From owner-trustedbsd-cvs@FreeBSD.ORG Tue May 16 18:13:32 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B36516B04F for ; Tue, 16 May 2006 18:13:32 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 456EC43D64 for ; Tue, 16 May 2006 18:13:16 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id C331346C2A for ; Tue, 16 May 2006 14:13:13 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 5EE66559C3; Tue, 16 May 2006 18:08:07 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 5214516AF68; Tue, 16 May 2006 18:08:07 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86D0316AF5C for ; Tue, 16 May 2006 18:08:05 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFB4443D6A for ; Tue, 16 May 2006 18:07:57 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k4GI7fkx071048 for ; Tue, 16 May 2006 18:07:41 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k4GI7eHL071045 for perforce@freebsd.org; Tue, 16 May 2006 18:07:40 GMT (envelope-from millert@freebsd.org) Date: Tue, 16 May 2006 18:07:40 GMT Message-Id: <200605161807.k4GI7eHL071045@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 97271 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 May 2006 18:13:45 -0000 http://perforce.freebsd.org/chv.cgi?CH=97271 Change 97271 by millert@millert_p4 on 2006/05/16 18:07:21 Update flask components based on the version of selinux in the linux 2.6.16 kernel. Flask headers have been generated based on the refernce policy. Since FreeBSD doesn't have rcu style locking, we use rwlocks (one per avc "slot") instead. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/kern/subr_witness.c#18 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_inherit.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#8 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#9 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc-selinux.c#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.c#10 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.h#9 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc_ss.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/class_to_string.h#6 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/common_perm_to_string.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/initial_sid_to_string.h#6 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask.h#7 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask_types.h#7 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/linux-compat.h#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#42 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_labels.h#7 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscall.c#9 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscalls.h#8 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_sysctl.c#11 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.c#9 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.h#7 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/conditional.c#6 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/conditional.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/constraint.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/context.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/ebitmap.c#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/ebitmap.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/fileutils.c#8 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/fileutils.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/global.h#7 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/hashtab.c#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/hashtab.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/init.c#6 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls.c#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls.h#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls_types.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/policydb.c#7 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/policydb.h#8 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/queue.c#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/queue.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/security.h#10 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/services.c#13 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/services.h#6 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/sidtab.c#10 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/sidtab.h#6 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/symtab.c#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/symtab.h#5 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/kern/subr_witness.c#18 (text+ko) ==== @@ -291,7 +291,7 @@ { "uidinfo struct", &lock_class_mtx_sleep }, { "allprison", &lock_class_mtx_sleep }, - { "SEBSD AVC", &lock_class_mtx_sleep }, + { "SEBSD AVC", &lock_class_rw }, { "SEBSD message lock", &lock_class_mtx_sleep }, { "SEBSD policy lock", &lock_class_rw }, ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_inherit.h#5 (text+ko) ==== @@ -1,37 +1,31 @@ /* This file is automatically generated. Do not edit. */ -/* FLASK */ - -typedef struct -{ - security_class_t tclass; - char **common_pts; - access_vector_t common_base; -} av_inherit_t; - -static av_inherit_t