aboutsummaryrefslogtreecommitdiff
blob: 18c4f9748ae001094c1c593ea3f9ba3f5282cfc6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
# FLASK

#
# Define the security object classes
#

# Classes marked as userspace are classes
# for userspace object managers

class security
class process
class system
class capability

# file-related classes
class filesystem
class file
class dir
class fd
class lnk_file
class chr_file
class blk_file
class sock_file
class fifo_file

# network-related classes
class socket
class tcp_socket
class udp_socket
class rawip_socket
class node
class netif
class netlink_socket
class packet_socket
class key_socket
class unix_stream_socket
class unix_dgram_socket

# sysv-ipc-related classes
class sem
class msg
class msgq
class shm
class ipc

#
# userspace object manager classes
#

# passwd/chfn/chsh
class passwd			# userspace

# SE-X Windows stuff (more classes below)
class x_drawable		# userspace
class x_screen			# userspace
class x_gc			# userspace
class x_font			# userspace
class x_colormap		# userspace
class x_property		# userspace
class x_selection		# userspace
class x_cursor			# userspace
class x_client			# userspace
class x_device			# userspace
class x_server			# userspace
class x_extension		# userspace

# extended netlink sockets
class netlink_route_socket
class netlink_firewall_socket
class netlink_tcpdiag_socket
class netlink_nflog_socket
class netlink_xfrm_socket
class netlink_selinux_socket
class netlink_audit_socket
class netlink_ip6fw_socket
class netlink_dnrt_socket

class dbus			# userspace
class nscd			# userspace

# IPSec association
class association

# Updated Netlink class for KOBJECT_UEVENT family.
class netlink_kobject_uevent_socket

class appletalk_socket

class packet

# Kernel access key retention
class key

class context			# userspace

class dccp_socket

class memprotect

class db_database		# userspace
class db_table			# userspace
class db_procedure		# userspace
class db_column			# userspace
class db_tuple			# userspace
class db_blob			# userspace
class db_exception		# userspace
class db_datatype		# userspace

# network peer labels
class peer

# Capabilities >= 32
class capability2

# More SE-X Windows stuff
class x_resource		# userspace
class x_event			# userspace
class x_synthetic_event		# userspace
class x_application_data	# userspace

# kernel services that need to override task security, e.g. cachefiles
class kernel_service

class tun_socket

class binder

# Updated netlink classes for more recent netlink protocols.
class netlink_iscsi_socket
class netlink_fib_lookup_socket
class netlink_connector_socket
class netlink_netfilter_socket
class netlink_generic_socket
class netlink_scsitransport_socket
class netlink_rdma_socket
class netlink_crypto_socket

# Still More SE-X Windows stuff
class x_pointer			# userspace
class x_keyboard		# userspace

# More Database stuff
class db_schema			# userspace
class db_view			# userspace
class db_sequence		# userspace
class db_language		# userspace

class service			# userspace

# Capability checks when on a non-init user namespace
class cap_userns
class cap2_userns

# New socket classes introduced by extended_socket_class policy capability.
# These two were previously mapped to rawip_socket.
class sctp_socket
class icmp_socket
# These were previously mapped to socket.
class ax25_socket
class ipx_socket
class netrom_socket
class atmpvc_socket
class x25_socket
class rose_socket
class decnet_socket
class atmsvc_socket
class rds_socket
class irda_socket
class pppox_socket
class llc_socket
class can_socket
class tipc_socket
class bluetooth_socket
class iucv_socket
class rxrpc_socket
class isdn_socket
class phonet_socket
class ieee802154_socket
class caif_socket
class alg_socket
class nfc_socket
class vsock_socket
class kcm_socket
class qipcrtr_socket
class smc_socket

# FLASK