diff options
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/av_inherit.h | 34 | ||||
-rw-r--r-- | security/selinux/include/av_perm_to_string.h | 183 | ||||
-rw-r--r-- | security/selinux/include/av_permissions.h | 870 | ||||
-rw-r--r-- | security/selinux/include/avc_ss.h | 21 | ||||
-rw-r--r-- | security/selinux/include/class_to_string.h | 80 | ||||
-rw-r--r-- | security/selinux/include/classmap.h | 150 | ||||
-rw-r--r-- | security/selinux/include/common_perm_to_string.h | 58 | ||||
-rw-r--r-- | security/selinux/include/flask.h | 91 | ||||
-rw-r--r-- | security/selinux/include/security.h | 13 |
9 files changed, 164 insertions, 1336 deletions
diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h deleted file mode 100644 index abedcd7..0000000 --- a/security/selinux/include/av_inherit.h +++ /dev/null @@ -1,34 +0,0 @@ -/* This file is automatically generated. Do not edit. */ - S_(SECCLASS_DIR, file, 0x00020000UL) - S_(SECCLASS_FILE, file, 0x00020000UL) - S_(SECCLASS_LNK_FILE, file, 0x00020000UL) - S_(SECCLASS_CHR_FILE, file, 0x00020000UL) - S_(SECCLASS_BLK_FILE, file, 0x00020000UL) - S_(SECCLASS_SOCK_FILE, file, 0x00020000UL) - S_(SECCLASS_FIFO_FILE, file, 0x00020000UL) - S_(SECCLASS_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_TUN_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_IPC, ipc, 0x00000200UL) - S_(SECCLASS_SEM, ipc, 0x00000200UL) - S_(SECCLASS_MSGQ, ipc, 0x00000200UL) - S_(SECCLASS_SHM, ipc, 0x00000200UL) - S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL) - S_(SECCLASS_DCCP_SOCKET, socket, 0x00400000UL) diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h deleted file mode 100644 index 2b683ad..0000000 --- a/security/selinux/include/av_perm_to_string.h +++ /dev/null @@ -1,183 +0,0 @@ -/* This file is automatically generated. Do not edit. */ - S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget") - S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name") - S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name") - S_(SECCLASS_DIR, DIR__REPARENT, "reparent") - S_(SECCLASS_DIR, DIR__SEARCH, "search") - S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") - S_(SECCLASS_DIR, DIR__OPEN, "open") - S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") - S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") - S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") - S_(SECCLASS_FILE, FILE__OPEN, "open") - S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans") - S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint") - S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod") - S_(SECCLASS_CHR_FILE, CHR_FILE__OPEN, "open") - S_(SECCLASS_BLK_FILE, BLK_FILE__OPEN, "open") - S_(SECCLASS_SOCK_FILE, SOCK_FILE__OPEN, "open") - S_(SECCLASS_FIFO_FILE, FIFO_FILE__OPEN, "open") - S_(SECCLASS_FD, FD__USE, "use") - S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") - S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") - S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom") - S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind") - S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect") - S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind") - S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind") - S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv") - S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send") - S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv") - S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send") - S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv") - S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send") - S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") - S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv") - S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send") - S_(SECCLASS_NODE, NODE__RECVFROM, "recvfrom") - S_(SECCLASS_NODE, NODE__SENDTO, "sendto") - S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") - S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") - S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") - S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send") - S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv") - S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") - S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv") - S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send") - S_(SECCLASS_NETIF, NETIF__INGRESS, "ingress") - S_(SECCLASS_NETIF, NETIF__EGRESS, "egress") - S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") - S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") - S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") - S_(SECCLASS_PROCESS, PROCESS__FORK, "fork") - S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition") - S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld") - S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill") - S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop") - S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull") - S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal") - S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace") - S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched") - S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched") - S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession") - S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid") - S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid") - S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap") - S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap") - S_(SECCLASS_PROCESS, PROCESS__SHARE, "share") - S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr") - S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec") - S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate") - S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure") - S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") - S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") - S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") - S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") - S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") - S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") - S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") - S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") - S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate") - S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate") - S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") - S_(SECCLASS_MSG, MSG__SEND, "send") - S_(SECCLASS_MSG, MSG__RECEIVE, "receive") - S_(SECCLASS_SHM, SHM__LOCK, "lock") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") - S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") - S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") - S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") - S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") - S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam") - S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot") - S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info") - S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") - S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") - S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") - S_(SECCLASS_SYSTEM, SYSTEM__MODULE_REQUEST, "module_request") - S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") - S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override") - S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") - S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner") - S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid") - S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill") - S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid") - S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid") - S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap") - S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable") - S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