av_inherit[] = { - { SECCLASS_DIR, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_FILE, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_LNK_FILE, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_CHR_FILE, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_BLK_FILE, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_SOCK_FILE, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_FIFO_FILE, common_file_perm_to_string, 0x0000000000100000UL }, - { SECCLASS_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_TCP_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_UDP_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_RAWIP_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_NETLINK_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_PACKET_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_KEY_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_UNIX_STREAM_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_UNIX_DGRAM_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL }, - { SECCLASS_IPC, common_ipc_perm_to_string, 0x0000000000000200UL }, - { SECCLASS_SEM, common_ipc_perm_to_string, 0x0000000000000200UL }, - { SECCLASS_MSGQ, common_ipc_perm_to_string, 0x0000000000000200UL }, - { SECCLASS_SHM, common_ipc_perm_to_string, 0x0000000000000200UL }, -}; - -#define AV_INHERIT_SIZE (sizeof(av_inherit)/sizeof(av_inherit_t)) - - -/* FLASK */ + S_(SECCLASS_DIR, file, 0x00100000UL) + S_(SECCLASS_FILE, file, 0x00100000UL) + S_(SECCLASS_LNK_FILE, file, 0x00100000UL) + S_(SECCLASS_CHR_FILE, file, 0x00100000UL) + S_(SECCLASS_BLK_FILE, file, 0x00100000UL) + S_(SECCLASS_SOCK_FILE, file, 0x00100000UL) + S_(SECCLASS_FIFO_FILE, file, 0x00100000UL) + S_(SECCLASS_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_IPC, ipc, 0x00000200UL) + S_(SECCLASS_SEM, ipc, 0x00000200UL) + S_(SECCLASS_MSGQ, ipc, 0x00000200UL) + S_(SECCLASS_SHM, ipc, 0x00000200UL) + S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL) ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#8 (text+ko) ==== @@ -1,142 +1,248 @@ /* This file is automatically generated. Do not edit. */ -/* FLASK */ - -typedef struct -{ - security_class_t tclass; - access_vector_t value; - char *name; -} av_perm_to_string_t; - -static av_perm_to_string_t av_perm_to_string[] = { - { SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget" }, - { SECCLASS_DIR, DIR__ADD_NAME, "add_name" }, - { SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name" }, - { SECCLASS_DIR, DIR__REPARENT, "reparent" }, - { SECCLASS_DIR, DIR__SEARCH, "search" }, - { SECCLASS_DIR, DIR__RMDIR, "rmdir" }, - { SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans" }, - { SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint" }, - { SECCLASS_FD, FD__CREATE, "create" }, - { SECCLASS_FD, FD__USE, "use" }, - { SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto" }, - { SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn" }, - { SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom" }, - { SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind" }, - { SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind" }, - { SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind" }, - { SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv" }, - { SECCLASS_NODE, NODE__TCP_SEND, "tcp_send" }, - { SECCLASS_NODE, NODE__UDP_RECV, "udp_recv" }, - { SECCLASS_NODE, NODE__UDP_SEND, "udp_send" }, - { SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv" }, - { SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send" }, - { SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest" }, - { SECCLASS_NETIF, NETIF__GETATTR, "getattr" }, - { SECCLASS_NETIF, NETIF__SETATTR, "setattr" }, - { SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv" }, - { SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send" }, - { SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv" }, - { SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send" }, - { SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv" }, - { SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send" }, - { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto" }, - { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn" }, - { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom" }, - { SECCLASS_PROCESS, PROCESS__FORK, "fork" }, - { SECCLASS_PROCESS, PROCESS__TRANSITION, "transition" }, - { SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld" }, - { SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill" }, - { SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop" }, - { SECCLASS_PROCESS, PROCESS__SIGNULL, "signull" }, - { SECCLASS_PROCESS, PROCESS__SIGNAL, "signal" }, - { SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace" }, - { SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched" }, - { SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched" }, - { SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession" }, - { SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid" }, - { SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid" }, - { SECCLASS_PROCESS, PROCESS__GETCAP, "getcap" }, - { SECCLASS_PROCESS, PROCESS__SETCAP, "setcap" }, - { SECCLASS_PROCESS, PROCESS__SHARE, "share" }, - { SECCLASS_PROCESS, PROCESS__GETATTR, "getattr" }, - { SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec" }, - { SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate" }, - { SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure" }, - { SECCLASS_PROCESS, PROCESS__SIGINH, "siginh" }, - { SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit" }, - { SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh" }, - { SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue" }, - { SECCLASS_MSG, MSG__SEND, "send" }, - { SECCLASS_MSG, MSG__RECEIVE, "receive" }, - { SECCLASS_MSG, MSG__DESTROY, "destroy" }, - { SECCLASS_SHM, SHM__LOCK, "lock" }, - { SECCLASS_POSIX_SEM, POSIX_SEM__ASSOCIATE, "associate" }, - { SECCLASS_POSIX_SEM, POSIX_SEM__DISASSOCIATE, "disassociate" }, - { SECCLASS_POSIX_SEM, POSIX_SEM__DESTROY, "destroy" }, - { SECCLASS_POSIX_SEM, POSIX_SEM__WRITE, "write" }, - { SECCLASS_POSIX_SEM, POSIX_SEM__READ, "read" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member" }, - { SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context" }, - { SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user" }, - { SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce" }, - { SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool" }, - { SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info" }, - { SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read" }, - { SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod" }, - { SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console" }, - { SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown" }, - { SECCLASS_CAPABILITY, CAPABILITY__DAC_EXECUTE, "dac_execute" }, - { SECCLASS_CAPABILITY, CAPABILITY__DAC_WRITE, "dac_write" }, - { SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search" }, - { SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner" }, - { SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid" }, - { SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill" }, - { SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap" }, - { SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid" }, - { SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid" }, - { SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control" }, - { SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write" }, - { SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable" }, - { SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service" }, - { SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast" }, - { SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin" }, - { SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw" }, - { SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock" }, - { SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config" }, - { SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod" }, - { SECCLASS_PASSWD, PASSWD__PASSWD, "passwd" }, - { SECCLASS_PASSWD, PASSWD__CHFN, "chfn" }, - { SECCLASS_PASSWD, PASSWD__CHSH, "chsh" }, - { SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok" }, - { SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab" }, -}; - -#define AV_PERM_TO_STRING_SIZE (sizeof(av_perm_to_string)/sizeof(av_perm_to_string_t)) - - -/* FLASK */ + S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget") + S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name") + S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name") + S_(SECCLASS_DIR, DIR__REPARENT, "reparent") + S_(SECCLASS_DIR, DIR__SEARCH, "search") + S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") + S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") + S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") + S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") + S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans") + S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint") + S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod") + S_(SECCLASS_FD, FD__CREATE, "create") + S_(SECCLASS_FD, FD__USE, "use") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect") + S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv") + S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send") + S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv") + S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send") + S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv") + S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send") + S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") + S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") + S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") + S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") + S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send") + S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv") + S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") + S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") + S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") + S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") + S_(SECCLASS_PROCESS, PROCESS__FORK, "fork") + S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition") + S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld") + S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill") + S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop") + S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull") + S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal") + S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace") + S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched") + S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched") + S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession") + S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid") + S