From: Stephen Smalley This patch regenerates the SELinux module headers to use a new format and updates their use by the AVC. Signed-off-by: Stephen Smalley Signed-off-by: James Morris Signed-off-by: Andrew Morton --- 25-akpm/security/selinux/avc.c | 37 + 25-akpm/security/selinux/include/av_inherit.h | 72 -- 25-akpm/security/selinux/include/av_perm_to_string.h | 447 +++++++-------- 25-akpm/security/selinux/include/av_permissions.h | 17 25-akpm/security/selinux/include/class_to_string.h | 110 +-- 25-akpm/security/selinux/include/common_perm_to_string.h | 115 +-- 25-akpm/security/selinux/include/flask.h | 2 7 files changed, 409 insertions(+), 391 deletions(-) diff -puN security/selinux/avc.c~selinux-regenerate-selinux-module-headers security/selinux/avc.c --- 25/security/selinux/avc.c~selinux-regenerate-selinux-module-headers Thu Dec 2 12:56:30 2004 +++ 25-akpm/security/selinux/avc.c Thu Dec 2 12:56:30 2004 @@ -31,13 +31,44 @@ #include #include "avc.h" #include "avc_ss.h" + +static const struct av_perm_to_string +{ + u16 tclass; + u32 value; + const char *name; +} av_perm_to_string[] = { +#define S_(c, v, s) { c, v, s }, +#include "av_perm_to_string.h" +#undef S_ +}; + #ifdef CONFIG_AUDIT +static const char *class_to_string[] = { +#define S_(s) s, #include "class_to_string.h" +#undef S_ +}; #endif + +#define TB_(s) static const char * s [] = { +#define TE_(s) }; +#define S_(s) s, #include "common_perm_to_string.h" +#undef TB_ +#undef TE_ +#undef S_ + +static const struct av_inherit +{ + u16 tclass; + const char **common_pts; + u32 common_base; +} av_inherit[] = { +#define S_(c, i, b) { c, common_##i##_perm_to_string, b }, #include "av_inherit.h" -#include "av_perm_to_string.h" -#include "objsec.h" +#undef S_ +}; #define AVC_CACHE_SLOTS 512 #define AVC_DEF_CACHE_THRESHOLD 512 @@ -110,7 +141,7 @@ static inline int avc_hash(u32 ssid, u32 */ void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av) { - char **common_pts = NULL; + const char **common_pts = NULL; u32 common_base = 0; int i, i2, perm; diff -puN security/selinux/include/av_inherit.h~selinux-regenerate-selinux-module-headers security/selinux/include/av_inherit.h --- 25/security/selinux/include/av_inherit.h~selinux-regenerate-selinux-module-headers Thu Dec 2 12:56:30 2004 +++ 25-akpm/security/selinux/include/av_inherit.h Thu Dec 2 12:56:30 2004 @@ -1,44 +1,30 @@ /* This file is automatically generated. Do not edit. */ -/* FLASK */ - -struct av_inherit -{ - u16 tclass; - char **common_pts; - u32 common_base; -}; - -static struct av_inherit av_inherit[] = { - { SECCLASS_DIR, common_file_perm_to_string, 0x00020000UL }, - { SECCLASS_FILE, common_file_perm_to_string, 0x00020000UL }, - { SECCLASS_LNK_FILE, common_file_perm_to_string, 0x00020000UL }, - { SECCLASS_CHR_FILE, common_file_perm_to_string, 0x00020000UL }, - { SECCLASS_BLK_FILE, common_file_perm_to_string, 0x00020000UL }, - { SECCLASS_SOCK_FILE, common_file_perm_to_string, 0x00020000UL }, - { SECCLASS_FIFO_FILE, common_file_perm_to_string, 0x00020000UL }, - { SECCLASS_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_TCP_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_UDP_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_RAWIP_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_NETLINK_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_PACKET_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_KEY_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_UNIX_STREAM_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_UNIX_DGRAM_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_IPC, common_ipc_perm_to_string, 0x00000200UL }, - { SECCLASS_SEM, common_ipc_perm_to_string, 0x00000200UL }, - { SECCLASS_MSGQ, common_ipc_perm_to_string, 0x00000200UL }, - { SECCLASS_SHM, common_ipc_perm_to_string, 0x00000200UL }, - { SECCLASS_NETLINK_ROUTE_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_NETLINK_FIREWALL_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_NETLINK_TCPDIAG_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_NETLINK_NFLOG_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_NETLINK_XFRM_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_NETLINK_SELINUX_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_NETLINK_AUDIT_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_NETLINK_IP6FW_SOCKET, common_socket_perm_to_string, 0x00400000UL }, - { SECCLASS_NETLINK_DNRT_SOCKET, common_socket_perm_to_string, 0x00400000UL }, -}; - - -/* FLASK */ + S_(SECCLASS_DIR, file, 0x00020000UL) + S_(SECCLASS_FILE, file, 0x00020000UL) + S_(SECCLASS_LNK_FILE, file, 0x00020000UL) + S_(SECCLASS_CHR_FILE, file, 0x00020000UL) + S_(SECCLASS_BLK_FILE, file, 0x00020000UL) + S_(SECCLASS_SOCK_FILE, file, 0x00020000UL) + S_(SECCLASS_FIFO_FILE, file, 0x00020000UL) + S_(SECCLASS_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_IPC, ipc, 0x00000200UL) + S_(SECCLASS_SEM, ipc, 0x00000200UL) + S_(SECCLASS_MSGQ, ipc, 0x00000200UL) + S_(SECCLASS_SHM, ipc, 0x00000200UL) + S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) diff -puN security/selinux/include/av_permissions.h~selinux-regenerate-selinux-module-headers security/selinux/include/av_permissions.h --- 25/security/selinux/include/av_permissions.h~selinux-regenerate-selinux-module-headers Thu Dec 2 12:56:30 2004 +++ 25-akpm/security/selinux/include/av_permissions.h Thu Dec 2 12:56:30 2004 @@ -1,6 +1,4 @@ /* This file is automatically generated. Do not edit. */ -/* FLASK */ - #define COMMON_FILE__IOCTL 0x00000001UL #define COMMON_FILE__READ 0x00000002UL #define COMMON_FILE__WRITE 