service") - S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast") - S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin") - S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw") - S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock") - S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner") - S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module") - S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio") - S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot") - S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace") - S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct") - S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin") - S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot") - S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice") - S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource") - S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time") - S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config") - S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod") - S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") - S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") - S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") - S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap") - S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override") - S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin") - S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") - S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") - S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") - S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write") - S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read") - S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write") - S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read") - S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write") - S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read") - S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write") - S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay") - S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv") - S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT, "nlmsg_tty_audit") - S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read") - S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write") - S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") - S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") - S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext") - S_(SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, "polmatch") - S_(SECCLASS_PACKET, PACKET__SEND, "send") - S_(SECCLASS_PACKET, PACKET__RECV, "recv") - S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto") - S_(SECCLASS_PACKET, PACKET__FLOW_IN, "flow_in") - S_(SECCLASS_PACKET, PACKET__FLOW_OUT, "flow_out") - S_(SECCLASS_PACKET, PACKET__FORWARD_IN, "forward_in") - S_(SECCLASS_PACKET, PACKET__FORWARD_OUT, "forward_out") - S_(SECCLASS_KEY, KEY__VIEW, "view") - S_(SECCLASS_KEY, KEY__READ, "read") - S_(SECCLASS_KEY, KEY__WRITE, "write") - S_(SECCLASS_KEY, KEY__SEARCH, "search") - S_(SECCLASS_KEY, KEY__LINK, "link") - S_(SECCLASS_KEY, KEY__SETATTR, "setattr") - S_(SECCLASS_KEY, KEY__CREATE, "create") - S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind") - S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") - S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") - S_(SECCLASS_PEER, PEER__RECV, "recv") - S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__USE_AS_OVERRIDE, "use_as_override") - S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__CREATE_FILES_AS, "create_files_as") diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h deleted file mode 100644 index 0546d61..0000000 --- a/security/selinux/include/av_permissions.h +++ /dev/null @@ -1,870 +0,0 @@ -/* This file is automatically generated. Do not edit. */ -#define COMMON_FILE__IOCTL 0x00000001UL -#define COMMON_FILE__READ 0x00000002UL -#define COMMON_FILE__WRITE 0x00000004UL -#define COMMON_FILE__CREATE 0x00000008UL -#define COMMON_FILE__GETATTR 0x00000010UL -#define COMMON_FILE__SETATTR 0x00000020UL -#define COMMON_FILE__LOCK 0x00000040UL -#define COMMON_FILE__RELABELFROM 0x00000080UL -#define COMMON_FILE__RELABELTO 0x00000100UL -#define COMMON_FILE__APPEND 0x00000200UL -#define COMMON_FILE__UNLINK 0x00000400UL -#define COMMON_FILE__LINK 0x00000800UL -#define COMMON_FILE__RENAME 0x00001000UL -#define COMMON_FILE__EXECUTE 0x00002000UL -#define COMMON_FILE__SWAPON 0x00004000UL -#define COMMON_FILE__QUOTAON 0x00008000UL -#define COMMON_FILE__MOUNTON 0x00010000UL -#define COMMON_SOCKET__IOCTL 0x00000001UL -#define COMMON_SOCKET__READ 0x00000002UL -#define COMMON_SOCKET__WRITE 0x00000004UL -#define COMMON_SOCKET__CREATE 0x00000008UL -#define COMMON_SOCKET__GETATTR 0x00000010UL -#define COMMON_SOCKET__SETATTR 0x00000020UL -#define COMMON_SOCKET__LOCK 0x00000040UL -#define COMMON_SOCKET__RELABELFROM 0x00000080UL -#define COMMON_SOCKET__RELABELTO 0x00000100UL -#define COMMON_SOCKET__APPEND 0x00000200UL -#define COMMON_SOCKET__BIND 0x00000400UL -#define COMMON_SOCKET__CONNECT 0x00000800UL -#define COMMON_SOCKET__LISTEN 0x00001000UL -#define COMMON_SOCKET__ACCEPT 0x00002000UL -#define COMMON_SOCKET__GETOPT 0x00004000UL -#define COMMON_SOCKET__SETOPT 0x00008000UL -#define COMMON_SOCKET__SHUTDOWN 0x00010000UL -#define COMMON_SOCKET__RECVFROM 0x00020000UL -#define COMMON_SOCKET__SENDTO 0x00040000UL -#define COMMON_SOCKET__RECV_MSG 0x00080000UL -#define COMMON_SOCKET__SEND_MSG 0x00100000UL -#define COMMON_SOCKET__NAME_BIND 0x00200000UL -#define COMMON_IPC__CREATE 0x00000001UL -#define COMMON_IPC__DESTROY 0x00000002UL -#define COMMON_IPC__GETATTR 0x00000004UL -#define COMMON_IPC__SETATTR 0x00000008UL -#define COMMON_IPC__READ 0x00000010UL -#define COMMON_IPC__WRITE 0x00000020UL -#define COMMON_IPC__ASSOCIATE 0x00000040UL -#define COMMON_IPC__UNIX_READ 0x00000080UL -#define COMMON_IPC__UNIX_WRITE 0x00000100UL -#define FILESYSTEM__MOUNT 0x00000001UL -#define FILESYSTEM__REMOUNT 0x00000002UL -#define FILESYSTEM__UNMOUNT 0x00000004UL -#define FILESYSTEM__GETATTR 0x00000008UL -#define FILESYSTEM__RELABELFROM 0x00000010UL -#define FILESYSTEM__RELABELTO 0x00000020UL -#define FILESYSTEM__TRANSITION 0x00000040UL -#define FILESYSTEM__ASSOCIATE 0x00000080UL -#define FILESYSTEM__QUOTAMOD 0x00000100UL -#define FILESYSTEM__QUOTAGET 0x00000200UL -#define DIR__IOCTL 0x00000001UL -#define DIR__READ 0x00000002UL -#define DIR__WRITE 0x00000004UL -#define DIR__CREATE 0x00000008UL -#define DIR__GETATTR 0x00000010UL -#define DIR__SETATTR 0x00000020UL -#define DIR__LOCK 0x00000040UL -#define DIR__RELABELFROM 0x00000080UL -#define DIR__RELABELTO 0x00000100UL -#define DIR__APPEND 0x00000200UL -#define DIR__UNLINK 0x00000400UL -#define DIR__LINK 0x00000800UL -#define DIR__RENAME 0x00001000UL -#define DIR__EXECUTE 0x00002000UL -#define DIR__SWAPON 0x00004000UL -#define DIR__QUOTAON 0x00008000UL -#define DIR__MOUNTON 0x00010000UL -#define DIR__ADD_NAME 0x00020000UL -#define DIR__REMOVE_NAME 0x00040000UL -#define DIR__REPARENT 0x00080000UL -#define DIR__SEARCH 0x00100000UL -#define DIR__RMDIR 0x00200000UL -#define DIR__OPEN 0x00400000UL -#define FILE__IOCTL 0x00000001UL -#define FILE__READ 0x00000002UL -#define FILE__WRITE 0x00000004UL -#define FILE__CREATE 0x00000008UL -#define FILE__GETATTR 0x00000010UL -#define FILE__SETATTR 0x00000020UL -#define FILE__LOCK 0x00000040UL -#define FILE__RELABELFROM 0x00000080UL -#define FILE__RELABELTO 0x00000100UL -#define FILE__APPEND 0x00000200UL -#define FILE__UNLINK 0x00000400UL -#define FILE__LINK 0x00000800UL -#define FILE__RENAME 0x00001000UL -#define FILE__EXECUTE 0x00002000UL -#define FILE__SWAPON 0x00004000UL -#define FILE__QUOTAON 0x00008000UL -#define FILE__MOUNTON 0x00010000UL -#define FILE__EXECUTE_NO_TRANS 0x00020000UL -#define FILE__ENTRYPOINT 0x00040000UL -#define FILE__EXECMOD 0x00080000UL -#define FILE__OPEN 0x00100000UL -#define LNK_FILE__IOCTL 0x00000001UL -#define LNK_FILE__READ 0x00000002UL -#define LNK_FILE__WRITE 0x00000004UL -#define LNK_FILE__CREATE 0x00000008UL -#define LNK_FILE__GETATTR 0x00000010UL -#define LNK_FILE__SETATTR 0x00000020UL -#define LNK_FILE__LOCK 0x00000040UL -#define LNK_FILE__RELABELFROM 0x00000080UL -#define LNK_FILE__RELABELTO 0x00000100UL -#define LNK_FILE__APPEND 0x00000200UL -#define LNK_FILE__UNLINK 0x00000400UL -#define LNK_FILE__LINK 0x00000800UL -#define LNK_FILE__RENAME 0x00001000UL -#define LNK_FILE__EXECUTE 0x00002000UL -#define LNK_FILE__SWAPON 0x00004000UL -#define LNK_FILE__QUOTAON 0x00008000UL -#define LNK_FILE__MOUNTON 0x00010000UL -#define CHR_FILE__IOCTL 0x00000001UL -#define CHR_FILE__READ 0x00000002UL -#define CHR_FILE__WRITE 0x00000004UL -#define CHR_FILE__CREATE 0x00000008UL -#define CHR_FILE__GETATTR 0x00000010UL -#define CHR_FILE__SETATTR 0x00000020UL -#define CHR_FILE__LOCK 0x00000040UL -#define CHR_FILE__RELABELFROM 0x00000080UL -#define CHR_FILE__RELABELTO 0x00000100UL -#define CHR_FILE__APPEND 0x00000200UL -#define CHR_FILE__UNLINK 0x00000400UL -#define CHR_FILE__LINK 0x00000800UL -#define CHR_FILE__RENAME 0x00001000UL -#define CHR_FILE__EXECUTE 0x00002000UL -#define CHR_FILE__SWAPON 0x00004000UL -#define CHR_FILE__QUOTAON 0x00008000UL -#define CHR_FILE__MOUNTON 0x00010000UL -#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL -#define CHR_FILE__ENTRYPOINT 0x00040000UL -#define CHR_FILE__EXECMOD 0x00080000UL -#define CHR_FILE__OPEN 0x00100000UL -#define BLK_FILE__IOCTL 0x00000001UL -#define BLK_FILE__READ 0x00000002UL -#define BLK_FILE__WRITE 0x00000004UL -#define BLK_FILE__CREATE 0x00000008UL -#define BLK_FILE__GETATTR 0x00000010UL -#define BLK_FILE__SETATTR 0x00000020UL -#define BLK_FILE__LOCK 0x00000040UL -#define BLK_FILE__RELABELFROM 0x00000080UL -#define BLK_FILE__RELABELTO 0x00000100UL -#define BLK_FILE__APPEND 0x00000200UL -#define BLK_FILE__UNLINK 0x00000400UL -#define BLK_FILE__LINK 0x00000800UL -#define BLK_FILE__RENAME 0x00001000UL -#define BLK_FILE__EXECUTE 0x00002000UL -#define BLK_FILE__SWAPON 0x00004000UL -#define BLK_FILE__QUOTAON 0x00008000UL -#define BLK_FILE__MOUNTON 0x00010000UL -#define BLK_FILE__OPEN 0x00020000UL -#define SOCK_FILE__IOCTL 0x00000001UL -#define SOCK_FILE__READ 0x00000002UL -#define SOCK_FILE__WRITE 0x00000004UL -#define SOCK_FILE__CREATE 0x00000008UL -#define SOCK_FILE__GETATTR 0x00000010UL -#define SOCK_FILE__SETATTR 0x00000020UL -#define SOCK_FILE__LOCK 0x00000040UL -#define SOCK_FILE__RELABELFROM 0x00000080UL -#define SOCK_FILE__RELABELTO 0x00000100UL -#define SOCK_FILE__APPEND 0x00000200UL -#define SOCK_FILE__UNLINK 0x00000400UL -#define SOCK_FILE__LINK 0x00000800UL -#define SOCK_FILE__RENAME 0x00001000UL -#define SOCK_FILE__EXECUTE 0x00002000UL -#define SOCK_FILE__SWAPON 0x00004000UL -#define SOCK_FILE__QUOTAON 0x00008000UL -#define SOCK_FILE__MOUNTON 0x00010000UL -#define SOCK_FILE__OPEN 0x00020000UL -#define FIFO_FILE__IOCTL 0x00000001UL -#define FIFO_FILE__READ 0x00000002UL -#define FIFO_FILE__WRITE 0x00000004UL -#define FIFO_FILE__CREATE 0x00000008UL -#define FIFO_FILE__GETATTR 0x00000010UL -#define FIFO_FILE__SETATTR 0x00000020UL -#define FIFO_FILE__LOCK 0x00000040UL -#define FIFO_FILE__RELABELFROM 0x00000080UL -#define FIFO_FILE__RELABELTO 0x00000100UL -#define FIFO_FILE__APPEND 0x00000200UL -#define FIFO_FILE__UNLINK 0x00000400UL -#define FIFO_FILE__LINK 0x00000800UL -#define FIFO_FILE__RENAME 0x00001000UL -#define FIFO_FILE__EXECUTE 0x00002000UL -#define FIFO_FILE__SWAPON 0x00004000UL -#define FIFO_FILE__QUOTAON 0x00008000UL -#define FIFO_FILE__MOUNTON 0x00010000UL -#define FIFO_FILE__OPEN 0x00020000UL -#define FD__USE 0x00000001UL -#define SOCKET__IOCTL 0x00000001UL -#define SOCKET__READ 0x00000002UL -#define SOCKET__WRITE 0x00000004UL -#define SOCKET__CREATE 0x00000008UL -#define SOCKET__GETATTR 0x00000010UL -#define SOCKET__SETATTR 0x00000020UL -#define SOCKET__LOCK 0x00000040UL -#define SOCKET__RELABELFROM 0x00000080UL -#define SOCKET__RELABELTO 0x00000100UL -#define SOCKET__APPEND 0x00000200UL -#define SOCKET__BIND 0x00000400UL -#define SOCKET__CONNECT 0x00000800UL -#define SOCKET__LISTEN 0x00001000UL -#define SOCKET__ACCEPT 0x00002000UL -#define SOCKET__GETOPT 0x00004000UL -#define SOCKET__SETOPT 0x00008000UL -#define SOCKET__SHUTDOWN 0x00010000UL -#define SOCKET__RECVFROM 0x00020000UL -#define SOCKET__SENDTO 0x00040000UL -#define SOCKET__RECV_MSG 0x00080000UL -#define SOCKET__SEND_MSG 0x00100000UL -#define SOCKET__NAME_BIND 0x00200000UL -#define TCP_SOCKET__IOCTL 0x00000001UL -#define TCP_SOCKET__READ 0x00000002UL -#define TCP_SOCKET__WRITE 0x00000004UL -#define TCP_SOCKET__CREATE 0x00000008UL -#define TCP_SOCKET__GETATTR 0x00000010UL -#define TCP_SOCKET__SETATTR 0x00000020UL -#define TCP_SOCKET__LOCK 0x00000040UL -#define TCP_SOCKET__RELABELFROM 0x00000080UL -#define TCP_SOCKET__RELABELTO 0x00000100UL -#define TCP_SOCKET__APPEND 0x00000200UL -#define TCP_SOCKET__BIND 0x00000400UL -#define TCP_SOCKET__CONNECT 0x00000800UL -#define TCP_SOCKET__LISTEN 0x00001000UL -#define TCP_SOCKET__ACCEPT 0x00002000UL -#define TCP_SOCKET__GETOPT 0x00004000UL -#define TCP_SOCKET__SETOPT 0x00008000UL -#define TCP_SOCKET__SHUTDOWN 0x00010000UL -#define TCP_SOCKET__RECVFROM 0x00020000UL -#define TCP_SOCKET__SENDTO 0x00040000UL -#define TCP_SOCKET__RECV_MSG 0x00080000UL -#define TCP_SOCKET__SEND_MSG 0x00100000UL -#define TCP_SOCKET__NAME_BIND 0x00200000UL -#define TCP_SOCKET__CONNECTTO 0x00400000UL -#define TCP_SOCKET__NEWCONN 0x00800000UL -#define TCP_SOCKET__ACCEPTFROM 0x01000000UL -#define TCP_SOCKET__NODE_BIND 0x02000000UL -#define TCP_SOCKET__NAME_CONNECT 0x04000000UL -#define UDP_SOCKET__IOCTL 0x00000001UL -#define UDP_SOCKET__READ 0x00000002UL -#define UDP_SOCKET__WRITE 0x00000004UL -#define UDP_SOCKET__CREATE 0x00000008UL -#define UDP_SOCKET__GETATTR 0x00000010UL -#define UDP_SOCKET__SETATTR 0x00000020UL -#define UDP_SOCKET__LOCK 0x00000040UL -#define UDP_SOCKET__RELABELFROM 0x00000080UL -#define UDP_SOCKET__RELABELTO 0x00000100UL -#define UDP_SOCKET__APPEND 0x00000200UL -#define UDP_SOCKET__BIND 0x00000400UL -#define UDP_SOCKET__CONNECT 0x00000800UL -#define UDP_SOCKET__LISTEN 0x00001000UL -#define UDP_SOCKET__ACCEPT 0x00002000UL -#define UDP_SOCKET__GETOPT 0x00004000UL -#define UDP_SOCKET__SETOPT 0x00008000UL -#define UDP_SOCKET__SHUTDOWN 0x00010000UL -#define UDP_SOCKET__RECVFROM 0x00020000UL -#define UDP_SOCKET__SENDTO 0x00040000UL -#define UDP_SOCKET__RECV_MSG 0x00080000UL -#define UDP_SOCKET__SEND_MSG 0x00100000UL -#define UDP_SOCKET__NAME_BIND 0x00200000UL -#define UDP_SOCKET__NODE_BIND 0x00400000UL -#define RAWIP_SOCKET__IOCTL 0x00000001UL -#define RAWIP_SOCKET__READ 0x00000002UL -#define RAWIP_SOCKET__WRITE 0x00000004UL -#define RAWIP_SOCKET__CREATE 0x00000008UL -#define RAWIP_SOCKET__GETATTR 0x00000010UL -#define RAWIP_SOCKET__SETATTR 0x00000020UL -#define RAWIP_SOCKET__LOCK 0x00000040UL -#define RAWIP_SOCKET__RELABELFROM 0x00000080UL -#define RAWIP_SOCKET__RELABELTO 0x00000100UL -#define RAWIP_SOCKET__APPEND 0x00000200UL -#define RAWIP_SOCKET__BIND 0x00000400UL -#define RAWIP_SOCKET__CONNECT 0x00000800UL -#define RAWIP_SOCKET__LISTEN 0x00001000UL -#define RAWIP_SOCKET__ACCEPT 0x00002000UL -#define RAWIP_SOCKET__GETOPT 0x00004000UL -#define RAWIP_SOCKET__SETOPT 0x00008000UL -#define RAWIP_SOCKET__SHUTDOWN 0x00010000UL -#define RAWIP_SOCKET__RECVFROM 0x00020000UL -#define RAWIP_SOCKET__SENDTO 0x00040000UL -#define RAWIP_SOCKET__RECV_MSG 0x00080000UL -#define RAWIP_SOCKET__SEND_MSG 0x00100000UL -#define RAWIP_SOCKET__NAME_BIND 0x00200000UL -#define RAWIP_SOCKET__NODE_BIND 0x00400000UL -#define NODE__TCP_RECV 0x00000001UL -#define NODE__TCP_SEND 0x00000002UL -#define NODE__UDP_RECV 0x00000004UL -#define NODE__UDP_SEND 0x00000008UL -#define NODE__RAWIP_RECV 0x00000010UL -#define NODE__RAWIP_SEND 0x00000020UL -#define NODE__ENFORCE_DEST 0x00000040UL -#define NODE__DCCP_RECV 0x00000080UL -#define NODE__DCCP_SEND 0x00000100UL -#define NODE__RECVFROM 0x00000200UL -#define NODE__SENDTO 0x00000400UL -#define NETIF__TCP_RECV 0x00000001UL -#define NETIF__TCP_SEND 0x00000002UL -#define NETIF__UDP_RECV 0x00000004UL -#define NETIF__UDP_SEND 0x00000008UL -#define NETIF__RAWIP_RECV 0x00000010UL -#define NETIF__RAWIP_SEND 0x00000020UL -#define NETIF__DCCP_RECV 0x00000040UL -#define NETIF__DCCP_SEND 0x00000080UL -#define NETIF__INGRESS 0x00000100UL -#define NETIF__EGRESS 0x00000200UL -#define NETLINK_SOCKET__IOCTL 0x00000001UL -#define NETLINK_SOCKET__READ 0x00000002UL -#define NETLINK_SOCKET__WRITE 0x00000004UL -#define NETLINK_SOCKET__CREATE 0x00000008UL -#define NETLINK_SOCKET__GETATTR 0x00000010UL -#define NETLINK_SOCKET__SETATTR 0x00000020UL -#define NETLINK_SOCKET__LOCK 0x00000040UL -#define NETLINK_SOCKET__RELABELFROM 0x00000080UL -#define NETLINK_SOCKET__RELABELTO 0x00000100UL -#define NETLINK_SOCKET__APPEND 0x00000200UL -#define NETLINK_SOCKET__BIND 0x00000400UL -#define NETLINK_SOCKET__CONNECT 0x00000800UL -#define NETLINK_SOCKET__LISTEN 0x00001000UL -#define NETLINK_SOCKET__ACCEPT 0x00002000UL -#define NETLINK_SOCKET__GETOPT 0x00004000UL -#define NETLINK_SOCKET__SETOPT 0x00008000UL -#define NETLINK_SOCKET__SHUTDOWN 0x00010000UL -#define NETLINK_SOCKET__RECVFROM 0x00020000UL -#define NETLINK_SOCKET__SENDTO 0x00040000UL -#define NETLINK_SOCKET__RECV_MSG 0x00080000UL -#define NETLINK_SOCKET__SEND_MSG 0x00100000UL -#define NETLINK_SOCKET__NAME_BIND 0x00200000UL -#define PACKET_SOCKET__IOCTL 0x00000001UL -#define PACKET_SOCKET__READ 0x00000002UL -#define PACKET_SOCKET__WRITE 0x00000004UL -#define PACKET_SOCKET__CREATE 0x00000008UL -#define PACKET_SOCKET__GETATTR 0x00000010UL -#define PACKET_SOCKET__SETATTR 0x00000020UL -#define PACKET_SOCKET__LOCK 0x00000040UL -#define PACKET_SOCKET__RELABELFROM 0x00000080UL -#define PACKET_SOCKET__RELABELTO 0x00000100UL -#define PACKET_SOCKET__APPEND 0x00000200UL -#define PACKET_SOCKET__BIND 0x00000400UL -#define PACKET_SOCKET__CONNECT 0x00000800UL -#define PACKET_SOCKET__LISTEN 0x00001000UL -#define PACKET_SOCKET__ACCEPT 0x00002000UL -#define PACKET_SOCKET__GETOPT 0x00004000UL -#define PACKET_SOCKET__SETOPT 0x00008000UL -#define PACKET_SOCKET__SHUTDOWN 0x00010000UL -#define PACKET_SOCKET__RECVFROM 0x00020000UL -#define PACKET_SOCKET__SENDTO 0x00040000UL -#define PACKET_SOCKET__RECV_MSG 0x00080000UL -#define PACKET_SOCKET__SEND_MSG 0x00100000UL -#define PACKET_SOCKET__NAME_BIND 0x00200000UL -#define KEY_SOCKET__IOCTL 0x00000001UL -#define KEY_SOCKET__READ 0x00000002UL -#define KEY_SOCKET__WRITE 0x00000004UL -#define KEY_SOCKET__CREATE 0x00000008UL -#define KEY_SOCKET__GETATTR 0x00000010UL -#define KEY_SOCKET__SETATTR 0x00000020UL -#define KEY_SOCKET__LOCK 0x00000040UL -#define KEY_SOCKET__RELABELFROM 0x00000080UL -#define KEY_SOCKET__RELABELTO 0x00000100UL -#define KEY_SOCKET__APPEND 0x00000200UL -#define KEY_SOCKET__BIND 0x00000400UL -#define KEY_SOCKET__CONNECT 0x00000800UL -#define KEY_SOCKET__LISTEN 0x00001000UL -#define KEY_SOCKET__ACCEPT 0x00002000UL -#define KEY_SOCKET__GETOPT 0x00004000UL -#define KEY_SOCKET__SETOPT 0x00008000UL -#define KEY_SOCKET__SHUTDOWN 0x00010000UL -#define KEY_SOCKET__RECVFROM 0x00020000UL -#define KEY_SOCKET__SENDTO 0x00040000UL -#define KEY_SOCKET__RECV_MSG 0x00080000UL -#define KEY_SOCKET__SEND_MSG 0x00100000UL -#define KEY_SOCKET__NAME_BIND 0x00200000UL -#define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL -#define UNIX_STREAM_SOCKET__READ 0x00000002UL -#define UNIX_STREAM_SOCKET__WRITE 0x00000004UL -#define UNIX_STREAM_SOCKET__CREATE 0x00000008UL -#define UNIX_STREAM_SOCKET__GETATTR 0x00000010UL -#define UNIX_STREAM_SOCKET__SETATTR 0x00000020UL -#define UNIX_STREAM_SOCKET__LOCK 0x00000040UL -#define UNIX_STREAM_SOCKET__RELABELFROM 0x00000080UL -#define UNIX_STREAM_SOCKET__RELABELTO 0x00000100UL -#define UNIX_STREAM_SOCKET__APPEND 0x00000200UL -#define UNIX_STREAM_SOCKET__BIND 0x00000400UL -#define UNIX_STREAM_SOCKET__CONNECT 0x00000800UL -#define UNIX_STREAM_SOCKET__LISTEN 0x00001000UL -#define UNIX_STREAM_SOCKET__ACCEPT 0x00002000UL -#define UNIX_STREAM_SOCKET__GETOPT 0x00004000UL -#define UNIX_STREAM_SOCKET__SETOPT 0x00008000UL -#define UNIX_STREAM_SOCKET__SHUTDOWN 0x00010000UL -#define UNIX_STREAM_SOCKET__RECVFROM 0x00020000UL -#define UNIX_STREAM_SOCKET__SENDTO 0x00040000UL -#define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL -#define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL -#define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL -#define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL -#define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL -#define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL -#define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL -#define UNIX_DGRAM_SOCKET__READ 0x00000002UL -#define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL -#define UNIX_DGRAM_SOCKET__CREATE 0x00000008UL -#define UNIX_DGRAM_SOCKET__GETATTR 0x00000010UL -#define UNIX_DGRAM_SOCKET__SETATTR 0x00000020UL -#define UNIX_DGRAM_SOCKET__LOCK 0x00000040UL -#define UNIX_DGRAM_SOCKET__RELABELFROM 0x00000080UL -#define UNIX_DGRAM_SOCKET__RELABELTO 0x00000100UL -#define UNIX_DGRAM_SOCKET__APPEND 0x00000200UL -#define UNIX_DGRAM_SOCKET__BIND 0x00000400UL -#define UNIX_DGRAM_SOCKET__CONNECT 0x00000800UL -#define UNIX_DGRAM_SOCKET__LISTEN 0x00001000UL -#define UNIX_DGRAM_SOCKET__ACCEPT 0x00002000UL -#define UNIX_DGRAM_SOCKET__GETOPT 0x00004000UL -#define UNIX_DGRAM_SOCKET__SETOPT 0x00008000UL -#define UNIX_DGRAM_SOCKET__SHUTDOWN 0x00010000UL -#define UNIX_DGRAM_SOCKET__RECVFROM 0x00020000UL -#define UNIX_DGRAM_SOCKET__SENDTO 0x00040000UL -#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL -#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL -#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL -#define TUN_SOCKET__IOCTL 0x00000001UL -#define TUN_SOCKET__READ 0x00000002UL -#define TUN_SOCKET__WRITE 0x00000004UL -#define TUN_SOCKET__CREATE 0x00000008UL -#define TUN_SOCKET__GETATTR 0x00000010UL -#define TUN_SOCKET__SETATTR 0x00000020UL -#define TUN_SOCKET__LOCK 0x00000040UL -#define TUN_SOCKET__RELABELFROM 0x00000080UL -#define TUN_SOCKET__RELABELTO 0x00000100UL -#define TUN_SOCKET__APPEND 0x00000200UL -#define TUN_SOCKET__BIND 0x00000400UL -#define TUN_SOCKET__CONNECT 0x00000800UL -#define TUN_SOCKET__LISTEN 0x00001000UL -#define TUN_SOCKET__ACCEPT 0x00002000UL -#define TUN_SOCKET__GETOPT 0x00004000UL -#define TUN_SOCKET__SETOPT 0x00008000UL -#define TUN_SOCKET__SHUTDOWN 0x00010000UL -#define TUN_SOCKET__RECVFROM 0x00020000UL -#define TUN_SOCKET__SENDTO 0x00040000UL -#define TUN_SOCKET__RECV_MSG 0x00080000UL -#define TUN_SOCKET__SEND_MSG 0x00100000UL -#define TUN_SOCKET__NAME_BIND 0x00200000UL -#define PROCESS__FORK 0x00000001UL -#define PROCESS__TRANSITION 0x00000002UL -#define PROCESS__SIGCHLD 0x00000004UL -#define PROCESS__SIGKILL 0x00000008UL -#define PROCESS__SIGSTOP 0x00000010UL -#define PROCESS__SIGNULL 0x00000020UL -#define PROCESS__SIGNAL 0x00000040UL -#define PROCESS__PTRACE 0x00000080UL -#define PROCESS__GETSCHED 0x00000100UL -#define PROCESS__SETSCHED 0x00000200UL -#define PROCESS__GETSESSION 0x00000400UL -#define PROCESS__GETPGID 0x00000800UL -#define PROCESS__SETPGID 0x00001000UL -#define PROCESS__GETCAP 0x00002000UL -#define PROCESS__SETCAP 0x00004000UL -#define PROCESS__SHARE 0x00008000UL -#define PROCESS__GETATTR 0x00010000UL -#define PROCESS__SETEXEC 0x00020000UL -#define PROCESS__SETFSCREATE 0x00040000UL -#define PROCESS__NOATSECURE 0x00080000UL -#define PROCESS__SIGINH 0x00100000UL -#define PROCESS__SETRLIMIT 0x00200000UL -#define PROCESS__RLIMITINH 0x00400000UL -#define PROCESS__DYNTRANSITION 0x00800000UL -#define PROCESS__SETCURRENT 0x01000000UL -#define PROCESS__EXECMEM 0x02000000UL -#define PROCESS__EXECSTACK 0x04000000UL -#define PROCESS__EXECHEAP 0x08000000UL -#define PROCESS__SETKEYCREATE 0x10000000UL -#define PROCESS__SETSOCKCREATE 0x20000000UL -#define IPC__CREATE 0x00000001UL -#define IPC__DESTROY 0x00000002UL -#define IPC__GETATTR 0x00000004UL -#define IPC__SETATTR 0x00000008UL -#define IPC__READ 0x00000010UL -#define IPC__WRITE 0x00000020UL -#define IPC__ASSOCIATE 0x00000040UL -#define IPC__UNIX_READ 0x00000080UL -#define IPC__UNIX_WRITE 0x00000100UL -#define SEM__CREATE 0x00000001UL -#define SEM__DESTROY 0x00000002UL -#define SEM__GETATTR 0x00000004UL -#define SEM__SETATTR 0x00000008UL -#define SEM__READ 0x00000010UL -#define SEM__WRITE 0x00000020UL -#define SEM__ASSOCIATE 0x00000040UL -#define SEM__UNIX_READ 0x00000080UL -#define SEM__UNIX_WRITE 0x00000100UL -#define MSGQ__CREATE 0x00000001UL -#define MSGQ__DESTROY 0x00000002UL -#define MSGQ__GETATTR 0x00000004UL -#define MSGQ__SETATTR 0x00000008UL -#define MSGQ__READ 0x00000010UL -#define MSGQ__WRITE 0x00000020UL -#define MSGQ__ASSOCIATE 0x00000040UL -#define MSGQ__UNIX_READ 0x00000080UL -#define MSGQ__UNIX_WRITE 0x00000100UL -#define MSGQ__ENQUEUE 0x00000200UL -#define MSG__SEND 0x00000001UL -#define MSG__RECEIVE 0x00000002UL -#define SHM__CREATE 0x00000001UL -#define SHM__DESTROY 0x00000002UL -#define SHM__GETATTR 0x00000004UL -#define SHM__SETATTR 0x00000008UL -#define SHM__READ 0x00000010UL -#define SHM__WRITE 0x00000020UL -#define SHM__ASSOCIATE 0x00000040UL -#define SHM__UNIX_READ 0x00000080UL -#define SHM__UNIX_WRITE 0x00000100UL -#define SHM__LOCK 0x00000200UL -#define SECURITY__COMPUTE_AV 0x00000001UL -#define SECURITY__COMPUTE_CREATE 0x00000002UL -#define SECURITY__COMPUTE_MEMBER 0x00000004UL -#define SECURITY__CHECK_CONTEXT 0x00000008UL -#define SECURITY__LOAD_POLICY 0x00000010UL -#define SECURITY__COMPUTE_RELABEL 0x00000020UL -#define SECURITY__COMPUTE_USER 0x00000040UL -#define SECURITY__SETENFORCE 0x00000080UL -#define SECURITY__SETBOOL 0x00000100UL -#define SECURITY__SETSECPARAM 0x00000200UL -#define SECURITY__SETCHECKREQPROT 0x00000400UL -#define SYSTEM__IPC_INFO 0x00000001UL -#define SYSTEM__SYSLOG_READ 0x00000002UL -#define SYSTEM__SYSLOG_MOD 0x00000004UL -#define SYSTEM__SYSLOG_CONSOLE 0x00000008UL -#define SYSTEM__MODULE_REQUEST 0x00000010UL -#define CAPABILITY__CHOWN 0x00000001UL -#define CAPABILITY__DAC_OVERRIDE 0x00000002UL -#define CAPABILITY__DAC_READ_SEARCH 0x00000004UL -#define CAPABILITY__FOWNER 0x00000008UL -#define CAPABILITY__FSETID 0x00000010UL -#define CAPABILITY__KILL 0x00000020UL -#define CAPABILITY__SETGID 0x00000040UL -#define CAPABILITY__SETUID 0x00000080UL -#define CAPABILITY__SETPCAP 0x00000100UL -#define CAPABILITY__LINUX_IMMUTABLE 0x00000200UL -#define CAPABILITY__NET_BIND_SERVICE 0x00000400UL -#define CAPABILITY__NET_BROADCAST 0x00000800UL -#define CAPABILITY__NET_ADMIN 0x00001000UL -#define CAPABILITY__NET_RAW 0x00002000UL -#define CAPABILITY__IPC_LOCK 0x00004000UL -#define CAPABILITY__IPC_OWNER 0x00008000UL -#define CAPABILITY__SYS_MODULE 0x00010000UL -#define CAPABILITY__SYS_RAWIO 0x00020000UL -#define CAPABILITY__SYS_CHROOT 0x00040000UL -#define CAPABILITY__SYS_PTRACE 0x00080000UL -#define CAPABILITY__SYS_PACCT 0x00100000UL -#define CAPABILITY__SYS_ADMIN 0x00200000UL -#define CAPABILITY__SYS_BOOT 0x00400000UL -#define CAPABILITY__SYS_NICE 0x00800000UL -#define CAPABILITY__SYS_RESOURCE 0x01000000UL -#define CAPABILITY__SYS_TIME 0x02000000UL -#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL -#define CAPABILITY__MKNOD 0x08000000UL -#define CAPABILITY__LEASE 0x10000000UL -#define CAPABILITY__AUDIT_WRITE 0x20000000UL -#define CAPABILITY__AUDIT_CONTROL 0x40000000UL -#define CAPABILITY__SETFCAP 0x80000000UL -#define CAPABILITY2__MAC_OVERRIDE 0x00000001UL -#define CAPABILITY2__MAC_ADMIN 0x00000002UL -#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL -#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL -#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL -#define NETLINK_ROUTE_SOCKET__CREATE 0x00000008UL -#define NETLINK_ROUTE_SOCKET__GETATTR 0x00000010UL -#define NETLINK_ROUTE_SOCKET__SETATTR 0x00000020UL -#define NETLINK_ROUTE_SOCKET__LOCK 0x00000040UL -#define NETLINK_ROUTE_SOCKET__RELABELFROM 0x00000080UL -#define NETLINK_ROUTE_SOCKET__RELABELTO 0x00000100UL -#define NETLINK_ROUTE_SOCKET__APPEND 0x00000200UL -#define NETLINK_ROUTE_SOCKET__BIND 0x00000400UL -#define NETLINK_ROUTE_SOCKET__CONNECT 0x00000800UL -#define NETLINK_ROUTE_SOCKET__LISTEN 0x00001000UL -#define NETLINK_ROUTE_SOCKET__ACCEPT 0x00002000UL -#define NETLINK_ROUTE_SOCKET__GETOPT 0x00004000UL -#define NETLINK_ROUTE_SOCKET__SETOPT 0x00008000UL -#define NETLINK_ROUTE_SOCKET__SHUTDOWN 0x00010000UL -#define NETLINK_ROUTE_SOCKET__RECVFROM 0x00020000UL -#define NETLINK_ROUTE_SOCKET__SENDTO 0x00040000UL -#define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL -#define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL -#define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL -#define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL -#define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL -#define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL -#define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL -#define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL -#define NETLINK_FIREWALL_SOCKET__CREATE 0x00000008UL -#define NETLINK_FIREWALL_SOCKET__GETATTR 0x00000010UL -#define NETLINK_FIREWALL_SOCKET__SETATTR 0x00000020UL -#define NETLINK_FIREWALL_SOCKET__LOCK 0x00000040UL -#define NETLINK_FIREWALL_SOCKET__RELABELFROM 0x00000080UL -#define NETLINK_FIREWALL_SOCKET__RELABELTO 0x00000100UL -#define NETLINK_FIREWALL_SOCKET__APPEND 0x00000200UL -#define NETLINK_FIREWALL_SOCKET__BIND 0x00000400UL -#define NETLINK_FIREWALL_SOCKET__CONNECT 0x00000800UL -#define NETLINK_FIREWALL_SOCKET__LISTEN 0x00001000UL -#define NETLINK_FIREWALL_SOCKET__ACCEPT 0x00002000UL -#define NETLINK_FIREWALL_SOCKET__GETOPT 0x00004000UL -#define NETLINK_FIREWALL_SOCKET__SETOPT 0x00008000UL -#define NETLINK_FIREWALL_SOCKET__SHUTDOWN 0x00010000UL -#define NETLINK_FIREWALL_SOCKET__RECVFROM 0x00020000UL -#define NETLINK_FIREWALL_SOCKET__SENDTO 0x00040000UL -#define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL -#define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL -#define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL -#define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL -#define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL -#define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL -#define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL -#define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL -#define NETLINK_TCPDIAG_SOCKET__CREATE 0x00000008UL -#define NETLINK_TCPDIAG_SOCKET__GETATTR 0x00000010UL -#define NETLINK_TCPDIAG_SOCKET__SETATTR 0x00000020UL -#define NETLINK_TCPDIAG_SOCKET__LOCK 0x00000040UL -#define NETLINK_TCPDIAG_SOCKET__RELABELFROM 0x00000080UL -#define NETLINK_TCPDIAG_SOCKET__RELABELTO 0x00000100UL -#define NETLINK_TCPDIAG_SOCKET__APPEND 0x00000200UL -#define NETLINK_TCPDIAG_SOCKET__BIND 0x00000400UL -#define NETLINK_TCPDIAG_SOCKET__CONNECT 0x00000800UL -#define NETLINK_TCPDIAG_SOCKET__LISTEN 0x00001000UL -#define NETLINK_TCPDIAG_SOCKET__ACCEPT 0x00002000UL -#define NETLINK_TCPDIAG_SOCKET__GETOPT 0x00004000UL -#define NETLINK_TCPDIAG_SOCKET__SETOPT 0x00008000UL -#define NETLINK_TCPDIAG_SOCKET__SHUTDOWN 0x00010000UL -#define NETLINK_TCPDIAG_SOCKET__RECVFROM 0x00020000UL -#define NETLINK_TCPDIAG_SOCKET__SENDTO 0x00040000UL -#define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL -#define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL -#define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL -#define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL -#define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL -#define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL -#define NETLINK_NFLOG_SOCKET__READ 0x00000002UL -#define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL -#define NETLINK_NFLOG_SOCKET__CREATE 0x00000008UL -#define NETLINK_NFLOG_SOCKET__GETATTR 0x00000010UL -#define NETLINK_NFLOG_SOCKET__SETATTR 0x00000020UL -#define NETLINK_NFLOG_SOCKET__LOCK 0x00000040UL -#define NETLINK_NFLOG_SOCKET__RELABELFROM 