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid") + S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap") + S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap") + S_(SECCLASS_PROCESS, PROCESS__SHARE, "share") + S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr") + S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec") + S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate") + S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure") + S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") + S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") + S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") + S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") + S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") + S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") + S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") + S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") + S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") + S_(SECCLASS_MSG, MSG__SEND, "send") + S_(SECCLASS_MSG, MSG__RECEIVE, "receive") + S_(SECCLASS_MSG, MSG__DESTROY, "destroy") + S_(SECCLASS_SHM, SHM__LOCK, "lock") + S_(SECCLASS_POSIX_SEM, POSIX_SEM__ASSOCIATE, "associate") + S_(SECCLASS_POSIX_SEM, POSIX_SEM__DISASSOCIATE, "disassociate") + S_(SECCLASS_POSIX_SEM, POSIX_SEM__DESTROY, "destroy") + S_(SECCLASS_POSIX_SEM, POSIX_SEM__WRITE, "write") + S_(SECCLASS_POSIX_SEM, POSIX_SEM__READ, "read") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") + S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") + S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") + S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") + S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") + S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam") + S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot") + S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info") + S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") + S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") + S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") + S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") + S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override") + S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") + S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner") + S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid") + S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap") + S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw") + S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock") + S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config") + S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod") + S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") + S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") + S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") + S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd") + S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn") + S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh") + S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok") + S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab") + S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create") + S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy") + S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw") + S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy") + S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr") + S_(SECCLASS_GC, GC__CREATE, "create") + S_(SECCLASS_GC, GC__FREE, "free") + S_(SECCLASS_GC, GC__GETATTR, "getattr") + S_(SECCLASS_GC, GC__SETATTR, "setattr") + S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild") + S_(SECCLASS_WINDOW, WINDOW__CREATE, "create") + S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy") + S_(SECCLASS_WINDOW, WINDOW__MAP, "map") + S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap") + S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack") + S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist") + S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop") + S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop") + S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr") + S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr") + S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus") + S_(SECCLASS_WINDOW, WINDOW__MOVE, "move") + S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection") + S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent") + S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife") + S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate") + S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent") + S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion") + S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent") + S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent") + S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent") + S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent") + S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest") + S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent") + S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent") + S_(SECCLASS_FONT, FONT__LOAD, "load") + S_(SECCLASS_FONT, FONT__FREE, "free") + S_(SECCLASS_FONT, FONT__GETATTR, "getattr") + S_(SECCLASS_FONT, FONT__USE, "use") + S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create") + S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free") + S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install") + S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall") + S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list") + S_(SECCLASS_COLORMAP, COLORMAP__READ, "read") + S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store") + S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr") + S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr") + S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create") + S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free") + S_(SECCLASS_PROPERTY, PROPERTY__READ, "read") + S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write") + S_(SECCLASS_CURSOR, CURSOR__CREATE, "create") + S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph") + S_(SECCLASS_CURSOR, CURSOR__FREE, "free") + S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign") + S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr") + S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill") + S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup") + S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr") + S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr") + S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus") + S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer") + S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab") + S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab") + S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab") + S_(SECCLASS_XINPUT, XINPUT__BELL, "bell") + S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion") + S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput") + S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver") + S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist") + S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist") + S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath") + S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath") + S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr") + S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab") + S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab") + S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query") + S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use") + S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec") + S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp") + S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect") + S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap") + S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec") + S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec") + S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay") + S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv") + S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc") + S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg") + S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd") + S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp") + S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost") + S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat") + S_(SECCLASS_NSCD, NSCD__ADMIN, "admin") + S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd") + S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp") + S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") + S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") + S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") + S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext") ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#9 (text+ko) ==== @@ -1,617 +1,967 @@ /* This file is automatically generated. Do not edit. */ -/* FLASK */ +#define COMMON_FILE__POLL 0x00000001UL +#define COMMON_FILE__IOCTL 0x00000002UL +#define COMMON_FILE__READ 0x00000004UL +#define COMMON_FILE__WRITE 0x00000008UL +#define COMMON_FILE__CREATE 0x00000010UL +#define COMMON_FILE__GETATTR 0x00000020UL +#define COMMON_FILE__SETATTR 0x00000040UL +#define COMMON_FILE__LOCK 0x00000080UL +#define COMMON_FILE__RELABELFROM 0x00000100UL +#define COMMON_FILE__RELABELTO 0x00000200UL +#define COMMON_FILE__TRANSITION 0x00000400UL +#define COMMON_FILE__APPEND 0x00000800UL +#define COMMON_FILE__ACCESS 0x00001000UL +#define COMMON_FILE__UNLINK 0x00002000UL +#define COMMON_FILE__LINK 0x00004000UL +#define COMMON_FILE__RENAME 0x00008000UL +#define COMMON_FILE__EXECUTE 0x00010000UL +#define COMMON_FILE__SWAPON 0x00020000UL +#define COMMON_FILE__QUOTAON 0x00040000UL +#define COMMON_FILE__MOUNTON 0x00080000UL + +#define COMMON_SOCKET__IOCTL 0x00000001UL +#define COMMON_SOCKET__READ 0x00000002UL +#define COMMON_SOCKET__WRITE 0x00000004UL +#define COMMON_SOCKET__CREATE 0x00000008UL +#define COMMON_SOCKET__GETATTR 0x00000010UL +#define COMMON_SOCKET__SETATTR 0x00000020UL +#define COMMON_SOCKET__LOCK 0x00000040UL +#define COMMON_SOCKET__RELABELFROM 0x00000080UL +#define COMMON_SOCKET__RELABELTO 0x00000100UL +#define COMMON_SOCKET__APPEND 0x00000200UL +#define COMMON_SOCKET__BIND 0x00000400UL +#define COMMON_SOCKET__CONNECT 0x00000800UL +#define COMMON_SOCKET__LISTEN 0x00001000UL +#define COMMON_SOCKET__ACCEPT 0x00002000UL +#define COMMON_SOCKET__GETOPT 0x00004000UL +#define COMMON_SOCKET__SETOPT 0x00008000UL +#define COMMON_SOCKET__SHUTDOWN 0x00010000UL +#define COMMON_SOCKET__RECVFROM 0x00020000UL +#define COMMON_SOCKET__SENDTO 0x00040000UL +#define COMMON_SOCKET__RECV_MSG 0x00080000UL +#define COMMON_SOCKET__SEND_MSG 0x00100000UL +#define COMMON_SOCKET__NAME_BIND 0x00200000UL + +#define COMMON_IPC__CREATE 0x00000001UL +#define COMMON_IPC__DESTROY 0x00000002UL +#define COMMON_IPC__GETATTR 0x00000004UL +#define COMMON_IPC__SETATTR 0x00000008UL +#define COMMON_IPC__READ 0x00000010UL +#define COMMON_IPC__WRITE 0x00000020UL +#define COMMON_IPC__ASSOCIATE 0x00000040UL +#define COMMON_IPC__UNIX_READ 0x00000080UL +#define COMMON_IPC__UNIX_WRITE 0x00000100UL + +#define FILESYSTEM__MOUNT 0x00000001UL +#define FILESYSTEM__REMOUNT 0x00000002UL +#define FILESYSTEM__UNMOUNT 0x00000004UL +#define FILESYSTEM__GETATTR 0x00000008UL +#define FILESYSTEM__RELABELFROM 0x00000010UL +#define FILESYSTEM__RELABELTO 0x00000020UL +#define FILESYSTEM__TRANSITION 0x00000040UL +#define FILESYSTEM__ASSOCIATE 0x00000080UL +#define FILESYSTEM__QUOTAMOD 0x00000100UL +#define FILESYSTEM__QUOTAGET 0x00000200UL + +#define DIR__POLL 0x00000001UL +#define DIR__IOCTL 0x00000002UL +#define DIR__READ 0x00000004UL +#define DIR__WRITE 0x00000008UL +#define DIR__CREATE 0x00000010UL +#define DIR__GETATTR 0x00000020UL +#define DIR__SETATTR 0x00000040UL +#define DIR__LOCK 0x00000080UL +#define DIR__RELABELFROM 0x00000100UL +#define DIR__RELABELTO 0x00000200UL +#define DIR__TRANSITION 0x00000400UL +#define DIR__APPEND 0x00000800UL +#define DIR__ACCESS 0x00001000UL +#define DIR__UNLINK 0x00002000UL +#define DIR__LINK 0x00004000UL +#define DIR__RENAME 0x00008000UL +#define DIR__EXECUTE 0x00010000UL +#define DIR__SWAPON 0x00020000UL +#define DIR__QUOTAON 0x00040000UL +#define DIR__MOUNTON 0x00080000UL + +#define DIR__ADD_NAME 0x00100000UL +#define DIR__REMOVE_NAME 0x00200000UL +#define DIR__REPARENT 0x00400000UL +#define DIR__SEARCH 0x00800000UL +#define DIR__RMDIR 0x01000000UL + +#define FILE__POLL 0x00000001UL +#define FILE__IOCTL 0x00000002UL +#define FILE__READ 0x00000004UL +#define FILE__WRITE 0x00000008UL +#define FILE__CREATE 0x00000010UL +#define FILE__GETATTR 0x00000020UL +#define FILE__SETATTR 0x00000040UL +#define FILE__LOCK 0x00000080UL +#define FILE__RELABELFROM 0x00000100UL +#define FILE__RELABELTO 0x00000200UL +#define FILE__TRANSITION 0x00000400UL +#define FILE__APPEND 0x00000800UL +#define FILE__ACCESS 0x00001000UL +#define FILE__UNLINK 0x00002000UL +#define FILE__LINK 0x00004000UL +#define FILE__RENAME 0x00008000UL +#define FILE__EXECUTE 0x00010000UL +#define FILE__SWAPON 0x00020000UL +#define FILE__QUOTAON 0x00040000UL +#define FILE__MOUNTON 0x00080000UL + +#define FILE__EXECUTE_NO_TRANS 0x00100000UL +#define FILE__ENTRYPOINT 0x00200000UL +#define FILE__EXECMOD 0x00400000UL + +#define LNK_FILE__POLL 0x00000001UL +#define LNK_FILE__IOCTL 0x00000002UL +#define LNK_FILE__READ 0x00000004UL +#define LNK_FILE__WRITE 0x00000008UL +#define LNK_FILE__CREATE 0x00000010UL +#define LNK_FILE__GETATTR 0x00000020UL +#define LNK_FILE__SETATTR 0x00000040UL +#define LNK_FILE__LOCK 0x00000080UL +#define LNK_FILE__RELABELFROM 0x00000100UL +#define LNK_FILE__RELABELTO 0x00000200UL +#define LNK_FILE__TRANSITION 0x00000400UL +#define LNK_FILE__APPEND 0x00000800UL +#define LNK_FILE__ACCESS 0x00001000UL +#define LNK_FILE__UNLINK 0x00002000UL +#define LNK_FILE__LINK 0x00004000UL +#define LNK_FILE__RENAME 0x00008000UL +#define LNK_FILE__EXECUTE 0x00010000UL +#define LNK_FILE__SWAPON 0x00020000UL +#define LNK_FILE__QUOTAON 0x00040000UL +#define LNK_FILE__MOUNTON 0x00080000UL + +#define CHR_FILE__POLL 0x00000001UL +#define CHR_FILE__IOCTL 0x00000002UL +#define CHR_FILE__READ 0x00000004UL +#define CHR_FILE__WRITE 0x00000008UL +#define CHR_FILE__CREATE 0x00000010UL +#define CHR_FILE__GETATTR 0x00000020UL +#define CHR_FILE__SETATTR 0x00000040UL +#define CHR_FILE__LOCK 0x00000080UL +#define CHR_FILE__RELABELFROM 0x00000100UL +#define CHR_FILE__RELABELTO 0x00000200UL +#define CHR_FILE__TRANSITION 0x00000400UL +#define CHR_FILE__APPEND 0x00000800UL +#define CHR_FILE__ACCESS 0x00001000UL +#define CHR_FILE__UNLINK 0x00002000UL +#define CHR_FILE__LINK 0x00004000UL +#define CHR_FILE__RENAME 0x00008000UL +#define CHR_FILE__EXECUTE 0x00010000UL +#define CHR_FILE__SWAPON 0x00020000UL +#define CHR_FILE__QUOTAON 0x00040000UL +#define CHR_FILE__MOUNTON 0x00080000UL + +#define CHR_FILE__EXECUTE_NO_TRANS 0x00100000UL +#define CHR_FILE__ENTRYPOINT 0x00200000UL +#define CHR_FILE__EXECMOD 0x00400000UL + +#define BLK_FILE__POLL 0x00000001UL +#define BLK_FILE__IOCTL 0x00000002UL +#define BLK_FILE__READ 0x00000004UL +#define BLK_FILE__WRITE 0x00000008UL +#define BLK_FILE__CREATE 0x00000010UL +#define BLK_FILE__GETATTR 0x00000020UL +#define BLK_FILE__SETATTR 0x00000040UL +#define BLK_FILE__LOCK 0x00000080UL +#define BLK_FILE__RELABELFROM 0x00000100UL +#define BLK_FILE__RELABELTO 0x00000200UL +#define BLK_FILE__TRANSITION 0x00000400UL +#define BLK_FILE__APPEND 0x00000800UL +#define BLK_FILE__ACCESS 0x00001000UL +#define BLK_FILE__UNLINK 0x00002000UL +#define BLK_FILE__LINK 0x00004000UL +#define BLK_FILE__RENAME 0x00008000UL +#define BLK_FILE__EXECUTE 0x00010000UL +#define BLK_FILE__SWAPON 0x00020000UL +#define BLK_FILE__QUOTAON 0x00040000UL +#define BLK_FILE__MOUNTON 0x00080000UL + +#define SOCK_FILE__POLL 0x00000001UL +#define SOCK_FILE__IOCTL 0x00000002UL +#define SOCK_FILE__READ 0x00000004UL +#define SOCK_FILE__WRITE 0x00000008UL +#define SOCK_FILE__CREATE 0x00000010UL +#define SOCK_FILE__GETATTR 0x00000020UL +#define