0x00000004UL @@ -556,6 +554,7 @@ #define PASSWD__CHFN 0x00000002UL #define PASSWD__CHSH 0x00000004UL #define PASSWD__ROOTOK 0x00000008UL +#define PASSWD__CRONTAB 0x00000010UL #define DRAWABLE__CREATE 0x00000001UL #define DRAWABLE__DESTROY 0x00000002UL @@ -877,5 +876,17 @@ #define NETLINK_DNRT_SOCKET__SENDTO 0x00040000UL #define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL #define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL + +#define DBUS__ACQUIRE_SVC 0x00000001UL +#define DBUS__SEND_MSG 0x00000002UL + +#define NSCD__GETPWD 0x00000001UL +#define NSCD__GETGRP 0x00000002UL +#define NSCD__GETHOST 0x00000004UL +#define NSCD__GETSTAT 0x00000008UL +#define NSCD__ADMIN 0x00000010UL +#define NSCD__SHMEMPWD 0x00000020UL +#define NSCD__SHMEMGRP 0x00000040UL +#define NSCD__SHMEMHOST 0x00000080UL -/* FLASK */ diff -puN security/selinux/include/av_perm_to_string.h~selinux-regenerate-selinux-module-headers security/selinux/include/av_perm_to_string.h --- 25/security/selinux/include/av_perm_to_string.h~selinux-regenerate-selinux-module-headers Thu Dec 2 12:56:30 2004 +++ 25-akpm/security/selinux/include/av_perm_to_string.h Thu Dec 2 12:56:30 2004 @@ -1,226 +1,223 @@ /* This file is automatically generated. Do not edit. */ -/* FLASK */ - -struct av_perm_to_string -{ - u16 tclass; - u32 value; - char *name; -}; - -static struct av_perm_to_string av_perm_to_string[] = { - { SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod" }, - { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget" }, - { SECCLASS_DIR, DIR__ADD_NAME, "add_name" }, - { SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name" }, - { SECCLASS_DIR, DIR__REPARENT, "reparent" }, - { SECCLASS_DIR, DIR__SEARCH, "search" }, - { SECCLASS_DIR, DIR__RMDIR, "rmdir" }, - { SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans" }, - { SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint" }, - { SECCLASS_FD, FD__USE, "use" }, - { SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto" }, - { SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn" }, - { SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom" }, - { SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind" }, - { SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind" }, - { SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind" }, - { SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv" }, - { SECCLASS_NODE, NODE__TCP_SEND, "tcp_send" }, - { SECCLASS_NODE, NODE__UDP_RECV, "udp_recv" }, - { SECCLASS_NODE, NODE__UDP_SEND, "udp_send" }, - { SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv" }, - { SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send" }, - { SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest" }, - { SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv" }, - { SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send" }, - { SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv" }, - { SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send" }, - { SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv" }, - { SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send" }, - { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto" }, - { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn" }, - { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom" }, - { SECCLASS_PROCESS, PROCESS__FORK, "fork" }, - { SECCLASS_PROCESS, PROCESS__TRANSITION, "transition" }, - { SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld" }, - { SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill" }, - { SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop" }, - { SECCLASS_PROCESS, PROCESS__SIGNULL, "signull" }, - { SECCLASS_PROCESS, PROCESS__SIGNAL, "signal" }, - { SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace" }, - { SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched" }, - { SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched" }, - { SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession" }, - { SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid" }, - { SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid" }, - { SECCLASS_PROCESS, PROCESS__GETCAP, "getcap" }, - { SECCLASS_PROCESS, PROCESS__SETCAP, "setcap" }, - { SECCLASS_PROCESS, PROCESS__SHARE, "share" }, - { SECCLASS_PROCESS, PROCESS__GETATTR, "getattr" }, - { SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec" }, - { SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate" }, - { SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure" }, - { SECCLASS_PROCESS, PROCESS__SIGINH, "siginh" }, - { SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit" }, - { SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh" }, - { SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue" }, - { SECCLASS_MSG, MSG__SEND, "send" }, - { SECCLASS_MSG, MSG__RECEIVE, "receive" }, - { SECCLASS_SHM, SHM__LOCK, "lock" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member" }, - { SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context" }, - { SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel" }, - { SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user" }, - { SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce" }, - { SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool" }, - { SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam" }, - { SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info" }, - { SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read" }, - { SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod" }, - { SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console" }, - { SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown" }, - { SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override" }, - { SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search" }, - { SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner" }, - { SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid" }, - { SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill" }, - { SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid" }, - { SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid" }, - { SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap" }, - { SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable" }, - { SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service" }, - { SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast" }, - { SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin" }, - { SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw" }, - { SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock" }, - { SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time" }, - { SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config" }, - { SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod" }, - { SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease" }, - { SECCLASS_PASSWD, PASSWD__PASSWD, "passwd" }, - { SECCLASS_PASSWD, PASSWD__CHFN, "chfn" }, - { SECCLASS_PASSWD, PASSWD__CHSH, "chsh" }, - { SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok" }, - { SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create" }, - { SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy" }, - { SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw" }, - { SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy" }, - { SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr" }, - { SECCLASS_GC, GC__CREATE, "create" }, - { SECCLASS_GC, GC__FREE, "free" }, - { SECCLASS_GC, GC__GETATTR, "getattr" }, - { SECCLASS_GC, GC__SETATTR, "setattr" }, - { SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild" }, - { SECCLASS_WINDOW, WINDOW__CREATE, "create" }, - { SECCLASS_WINDOW, WINDOW__DESTROY, "destroy" }, - { SECCLASS_WINDOW, WINDOW__MAP, "map" }, - { SECCLASS_WINDOW, WINDOW__UNMAP, "unmap" }, - { SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack" }, - { SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist" }, - { SECCLASS_WINDOW, WINDOW__CHPROP, "chprop" }, - { SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop" }, - { SECCLASS_WINDOW, WINDOW__GETATTR, "getattr" }, - { SECCLASS_WINDOW, WINDOW__SETATTR, "setattr" }, - { SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus" }, - { SECCLASS_WINDOW, WINDOW__MOVE, "move" }, - { SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection" }, - { SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent" }, - { SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife" }, - { SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate" }, - { SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent" }, - { SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion" }, - { SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent" }, - { SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent" }, - { SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent" }, - { SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent" }, - { SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest" }, - { SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent" }, - { SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent" }, - { SECCLASS_FONT, FONT__LOAD, "load" }, - { SECCLASS_FONT, FONT__FREE, "free" }, - { SECCLASS_FONT, FONT__GETATTR, "getattr" }, - { SECCLASS_FONT, FONT__USE, "use" }, - { SECCLASS_COLORMAP, COLORMAP__CREATE, "create" }, - { SECCLASS_COLORMAP, COLORMAP__FREE, "free" }, - { SECCLASS_COLORMAP, COLORMAP__INSTALL, "install" }, - { SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall" }, - { SECCLASS_COLORMAP, COLORMAP__LIST, "list" }, - { SECCLASS_COLORMAP, COLORMAP__READ, "read" }, - { SECCLASS_COLORMAP, COLORMAP__STORE, "store" }, - { SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr" }, - { SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr" }, - { SECCLASS_PROPERTY, PROPERTY__CREATE, "create" }, - { SECCLASS_PROPERTY, PROPERTY__FREE, "free" }, - { SECCLASS_PROPERTY, PROPERTY__READ, "read" }, - { SECCLASS_PROPERTY, PROPERTY__WRITE, "write" }, - { SECCLASS_CURSOR, CURSOR__CREATE, "create" }, - { SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph" }, - { SECCLASS_CURSOR, CURSOR__FREE, "free" }, - { SECCLASS_CURSOR, CURSOR__ASSIGN, "assign" }, - { SECCLASS_CURSOR, CURSOR__SETATTR, "setattr" }, - { SECCLASS_XCLIENT, XCLIENT__KILL, "kill" }, - { SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup" }, - { SECCLASS_XINPUT, XINPUT__GETATTR, "getattr" }, - { SECCLASS_XINPUT, XINPUT__SETATTR, "setattr" }, - { SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus" }, - { SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer" }, - { SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab" }, - { SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab" }, - { SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab" }, - { SECCLASS_XINPUT, XINPUT__BELL, "bell" }, - { SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion" }, - { SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput" }, - { SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver" }, - { SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist" }, - { SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist" }, - { SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath" }, - { SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath" }, - { SECCLASS_XSERVER, XSERVER__GETATTR, "getattr" }, - { SECCLASS_XSERVER, XSERVER__GRAB, "grab" }, - { SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab" }, - { SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query" }, - { SECCLASS_XEXTENSION, XEXTENSION__USE, "use" }, - { SECCLASS_PAX, PAX__PAGEEXEC, "pageexec" }, - { SECCLASS_PAX, PAX__EMUTRAMP, "emutramp" }, - { SECCLASS_PAX, PAX__MPROTECT, "mprotect" }, - { SECCLASS_PAX, PAX__RANDMMAP, "randmmap" }, - { SECCLASS_PAX, PAX__RANDEXEC, "randexec" }, - { SECCLASS_PAX, PAX__SEGMEXEC, "segmexec" }, - { SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read" }, - { SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write" }, - { SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read" }, - { SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write" }, - { SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read" }, - { SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write" }, - { SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read" }, - { SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write" }, - { SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read" }, - { SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write" }, - { SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read" }, - { SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write" }, -}; - - -/* FLASK */ + S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget") + S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name") + S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name") + S_(SECCLASS_DIR, DIR__REPARENT, "reparent") + S_(SECCLASS_DIR, DIR__SEARCH, "search") + S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") + S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") + S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") + S_(SECCLASS_FD, FD__USE, "use") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv") + S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send") + S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv") + S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send") + S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv") + S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send") + S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") + S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") + S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") + S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") + S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send") + S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv") + S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") + S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") + S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") + S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") + S_(SECCLASS_PROCESS, PROCESS__FORK, "fork") + S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition") + S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld") + S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill") + S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop") + S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull") + S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal") + S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace") + S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched") + S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched") + S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession") + S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid") + S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid") + S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap") + S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap") + S_(SECCLASS_PROCESS, PROCESS__SHARE, "share") + S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr") + S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec") + S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate") + S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure") + S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") + S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") + S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") + S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") + S_(SECCLASS_MSG, MSG__SEND, "send") + S_(SECCLASS_MSG, MSG__RECEIVE, "receive") + S_(SECCLASS_SHM, SHM__LOCK, "lock") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") + S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") + S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") + S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") + S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") + S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam") + S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info") + S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") + S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") + S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") + S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") + S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override") + S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") + S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner") + S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid") + S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap") + S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw") + S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock") + S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config") + S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod") + S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") + S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd") + S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn") + S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh") + S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok") + S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab") + S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create") + S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy") + S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw") + S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy") + S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr") + S_(SECCLASS_GC, GC__CREATE, "create") + S_(SECCLASS_GC, GC__FREE, "free") + S_(SECCLASS_GC, GC__GETATTR, "getattr") + S_(SECCLASS_GC, GC__SETATTR, "setattr") + S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild") + S_(SECCLASS_WINDOW, WINDOW__CREATE, "create") + S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy") + S_(SECCLASS_WINDOW, WINDOW__MAP, "map") + S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap") + S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack") + S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist") + S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop") + S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop") + S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr") + S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr") + S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus") + S_(SECCLASS_WINDOW, WINDOW__MOVE, "move") + S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection") + S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent") + S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife") + S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate") + S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent") + S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion") + S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent") + S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent") + S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent") + S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent") + S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest") + S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent") + S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent") + S_(SECCLASS_FONT, FONT__LOAD, "load") + S_(SECCLASS_FONT, FONT__FREE, "free") + S_(SECCLASS_FONT, FONT__GETATTR, "getattr") + S_(SECCLASS_FONT, FONT__USE, "use") + S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create") + S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free") + S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install") + S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall") + S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list") + S_(SECCLASS_COLORMAP, COLORMAP__READ, "read") + S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store") + S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr") + S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr") + S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create") + S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free") + S_(SECCLASS_PROPERTY, PROPERTY__READ, "read") + S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write") + S_(SECCLASS_CURSOR, CURSOR__CREATE, "create") + S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph") + S_(SECCLASS_CURSOR, CURSOR__FREE, "free") + S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign") + S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr") + S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill") + S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup") + S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr") + S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr") + S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus") + S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer") + S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab") + S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab") + S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab") + S_(SECCLASS_XINPUT, XINPUT__BELL, "bell") + S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion") + S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput") + S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver") + S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist") + S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist") + S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath") + S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath") + S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr") + S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab") + S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab") + S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query") + S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use") + S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec") + S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp") + S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect") + S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap") + S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec") + S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec") + S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc") + S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg") + S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd") + S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp") + S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost") + S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat") + S_(SECCLASS_NSCD, NSCD__ADMIN, "admin") + S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd") + S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp") + S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") diff -puN security/selinux/include/class_to_string.h~selinux-regenerate-selinux-module-headers security/selinux/include/class_to_string.h --- 25/security/selinux/include/class_to_string.h~selinux-regenerate-selinux-module-headers Thu Dec 2 12:56:30 2004 +++ 25-akpm/security/selinux/include/class_to_string.h Thu Dec 2 12:56:30 2004 @@ -2,59 +2,57 @@ /* * Security object class definitions */ -static char *class_to_string[] = -{ - "null", - "security", - "process", - "system", - "capability", - "filesystem", - "file", - "dir", - "fd", - "lnk_file", - "chr_file", - "blk_file", - "sock_file", - "fifo_file", - "socket", - "tcp_socket", - "udp_socket", - "rawip_socket", - "node", - "netif", - "netlink_socket", - "packet_socket", - "key_socket", - "unix_stream_socket", - "unix_dgram_socket", - "sem", - "msg", - "msgq", - "shm", - "ipc", - "passwd", - "drawable", - "window", - "gc", - "font", - "colormap", - "property", - "cursor", - "xclient", - "xinput", - "xserver", - "xextension", - "pax", - "netlink_route_socket", - "netlink_firewall_socket", - "netlink_tcpdiag_socket", - "netlink_nflog_socket", - "netlink_xfrm_socket", - "netlink_selinux_socket", - "netlink_audit_socket", - "netlink_ip6fw_socket", - "netlink_dnrt_socket", -}; - + S_("null") + S_("security") + S_("process") + S_("system") + S_("capability") + S_("filesystem") + S_("file") + S_("dir") + S_("fd") + S_("lnk_file") + S_("chr_file") + S_("blk_file") + S_("sock_file") + S_("fifo_file") + S_("socket") + S_("tcp_socket") + S_("udp_socket") + S_("rawip_socket") + S_("node") + S_("netif") + S_("netlink_socket") + S_("packet_socket") + S_("key_socket") + S_("unix_stream_socket") + S_("unix_dgram_socket") + S_("sem") + S_("msg") + S_("msgq") + S_("shm") + S_("ipc") + S_("passwd") + S_("drawable") + S_("window") + S_("gc") + S_("font") + S_("colormap") + S_("property") + S_("cursor") + S_("xclient") + S_("xinput") + S_("xserver") + S_("xextension") + S_("pax") + S_("netlink_route_socket") + S_("netlink_firewall_socket") + S_("netlink_tcpdiag_socket") + S_("netlink_nflog_socket") + S_("netlink_xfrm_socket") + S_("netlink_selinux_socket") + S_("netlink_audit_socket") + S_("netlink_ip6fw_socket") + S_("netlink_dnrt_socket") + S_("dbus") + S_("nscd") diff -puN security/selinux/include/common_perm_to_string.h~selinux-regenerate-selinux-module-headers security/selinux/include/common_perm_to_string.h --- 25/security/selinux/include/common_perm_to_string.h~selinux-regenerate-selinux-module-headers Thu Dec 2 12:56:30 2004 +++ 25-akpm/security/selinux/include/common_perm_to_string.h Thu Dec 2 12:56:30 2004 @@ -1,65 +1,58 @@ /* This file is automatically generated. Do not edit. */ -/* FLASK */ +TB_(common_file_perm_to_string) + S_("ioctl") + S_("read") + S_("write") + S_("create") + S_("getattr") + S_("setattr") + S_("lock") + S_("relabelfrom") + S_("relabelto") + S_("append") + S_("unlink") + S_("link") + S_("rename") + S_("execute") + S_("swapon") + S_("quotaon") + S_("mounton") +TE_(common_file_perm_to_string) -static char *common_file_perm_to_string[] = -{ - "ioctl", - "read", - "write", - "create", - "getattr", - "setattr", - "lock", - "relabelfrom", - "relabelto", - "append", - "unlink", - "link", - "rename", - "execute", - "swapon", - "quotaon", - "mounton", -}; +TB_(common_socket_perm_to_string) + S_("ioctl") + S_("read") + S_("write") + S_("create") + S_("getattr") + S_("setattr") + S_("lock") + S_("relabelfrom") + S_("relabelto") + S_("append") + S_("bind") + S_("connect") + S_("listen") + S_("accept") + S_("getopt") + S_("setopt") + S_("shutdown") + S_("recvfrom") + S_("sendto") + S_("recv_msg") + S_("send_msg") + S_("name_bind") +TE_(common_socket_perm_to_string) -static char *common_socket_perm_to_string[] = -{ - "ioctl", - "read", - "write", - "create", - "getattr", - "setattr", - "lock", - "relabelfrom", - "relabelto", - "append", - "bind", - "connect", - "listen", - "accept", - "getopt", - "setopt", - "shutdown", - "recvfrom", - "sendto", - "recv_msg", - "send_msg", - "name_bind", -}; +TB_(common_ipc_perm_to_string) + S_("create") + S_("destroy") + S_("getattr") + S_("setattr") + S_("read") + S_("write") + S_("associate") + S_("unix_read") + S_("unix_write") +TE_(common_ipc_perm_to_string) -static char *common_ipc_perm_to_string[] = -{ - "create", - "destroy", - "getattr", - "setattr", - "read", - "write", - "associate", - "unix_read", - "unix_write", -}; - - -/* FLASK */ diff -puN security/selinux/include/flask.h~selinux-regenerate-selinux-module-headers security/selinux/include/flask.h --- 25/security/selinux/include/flask.h~selinux-regenerate-selinux-module-headers Thu Dec 2 12:56:30 2004 +++ 25-akpm/security/selinux/include/flask.h Thu Dec 2 12:56:30 2004 @@ -56,6 +56,8 @@ #define SECCLASS_NETLINK_AUDIT_SOCKET 49 #define SECCLASS_NETLINK_IP6FW_SOCKET 50 #define SECCLASS_NETLINK_DNRT_SOCKET 51 +#define SECCLASS_DBUS 52 +#define SECCLASS_NSCD 53 /* * Security identifier indices for initial entities _