOCKET__RELABELTO 0x00000200UL +#define RAWIP_SOCKET__TRANSITION 0x00000400UL +#define RAWIP_SOCKET__APPEND 0x00000800UL +#define RAWIP_SOCKET__BIND 0x00001000UL +#define RAWIP_SOCKET__CONNECT 0x00002000UL +#define RAWIP_SOCKET__LISTEN 0x00004000UL +#define RAWIP_SOCKET__ACCEPT 0x00008000UL +#define RAWIP_SOCKET__GETOPT 0x00010000UL >>> TRUNCATED FOR MAIL (1000 lines) <<<