SOCK_FILE__SETATTR 0x00000040UL +#define SOCK_FILE__LOCK 0x00000080UL +#define SOCK_FILE__RELABELFROM 0x00000100UL +#define SOCK_FILE__RELABELTO 0x00000200UL +#define SOCK_FILE__TRANSITION 0x00000400UL +#define SOCK_FILE__APPEND 0x00000800UL +#define SOCK_FILE__ACCESS 0x00001000UL +#define SOCK_FILE__UNLINK 0x00002000UL +#define SOCK_FILE__LINK 0x00004000UL +#define SOCK_FILE__RENAME 0x00008000UL +#define SOCK_FILE__EXECUTE 0x00010000UL +#define SOCK_FILE__SWAPON 0x00020000UL +#define SOCK_FILE__QUOTAON 0x00040000UL +#define SOCK_FILE__MOUNTON 0x00080000UL + +#define FIFO_FILE__POLL 0x00000001UL +#define FIFO_FILE__IOCTL 0x00000002UL +#define FIFO_FILE__READ 0x00000004UL +#define FIFO_FILE__WRITE 0x00000008UL +#define FIFO_FILE__CREATE 0x00000010UL +#define FIFO_FILE__GETATTR 0x00000020UL +#define FIFO_FILE__SETATTR 0x00000040UL +#define FIFO_FILE__LOCK 0x00000080UL +#define FIFO_FILE__RELABELFROM 0x00000100UL +#define FIFO_FILE__RELABELTO 0x00000200UL +#define FIFO_FILE__TRANSITION 0x00000400UL +#define FIFO_FILE__APPEND 0x00000800UL +#define FIFO_FILE__ACCESS 0x00001000UL +#define FIFO_FILE__UNLINK 0x00002000UL +#define FIFO_FILE__LINK 0x00004000UL +#define FIFO_FILE__RENAME 0x00008000UL +#define FIFO_FILE__EXECUTE 0x00010000UL +#define FIFO_FILE__SWAPON 0x00020000UL +#define FIFO_FILE__QUOTAON 0x00040000UL +#define FIFO_FILE__MOUNTON 0x00080000UL + +#define FD__CREATE 0x00000001UL +#define FD__USE 0x00000002UL + +#define SOCKET__IOCTL 0x00000001UL +#define SOCKET__READ 0x00000002UL +#define SOCKET__WRITE 0x00000004UL +#define SOCKET__CREATE 0x00000008UL +#define SOCKET__GETATTR 0x00000010UL +#define SOCKET__SETATTR 0x00000020UL +#define SOCKET__LOCK 0x00000040UL +#define SOCKET__RELABELFROM 0x00000080UL +#define SOCKET__RELABELTO 0x00000100UL +#define SOCKET__APPEND 0x00000200UL +#define SOCKET__BIND 0x00000400UL +#define SOCKET__CONNECT 0x00000800UL +#define SOCKET__LISTEN 0x00001000UL +#define SOCKET__ACCEPT 0x00002000UL +#define SOCKET__GETOPT 0x00004000UL +#define SOCKET__SETOPT 0x00008000UL +#define SOCKET__SHUTDOWN 0x00010000UL +#define SOCKET__RECVFROM 0x00020000UL +#define SOCKET__SENDTO 0x00040000UL +#define SOCKET__RECV_MSG 0x00080000UL +#define SOCKET__SEND_MSG 0x00100000UL +#define SOCKET__NAME_BIND 0x00200000UL + +#define TCP_SOCKET__IOCTL 0x00000001UL +#define TCP_SOCKET__READ 0x00000002UL +#define TCP_SOCKET__WRITE 0x00000004UL +#define TCP_SOCKET__CREATE 0x00000008UL +#define TCP_SOCKET__GETATTR 0x00000010UL +#define TCP_SOCKET__SETATTR 0x00000020UL +#define TCP_SOCKET__LOCK 0x00000040UL +#define TCP_SOCKET__RELABELFROM 0x00000080UL +#define TCP_SOCKET__RELABELTO 0x00000100UL +#define TCP_SOCKET__APPEND 0x00000200UL +#define TCP_SOCKET__BIND 0x00000400UL +#define TCP_SOCKET__CONNECT 0x00000800UL +#define TCP_SOCKET__LISTEN 0x00001000UL +#define TCP_SOCKET__ACCEPT 0x00002000UL +#define TCP_SOCKET__GETOPT 0x00004000UL +#define TCP_SOCKET__SETOPT 0x00008000UL +#define TCP_SOCKET__SHUTDOWN 0x00010000UL +#define TCP_SOCKET__RECVFROM 0x00020000UL +#define TCP_SOCKET__SENDTO 0x00040000UL +#define TCP_SOCKET__RECV_MSG 0x00080000UL +#define TCP_SOCKET__SEND_MSG 0x00100000UL +#define TCP_SOCKET__NAME_BIND 0x00200000UL + +#define TCP_SOCKET__CONNECTTO 0x00400000UL +#define TCP_SOCKET__NEWCONN 0x00800000UL +#define TCP_SOCKET__ACCEPTFROM 0x01000000UL +#define TCP_SOCKET__NODE_BIND 0x02000000UL +#define TCP_SOCKET__NAME_CONNECT 0x04000000UL + +#define UDP_SOCKET__IOCTL 0x00000001UL +#define UDP_SOCKET__READ 0x00000002UL +#define UDP_SOCKET__WRITE 0x00000004UL +#define UDP_SOCKET__CREATE 0x00000008UL +#define UDP_SOCKET__GETATTR 0x00000010UL +#define UDP_SOCKET__SETATTR 0x00000020UL +#define UDP_SOCKET__LOCK 0x00000040UL +#define UDP_SOCKET__RELABELFROM 0x00000080UL +#define UDP_SOCKET__RELABELTO 0x00000100UL +#define UDP_SOCKET__APPEND 0x00000200UL +#define UDP_SOCKET__BIND 0x00000400UL +#define UDP_SOCKET__CONNECT 0x00000800UL +#define UDP_SOCKET__LISTEN 0x00001000UL +#define UDP_SOCKET__ACCEPT 0x00002000UL +#define UDP_SOCKET__GETOPT 0x00004000UL +#define UDP_SOCKET__SETOPT 0x00008000UL +#define UDP_SOCKET__SHUTDOWN 0x00010000UL +#define UDP_SOCKET__RECVFROM 0x00020000UL +#define UDP_SOCKET__SENDTO 0x00040000UL +#define UDP_SOCKET__RECV_MSG 0x00080000UL +#define UDP_SOCKET__SEND_MSG 0x00100000UL +#define UDP_SOCKET__NAME_BIND 0x00200000UL + +#define UDP_SOCKET__NODE_BIND 0x00400000UL + +#define RAWIP_SOCKET__IOCTL 0x00000001UL +#define RAWIP_SOCKET__READ 0x00000002UL +#define RAWIP_SOCKET__WRITE 0x00000004UL +#define RAWIP_SOCKET__CREATE 0x00000008UL +#define RAWIP_SOCKET__GETATTR 0x00000010UL +#define RAWIP_SOCKET__SETATTR 0x00000020UL +#define RAWIP_SOCKET__LOCK 0x00000040UL +#define RAWIP_SOCKET__RELABELFROM 0x00000080UL +#define RAWIP_SOCKET__RELABELTO 0x00000100UL +#define RAWIP_SOCKET__APPEND 0x00000200UL +#define RAWIP_SOCKET__BIND 0x00000400UL +#define RAWIP_SOCKET__CONNECT 0x00000800UL +#define RAWIP_SOCKET__LISTEN 0x00001000UL +#define RAWIP_SOCKET__ACCEPT 0x00002000UL +#define RAWIP_SOCKET__GETOPT 0x00004000UL +#define RAWIP_SOCKET__SETOPT 0x00008000UL +#define RAWIP_SOCKET__SHUTDOWN 0x00010000UL +#define RAWIP_SOCKET__RECVFROM 0x00020000UL +#define RAWIP_SOCKET__SENDTO 0x00040000UL +#define RAWIP_SOCKET__RECV_MSG 0x00080000UL +#define RAWIP_SOCKET__SEND_MSG 0x00100000UL +#define RAWIP_SOCKET__NAME_BIND 0x00200000UL + +#define RAWIP_SOCKET__NODE_BIND 0x00400000UL + +#define NODE__TCP_RECV 0x00000001UL +#define