0x00000080UL -#define NETLINK_NFLOG_SOCKET__RELABELTO 0x00000100UL -#define NETLINK_NFLOG_SOCKET__APPEND 0x00000200UL -#define NETLINK_NFLOG_SOCKET__BIND 0x00000400UL -#define NETLINK_NFLOG_SOCKET__CONNECT 0x00000800UL -#define NETLINK_NFLOG_SOCKET__LISTEN 0x00001000UL -#define NETLINK_NFLOG_SOCKET__ACCEPT 0x00002000UL -#define NETLINK_NFLOG_SOCKET__GETOPT 0x00004000UL -#define NETLINK_NFLOG_SOCKET__SETOPT 0x00008000UL -#define NETLINK_NFLOG_SOCKET__SHUTDOWN 0x00010000UL -#define NETLINK_NFLOG_SOCKET__RECVFROM 0x00020000UL -#define NETLINK_NFLOG_SOCKET__SENDTO 0x00040000UL -#define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL -#define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL -#define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL -#define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL -#define NETLINK_XFRM_SOCKET__READ 0x00000002UL -#define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL -#define NETLINK_XFRM_SOCKET__CREATE 0x00000008UL -#define NETLINK_XFRM_SOCKET__GETATTR 0x00000010UL -#define NETLINK_XFRM_SOCKET__SETATTR 0x00000020UL -#define NETLINK_XFRM_SOCKET__LOCK 0x00000040UL -#define NETLINK_XFRM_SOCKET__RELABELFROM 0x00000080UL -#define NETLINK_XFRM_SOCKET__RELABELTO 0x00000100UL -#define NETLINK_XFRM_SOCKET__APPEND 0x00000200UL -#define NETLINK_XFRM_SOCKET__BIND 0x00000400UL -#define NETLINK_XFRM_SOCKET__CONNECT 0x00000800UL -#define NETLINK_XFRM_SOCKET__LISTEN 0x00001000UL -#define NETLINK_XFRM_SOCKET__ACCEPT 0x00002000UL -#define NETLINK_XFRM_SOCKET__GETOPT 0x00004000UL -#define NETLINK_XFRM_SOCKET__SETOPT 0x00008000UL -#define NETLINK_XFRM_SOCKET__SHUTDOWN 0x00010000UL -#define NETLINK_XFRM_SOCKET__RECVFROM 0x00020000UL -#define NETLINK_XFRM_SOCKET__SENDTO 0x00040000UL -#define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL -#define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL -#define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL -#define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL -#define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL -#define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL -#define NETLINK_SELINUX_SOCKET__READ 0x00000002UL -#define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL -#define NETLINK_SELINUX_SOCKET__CREATE 0x00000008UL -#define NETLINK_SELINUX_SOCKET__GETATTR 0x00000010UL -#define NETLINK_SELINUX_SOCKET__SETATTR 0x00000020UL -#define NETLINK_SELINUX_SOCKET__LOCK 0x00000040UL -#define NETLINK_SELINUX_SOCKET__RELABELFROM 0x00000080UL -#define NETLINK_SELINUX_SOCKET__RELABELTO 0x00000100UL -#define NETLINK_SELINUX_SOCKET__APPEND 0x00000200UL -#define NETLINK_SELINUX_SOCKET__BIND 0x00000400UL -#define NETLINK_SELINUX_SOCKET__CONNECT 0x00000800UL -#define NETLINK_SELINUX_SOCKET__LISTEN 0x00001000UL -#define NETLINK_SELINUX_SOCKET__ACCEPT 0x00002000UL -#define NETLINK_SELINUX_SOCKET__GETOPT 0x00004000UL -#define NETLINK_SELINUX_SOCKET__SETOPT 0x00008000UL -#define NETLINK_SELINUX_SOCKET__SHUTDOWN 0x00010000UL -#define NETLINK_SELINUX_SOCKET__RECVFROM 0x00020000UL -#define NETLINK_SELINUX_SOCKET__SENDTO 0x00040000UL -#define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL -#define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL -#define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL -#define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL -#define NETLINK_AUDIT_SOCKET__READ 0x00000002UL -#define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL -#define NETLINK_AUDIT_SOCKET__CREATE 0x00000008UL -#define NETLINK_AUDIT_SOCKET__GETATTR 0x00000010UL -#define NETLINK_AUDIT_SOCKET__SETATTR 0x00000020UL -#define NETLINK_AUDIT_SOCKET__LOCK 0x00000040UL -#define NETLINK_AUDIT_SOCKET__RELABELFROM 0x00000080UL -#define NETLINK_AUDIT_SOCKET__RELABELTO 0x00000100UL -#define NETLINK_AUDIT_SOCKET__APPEND 0x00000200UL -#define NETLINK_AUDIT_SOCKET__BIND 0x00000400UL -#define NETLINK_AUDIT_SOCKET__CONNECT 0x00000800UL -#define NETLINK_AUDIT_SOCKET__LISTEN 0x00001000UL -#define NETLINK_AUDIT_SOCKET__ACCEPT 0x00002000UL -#define NETLINK_AUDIT_SOCKET__GETOPT 0x00004000UL -#define NETLINK_AUDIT_SOCKET__SETOPT 0x00008000UL -#define NETLINK_AUDIT_SOCKET__SHUTDOWN 0x00010000UL -#define NETLINK_AUDIT_SOCKET__RECVFROM 0x00020000UL -#define NETLINK_AUDIT_SOCKET__SENDTO 0x00040000UL -#define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL -#define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL -#define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL -#define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL -#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL -#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL -#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL -#define NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT 0x04000000UL -#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL -#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL -#define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL -#define NETLINK_IP6FW_SOCKET__CREATE 0x00000008UL -#define NETLINK_IP6FW_SOCKET__GETATTR 0x00000010UL -#define NETLINK_IP6FW_SOCKET__SETATTR 0x00000020UL -#define NETLINK_IP6FW_SOCKET__LOCK 0x00000040UL -#define NETLINK_IP6FW_SOCKET__RELABELFROM 0x00000080UL -#define NETLINK_IP6FW_SOCKET__RELABELTO 0x00000100UL -#define NETLINK_IP6FW_SOCKET__APPEND 0x00000200UL -#define NETLINK_IP6FW_SOCKET__BIND 0x00000400UL -#define NETLINK_IP6FW_SOCKET__CONNECT 0x00000800UL -#define NETLINK_IP6FW_SOCKET__LISTEN 0x00001000UL -#define NETLINK_IP6FW_SOCKET__ACCEPT 0x00002000UL -#define NETLINK_IP6FW_SOCKET__GETOPT 0x00004000UL -#define NETLINK_IP6FW_SOCKET__SETOPT 0x00008000UL -#define NETLINK_IP6FW_SOCKET__SHUTDOWN 0x00010000UL -#define NETLINK_IP6FW_SOCKET__RECVFROM 0x00020000UL -#define NETLINK_IP6FW_SOCKET__SENDTO 0x00040000UL -#define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL -#define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL -#define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL -#define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL -#define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL -#define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL -#define NETLINK_DNRT_SOCKET__READ 0x00000002UL -#define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL -#define NETLINK_DNRT_SOCKET__CREATE 0x00000008UL -#define NETLINK_DNRT_SOCKET__GETATTR 0x00000010UL -#define NETLINK_DNRT_SOCKET__SETATTR 0x00000020UL -#define NETLINK_DNRT_SOCKET__LOCK 0x00000040UL -#define NETLINK_DNRT_SOCKET__RELABELFROM 0x00000080UL -#define NETLINK_DNRT_SOCKET__RELABELTO 0x00000100UL -#define NETLINK_DNRT_SOCKET__APPEND 0x00000200UL -#define NETLINK_DNRT_SOCKET__BIND 0x00000400UL -#define NETLINK_DNRT_SOCKET__CONNECT 0x00000800UL -#define NETLINK_DNRT_SOCKET__LISTEN 0x00001000UL -#define NETLINK_DNRT_SOCKET__ACCEPT 0x00002000UL -#define NETLINK_DNRT_SOCKET__GETOPT 0x00004000UL -#define NETLINK_DNRT_SOCKET__SETOPT 0x00008000UL -#define NETLINK_DNRT_SOCKET__SHUTDOWN 0x00010000UL -#define NETLINK_DNRT_SOCKET__RECVFROM 0x00020000UL -#define NETLINK_DNRT_SOCKET__SENDTO 0x00040000UL -#define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL -#define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL -#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL -#define ASSOCIATION__SENDTO 0x00000001UL -#define ASSOCIATION__RECVFROM 0x00000002UL -#define ASSOCIATION__SETCONTEXT 0x00000004UL -#define ASSOCIATION__POLMATCH 0x00000008UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE 0x00000008UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR 0x00000010UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR 0x00000020UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK 0x00000040UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO 0x00000100UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND 0x00000200UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND 0x00000400UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT 0x00000800UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN 0x00001000UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT 0x00002000UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT 0x00004000UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT 0x00008000UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN 0x00010000UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM 0x00020000UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO 0x00040000UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL -#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL -#define APPLETALK_SOCKET__IOCTL 0x00000001UL -#define APPLETALK_SOCKET__READ 0x00000002UL -#define APPLETALK_SOCKET__WRITE 0x00000004UL -#define APPLETALK_SOCKET__CREATE 0x00000008UL -#define APPLETALK_SOCKET__GETATTR 0x00000010UL -#define APPLETALK_SOCKET__SETATTR 0x00000020UL -#define APPLETALK_SOCKET__LOCK 0x00000040UL -#define APPLETALK_SOCKET__RELABELFROM 0x00000080UL -#define APPLETALK_SOCKET__RELABELTO 0x00000100UL -#define APPLETALK_SOCKET__APPEND 0x00000200UL -#define APPLETALK_SOCKET__BIND 0x00000400UL -#define APPLETALK_SOCKET__CONNECT 0x00000800UL -#define APPLETALK_SOCKET__LISTEN 0x00001000UL -#define APPLETALK_SOCKET__ACCEPT 0x00002000UL -#define APPLETALK_SOCKET__GETOPT 0x00004000UL -#define APPLETALK_SOCKET__SETOPT 0x00008000UL -#define APPLETALK_SOCKET__SHUTDOWN 0x00010000UL -#define APPLETALK_SOCKET__RECVFROM 0x00020000UL -#define APPLETALK_SOCKET__SENDTO 0x00040000UL -#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL -#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL -#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL -#define PACKET__SEND 0x00000001UL -#define PACKET__RECV 0x00000002UL -#define PACKET__RELABELTO 0x00000004UL -#define PACKET__FLOW_IN 0x00000008UL -#define PACKET__FLOW_OUT 0x00000010UL -#define PACKET__FORWARD_IN 0x00000020UL -#define PACKET__FORWARD_OUT 0x00000040UL -#define KEY__VIEW 0x00000001UL -#define KEY__READ 0x00000002UL -#define KEY__WRITE 0x00000004UL -#define KEY__SEARCH 0x00000008UL -#define KEY__LINK 0x00000010UL -#define KEY__SETATTR 0x00000020UL -#define KEY__CREATE 0x00000040UL -#define DCCP_SOCKET__IOCTL 0x00000001UL -#define DCCP_SOCKET__READ 0x00000002UL -#define DCCP_SOCKET__WRITE 0x00000004UL -#define DCCP_SOCKET__CREATE 0x00000008UL -#define DCCP_SOCKET__GETATTR 0x00000010UL -#define DCCP_SOCKET__SETATTR 0x00000020UL -#define DCCP_SOCKET__LOCK 0x00000040UL -#define DCCP_SOCKET__RELABELFROM 0x00000080UL -#define DCCP_SOCKET__RELABELTO 0x00000100UL -#define DCCP_SOCKET__APPEND 0x00000200UL -#define DCCP_SOCKET__BIND 0x00000400UL -#define DCCP_SOCKET__CONNECT 0x00000800UL -#define DCCP_SOCKET__LISTEN 0x00001000UL -#define DCCP_SOCKET__ACCEPT 0x00002000UL -#define DCCP_SOCKET__GETOPT 0x00004000UL -#define DCCP_SOCKET__SETOPT 0x00008000UL -#define DCCP_SOCKET__SHUTDOWN 0x00010000UL -#define DCCP_SOCKET__RECVFROM 0x00020000UL -#define DCCP_SOCKET__SENDTO 0x00040000UL -#define DCCP_SOCKET__RECV_MSG 0x00080000UL -#define DCCP_SOCKET__SEND_MSG 0x00100000UL -#define DCCP_SOCKET__NAME_BIND 0x00200000UL -#define DCCP_SOCKET__NODE_BIND 0x00400000UL -#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL -#define MEMPROTECT__MMAP_ZERO 0x00000001UL -#define PEER__RECV 0x00000001UL -#define KERNEL_SERVICE__USE_AS_OVERRIDE 0x00000001UL -#define KERNEL_SERVICE__CREATE_FILES_AS 0x00000002UL diff --git a/security/selinux/include/avc_ss.h b/security/selinux/include/avc_ss.h index bb1ec80..4677aa5 100644 --- a/security/selinux/include/avc_ss.h +++ b/security/selinux/include/avc_ss.h @@ -10,26 +10,13 @@ int avc_ss_reset(u32 seqno); -struct av_perm_to_string { - u16 tclass; - u32 value; +/* Class/perm mapping support */ +struct security_class_mapping { const char *name; + const char *perms[sizeof(u32) * 8 + 1]; }; -struct av_inherit { - const char **common_pts; - u32 common_base; - u16 tclass; -}; - -struct selinux_class_perm { - const struct av_perm_to_string *av_perm_to_string; - u32 av_pts_len; - u32 cts_len; - const char **class_to_string; - const struct av_inherit *av_inherit; - u32 av_inherit_len; -}; +extern struct security_class_mapping secclass_map[]; #endif /* _SELINUX_AVC_SS_H_ */ diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h deleted file mode 100644 index 7ab9299..0000000 --- a/security/selinux/include/class_to_string.h +++ /dev/null @@ -1,80 +0,0 @@ -/* This file is automatically generated. Do not edit. */ -/* - * Security object class definitions - */ - S_(NULL) - S_("security") - S_("process") - S_("system") - S_("capability") - S_("filesystem") - S_("file") - S_("dir") - S_("fd") - S_("lnk_file") - S_("chr_file") - S_("blk_file") - S_("sock_file") - S_("fifo_file") - S_("socket") - S_("tcp_socket") - S_("udp_socket") - S_("rawip_socket") - S_("node") - S_("netif") - S_("netlink_socket") - S_("packet_socket") - S_("key_socket") - S_("unix_stream_socket") - S_("unix_dgram_socket") - S_("sem") - S_("msg") - S_("msgq") - S_("shm") - S_("ipc") - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_("netlink_route_socket") - S_("netlink_firewall_socket") - S_("netlink_tcpdiag_socket") - S_("netlink_nflog_socket") - S_("netlink_xfrm_socket") - S_("netlink_selinux_socket") - S_("netlink_audit_socket") - S_("netlink_ip6fw_socket") - S_("netlink_dnrt_socket") - S_(NULL) - S_(NULL) - S_("association") - S_("netlink_kobject_uevent_socket") - S_("appletalk_socket") - S_("packet") - S_("key") - S_(NULL) - S_("dccp_socket") - S_("memprotect") - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_("peer") - S_("capability2") - S_(NULL) - S_(NULL) - S_(NULL) - S_(NULL) - S_("kernel_service") - S_("tun_socket") diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h new file mode 100644 index 0000000..8b32e95 --- /dev/null +++ b/security/selinux/include/classmap.h @@ -0,0 +1,150 @@ +#define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \ + "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append" + +#define COMMON_FILE_PERMS COMMON_FILE_SOCK_PERMS, "unlink", "link", \ + "rename", "execute", "swapon", "quotaon", "mounton" + +#define COMMON_SOCK_PERMS COMMON_FILE_SOCK_PERMS, "bind", "connect", \ + "listen", "accept", "getopt", "setopt", "shutdown", "recvfrom", \ + "sendto", "recv_msg", "send_msg", "name_bind" + +#define COMMON_IPC_PERMS "create", "destroy", "getattr", "setattr", "read", \ + "write", "associate", "unix_read", "unix_write" + +struct security_class_mapping secclass_map[] = { + { "security", + { "compute_av", "compute_create", "compute_member", + "check_context", "load_policy", "compute_relabel", + "compute_user", "setenforce", "setbool", "setsecparam", + "setcheckreqprot", NULL } }, + { "process", + { "fork", "transition", "sigchld", "sigkill", + "sigstop", "signull", "signal", "ptrace", "getsched", "setsched", + "getsession", "getpgid", "setpgid", "getcap", "setcap", "share", + "getattr", "setexec", "setfscreate", "noatsecure", "siginh", + "setrlimit", "rlimitinh", "dyntransition", "setcurrent", + "execmem", "execstack", "execheap", "setkeycreate", + "setsockcreate", NULL } }, + { "system", + { "ipc_info", "syslog_read", "syslog_mod", + "syslog_console", "module_request", NULL } }, + { "capability", + { "chown", "dac_override", "dac_read_search", + "fowner", "fsetid", "kill", "setgid", "setuid", "setpcap", + "linux_immutable", "net_bind_service", "net_broadcast", + "net_admin", "net_raw", "ipc_lock", "ipc_owner", "sys_module", + "sys_rawio", "sys_chroot", "sys_ptrace", "sys_pacct", "sys_admin", + "sys_boot", "sys_nice", "sys_resource", "sys_time", + "sys_tty_config", "mknod", "lease", "audit_write", + "audit_control", "setfcap", NULL } }, + { "filesystem", + { "mount", "remount", "unmount", "getattr", + "relabelfrom", "relabelto", "transition", "associate", "quotamod", + "quotaget", NULL } }, + { "file", + { COMMON_FILE_PERMS, + "execute_no_trans", "entrypoint", "execmod", "open", NULL } }, + { "dir", + { COMMON_FILE_PERMS, "add_name", "remove_name", + "reparent", "search", "rmdir", "open", NULL } }, + { "fd", { "use", NULL } }, + { "lnk_file", + { COMMON_FILE_PERMS, NULL } }, + { "chr_file", + { COMMON_FILE_PERMS, + "execute_no_trans", "entrypoint", "execmod", "open", NULL } }, + { "blk_file", + { COMMON_FILE_PERMS, "open", NULL } }, + { "sock_file", + { COMMON_FILE_PERMS, "open", NULL } }, + { "fifo_file", + { COMMON_FILE_PERMS, "open", NULL } }, + { "socket", + { COMMON_SOCK_PERMS, NULL } }, + { "tcp_socket", + { COMMON_SOCK_PERMS, + "connectto", "newconn", "acceptfrom", "node_bind", "name_connect", + NULL } }, + { "udp_socket", + { COMMON_SOCK_PERMS, + "node_bind", NULL } }, + { "rawip_socket", + { COMMON_SOCK_PERMS, + "node_bind", NULL } }, + { "node", + { "tcp_recv", "tcp_send", "udp_recv", "udp_send", + "rawip_recv", "rawip_send", "enforce_dest", + "dccp_recv", "dccp_send", "recvfrom", "sendto", NULL } }, + { "netif", + { "tcp_recv", "tcp_send", "udp_recv", "udp_send", + "rawip_recv", "rawip_send", "dccp_recv", "dccp_send", + "ingress", "egress", NULL } }, + { "netlink_socket", + { COMMON_SOCK_PERMS, NULL } }, + { "packet_socket", + { COMMON_SOCK_PERMS, NULL } }, + { "key_socket", + { COMMON_SOCK_PERMS, NULL } }, + { "unix_stream_socket", + { COMMON_SOCK_PERMS, "connectto", "newconn", "acceptfrom", NULL + } }, + { "unix_dgram_socket", + { COMMON_SOCK_PERMS, NULL + } }, + { "sem", + { COMMON_IPC_PERMS, NULL } }, + { "msg", { "send", "receive", NULL } }, + { "msgq", + { COMMON_IPC_PERMS, "enqueue", NULL } }, + { "shm", + { COMMON_IPC_PERMS, "lock", NULL } }, + { "ipc", + { COMMON_IPC_PERMS, NULL } }, + { "netlink_route_socket", + { COMMON_SOCK_PERMS, + "nlmsg_read", "nlmsg_write", NULL } }, + { "netlink_firewall_socket", + { COMMON_SOCK_PERMS, + "nlmsg_read", "nlmsg_write", NULL } }, + { "netlink_tcpdiag_socket", + { COMMON_SOCK_PERMS, + "nlmsg_read", "nlmsg_write", NULL } }, + { "netlink_nflog_socket", + { COMMON_SOCK_PERMS, NULL } }, + { "netlink_xfrm_socket", + { COMMON_SOCK_PERMS, + "nlmsg_read", "nlmsg_write", NULL } }, + { "netlink_selinux_socket", + { COMMON_SOCK_PERMS, NULL } }, + { "netlink_audit_socket", + { COMMON_SOCK_PERMS, + "nlmsg_read", "nlmsg_write", "nlmsg_relay", "nlmsg_readpriv", + "nlmsg_tty_audit", NULL } }, + { "netlink_ip6fw_socket", + { COMMON_SOCK_PERMS, + "nlmsg_read", "nlmsg_write", NULL } }, + { "netlink_dnrt_socket", + { COMMON_SOCK_PERMS, NULL } }, + { "association", + { "sendto", "recvfrom", "setcontext", "polmatch", NULL } }, + { "netlink_kobject_uevent_socket", + { COMMON_SOCK_PERMS, NULL } }, + { "appletalk_socket", + { COMMON_SOCK_PERMS, NULL } }, + { "packet", + { "send", "recv", "relabelto", "flow_in", "flow_out", + "forward_in", "forward_out", NULL } }, + { "key", + { "view", "read", "write", "search", "link", "setattr", "create", + NULL } }, + { "dccp_socket", + { COMMON_SOCK_PERMS, + "node_bind", "name_connect", NULL } }, + { "memprotect", { "mmap_zero", NULL } }, + { "peer", { "recv", NULL } }, + { "capability2", { "mac_override", "mac_admin", NULL } }, + { "kernel_service", { "use_as_override", "create_files_as", NULL } }, + { "tun_socket", + { COMMON_SOCK_PERMS, NULL } }, + { NULL } + }; diff --git a/security/selinux/include/common_perm_to_string.h b/security/selinux/include/common_perm_to_string.h deleted file mode 100644 index ce5b6e2f..0000000 --- a/security/selinux/include/common_perm_to_string.h +++ /dev/null @@ -1,58 +0,0 @@ -/* This file is automatically generated. Do not edit. */ -TB_(common_file_perm_to_string) - S_("ioctl") - S_("read") - S_("write") - S_("create") - S_("getattr") - S_("setattr") - S_("lock") - S_("relabelfrom") - S_("relabelto") - S_("append") - S_("unlink") - S_("link") - S_("rename") - S_("execute") - S_("swapon") - S_("quotaon") - S_("mounton") -TE_(common_file_perm_to_string) - -TB_(common_socket_perm_to_string) - S_("ioctl") - S_("read") - S_("write") - S_("create") - S_("getattr") - S_("setattr") - S_("lock") - S_("relabelfrom") - S_("relabelto") - S_("append") - S_("bind") - S_("connect") - S_("listen") - S_("accept") - S_("getopt") - S_("setopt") - S_("shutdown") - S_("recvfrom") - S_("sendto") - S_("recv_msg") - S_("send_msg") - S_("name_bind") -TE_(common_socket_perm_to_string) - -TB_(common_ipc_perm_to_string) - S_("create") - S_("destroy") - S_("getattr") - S_("setattr") - S_("read") - S_("write") - S_("associate") - S_("unix_read") - S_("unix_write") -TE_(common_ipc_perm_to_string) - diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h deleted file mode 100644 index f248500..0000000 --- a/security/selinux/include/flask.h +++ /dev/null @@ -1,91 +0,0 @@ -/* This file is automatically generated. Do not edit. */ -#ifndef _SELINUX_FLASK_H_ -#define _SELINUX_FLASK_H_ - -/* - * Security object class definitions - */ -#define SECCLASS_SECURITY 1 -#define SECCLASS_PROCESS 2 -#define SECCLASS_SYSTEM 3 -#define SECCLASS_CAPABILITY 4 -#define SECCLASS_FILESYSTEM 5 -#define SECCLASS_FILE 6 -#define SECCLASS_DIR 7 -#define SECCLASS_FD 8 -#define SECCLASS_LNK_FILE 9 -#define SECCLASS_CHR_FILE 10 -#define SECCLASS_BLK_FILE 11 -#define SECCLASS_SOCK_FILE 12 -#define SECCLASS_FIFO_FILE 13 -#define SECCLASS_SOCKET 14 -#define SECCLASS_TCP_SOCKET 15 -#define SECCLASS_UDP_SOCKET 16 -#define SECCLASS_RAWIP_SOCKET 17 -#define SECCLASS_NODE 18 -#define SECCLASS_NETIF 19 -#define SECCLASS_NETLINK_SOCKET 20 -#define SECCLASS_PACKET_SOCKET 21 -#define SECCLASS_KEY_SOCKET 22 -#define SECCLASS_UNIX_STREAM_SOCKET 23 -#define SECCLASS_UNIX_DGRAM_SOCKET 24 -#define SECCLASS_SEM 25 -#define SECCLASS_MSG 26 -#define SECCLASS_MSGQ 27 -#define SECCLASS_SHM 28 -#define SECCLASS_IPC 29 -#define SECCLASS_NETLINK_ROUTE_SOCKET 43 -#define SECCLASS_NETLINK_FIREWALL_SOCKET 44 -#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45 -#define SECCLASS_NETLINK_NFLOG_SOCKET 46 -#define SECCLASS_NETLINK_XFRM_SOCKET 47 -#define SECCLASS_NETLINK_SELINUX_SOCKET 48 -#define SECCLASS_NETLINK_AUDIT_SOCKET 49 -#define SECCLASS_NETLINK_IP6FW_SOCKET 50 -#define SECCLASS_NETLINK_DNRT_SOCKET 51 -#define SECCLASS_ASSOCIATION 54 -#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55 -#define SECCLASS_APPLETALK_SOCKET 56 -#define SECCLASS_PACKET 57 -#define SECCLASS_KEY 58 -#define SECCLASS_DCCP_SOCKET 60 -#define SECCLASS_MEMPROTECT 61 -#define SECCLASS_PEER 68 -#define SECCLASS_CAPABILITY2 69 -#define SECCLASS_KERNEL_SERVICE 74 -#define SECCLASS_TUN_SOCKET 75 - -/* - * Security identifier indices for initial entities - */ -#define SECINITSID_KERNEL 1 -#define SECINITSID_SECURITY 2 -#define SECINITSID_UNLABELED 3 -#define SECINITSID_FS 4 -#define SECINITSID_FILE 5 -#define SECINITSID_FILE_LABELS 6 -#define SECINITSID_INIT 7 -#define SECINITSID_ANY_SOCKET 8 -#define SECINITSID_PORT 9 -#define SECINITSID_NETIF 10 -#define SECINITSID_NETMSG 11 -#define SECINITSID_NODE 12 -#define SECINITSID_IGMP_PACKET 13 -#define SECINITSID_ICMP_SOCKET 14 -#define SECINITSID_TCP_SOCKET 15 -#define SECINITSID_SYSCTL_MODPROBE 16 -#define SECINITSID_SYSCTL 17 -#define SECINITSID_SYSCTL_FS 18 -#define SECINITSID_SYSCTL_KERNEL 19 -#define SECINITSID_SYSCTL_NET 20 -#define SECINITSID_SYSCTL_NET_UNIX 21 -#define SECINITSID_SYSCTL_VM 22 -#define SECINITSID_SYSCTL_DEV 23 -#define SECINITSID_KMOD 24 -#define SECINITSID_POLICY 25 -#define SECINITSID_SCMP_PACKET 26 -#define SECINITSID_DEVNULL 27 - -#define SECINITSID_NUM 27 - -#endif diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index ca83579..2553266 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -97,11 +97,18 @@ struct av_decision { #define AVD_FLAGS_PERMISSIVE 0x0001 int security_compute_av(u32 ssid, u32 tsid, - u16 tclass, u32 requested, - struct av_decision *avd); + u16 tclass, u32 requested, + struct av_decision *avd); + +int security_compute_av_user(u32 ssid, u32 tsid, + u16 tclass, u32 requested, + struct av_decision *avd); int security_transition_sid(u32 ssid, u32 tsid, - u16 tclass, u32 *out_sid); + u16 tclass, u32 *out_sid); + +int security_transition_sid_user(u32 ssid, u32 tsid, + u16 tclass, u32 *out_sid); int security_member_sid(u32 ssid, u32 tsid, u16 tclass, u32 *out_sid); |