NODE__TCP_SEND 0x00000002UL +#define NODE__UDP_RECV 0x00000004UL +#define NODE__UDP_SEND 0x00000008UL +#define NODE__RAWIP_RECV 0x00000010UL +#define NODE__RAWIP_SEND 0x00000020UL +#define NODE__ENFORCE_DEST 0x00000040UL + +#define NETIF__TCP_RECV 0x00000001UL +#define NETIF__TCP_SEND 0x00000002UL +#define NETIF__UDP_RECV 0x00000004UL +#define NETIF__UDP_SEND 0x00000008UL +#define NETIF__RAWIP_RECV 0x00000010UL +#define NETIF__RAWIP_SEND 0x00000020UL + +#define NETLINK_SOCKET__IOCTL 0x00000001UL +#define NETLINK_SOCKET__READ 0x00000002UL +#define NETLINK_SOCKET__WRITE 0x00000004UL +#define NETLINK_SOCKET__CREATE 0x00000008UL +#define NETLINK_SOCKET__GETATTR 0x00000010UL +#define NETLINK_SOCKET__SETATTR 0x00000020UL +#define NETLINK_SOCKET__LOCK 0x00000040UL +#define NETLINK_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_SOCKET__APPEND 0x00000200UL +#define NETLINK_SOCKET__BIND 0x00000400UL +#define NETLINK_SOCKET__CONNECT 0x00000800UL +#define NETLINK_SOCKET__LISTEN 0x00001000UL +#define NETLINK_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_SOCKET__GETOPT 0x00004000UL +#define NETLINK_SOCKET__SETOPT 0x00008000UL +#define NETLINK_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_SOCKET__SENDTO 0x00040000UL +#define NETLINK_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_SOCKET__NAME_BIND 0x00200000UL + +#define PACKET_SOCKET__IOCTL 0x00000001UL +#define PACKET_SOCKET__READ 0x00000002UL +#define PACKET_SOCKET__WRITE 0x00000004UL +#define PACKET_SOCKET__CREATE 0x00000008UL +#define PACKET_SOCKET__GETATTR 0x00000010UL +#define PACKET_SOCKET__SETATTR 0x00000020UL +#define PACKET_SOCKET__LOCK 0x00000040UL +#define PACKET_SOCKET__RELABELFROM 0x00000080UL +#define PACKET_SOCKET__RELABELTO 0x00000100UL +#define PACKET_SOCKET__APPEND 0x00000200UL +#define PACKET_SOCKET__BIND 0x00000400UL +#define PACKET_SOCKET__CONNECT 0x00000800UL +#define PACKET_SOCKET__LISTEN 0x00001000UL +#define PACKET_SOCKET__ACCEPT 0x00002000UL +#define PACKET_SOCKET__GETOPT 0x00004000UL +#define PACKET_SOCKET__SETOPT 0x00008000UL +#define PACKET_SOCKET__SHUTDOWN 0x00010000UL +#define PACKET_SOCKET__RECVFROM 0x00020000UL +#define PACKET_SOCKET__SENDTO 0x00040000UL +#define PACKET_SOCKET__RECV_MSG 0x00080000UL +#define PACKET_SOCKET__SEND_MSG 0x00100000UL +#define PACKET_SOCKET__NAME_BIND 0x00200000UL + +#define KEY_SOCKET__IOCTL 0x00000001UL +#define KEY_SOCKET__READ 0x00000002UL +#define KEY_SOCKET__WRITE 0x00000004UL +#define KEY_SOCKET__CREATE 0x00000008UL +#define KEY_SOCKET__GETATTR 0x00000010UL +#define KEY_SOCKET__SETATTR 0x00000020UL +#define KEY_SOCKET__LOCK 0x00000040UL +#define KEY_SOCKET__RELABELFROM 0x00000080UL +#define KEY_SOCKET__RELABELTO 0x00000100UL +#define KEY_SOCKET__APPEND 0x00000200UL +#define KEY_SOCKET__BIND 0x00000400UL +#define KEY_SOCKET__CONNECT 0x00000800UL +#define KEY_SOCKET__LISTEN 0x00001000UL +#define KEY_SOCKET__ACCEPT 0x00002000UL +#define KEY_SOCKET__GETOPT 0x00004000UL +#define KEY_SOCKET__SETOPT 0x00008000UL +#define KEY_SOCKET__SHUTDOWN 0x00010000UL +#define KEY_SOCKET__RECVFROM 0x00020000UL +#define KEY_SOCKET__SENDTO 0x00040000UL +#define KEY_SOCKET__RECV_MSG 0x00080000UL +#define KEY_SOCKET__SEND_MSG 0x00100000UL +#define KEY_SOCKET__NAME_BIND 0x00200000UL + +#define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL +#define UNIX_STREAM_SOCKET__READ 0x00000002UL +#define UNIX_STREAM_SOCKET__WRITE 0x00000004UL +#define UNIX_STREAM_SOCKET__CREATE 0x00000008UL +#define UNIX_STREAM_SOCKET__GETATTR 0x00000010UL +#define UNIX_STREAM_SOCKET__SETATTR 0x00000020UL +#define UNIX_STREAM_SOCKET__LOCK 0x00000040UL +#define UNIX_STREAM_SOCKET__RELABELFROM 0x00000080UL +#define UNIX_STREAM_SOCKET__RELABELTO 0x00000100UL +#define UNIX_STREAM_SOCKET__APPEND 0x00000200UL +#define UNIX_STREAM_SOCKET__BIND 0x00000400UL +#define UNIX_STREAM_SOCKET__CONNECT 0x00000800UL +#define UNIX_STREAM_SOCKET__LISTEN 0x00001000UL +#define UNIX_STREAM_SOCKET__ACCEPT 0x00002000UL +#define UNIX_STREAM_SOCKET__GETOPT 0x00004000UL +#define UNIX_STREAM_SOCKET__SETOPT 0x00008000UL +#define UNIX_STREAM_SOCKET__SHUTDOWN 0x00010000UL +#define UNIX_STREAM_SOCKET__RECVFROM 0x00020000UL +#define UNIX_STREAM_SOCKET__SENDTO 0x00040000UL +#define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL +#define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL +#define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL + +#define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL +#define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL +#define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL + +#define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL +#define UNIX_DGRAM_SOCKET__READ 0x00000002UL +#define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL +#define UNIX_DGRAM_SOCKET__CREATE 0x00000008UL +#define UNIX_DGRAM_SOCKET__GETATTR 0x00000010UL +#define UNIX_DGRAM_SOCKET__SETATTR 0x00000020UL +#define UNIX_DGRAM_SOCKET__LOCK 0x00000040UL +#define UNIX_DGRAM_SOCKET__RELABELFROM 0x00000080UL +#define UNIX_DGRAM_SOCKET__RELABELTO 0x00000100UL +#define UNIX_DGRAM_SOCKET__APPEND 0x00000200UL +#define UNIX_DGRAM_SOCKET__BIND 0x00000400UL +#define UNIX_DGRAM_SOCKET__CONNECT 0x00000800UL +#define UNIX_DGRAM_SOCKET__LISTEN 0x00001000UL +#define UNIX_DGRAM_SOCKET__ACCEPT 0x00002000UL +#define UNIX_DGRAM_SOCKET__GETOPT 0x00004000UL +#define UNIX_DGRAM_SOCKET__SETOPT 0x00008000UL >>> TRUNCATED FOR MAIL (1000 lines) <<<