From a630b4a15ed58f62018597182e91a328ba282037 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Nov 15 2007 20:57:20 +0000 Subject: - Update avc definitions from policy --- diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 1527b33..83fbd79 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,6 +1,774 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.35/src/matchpathcon.c +diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permissions.h libselinux-2.0.42/include/selinux/av_permissions.h +--- nsalibselinux/include/selinux/av_permissions.h 2007-08-03 16:02:55.000000000 -0400 ++++ libselinux-2.0.42/include/selinux/av_permissions.h 2007-11-15 14:56:59.000000000 -0500 +@@ -47,6 +47,12 @@ + #define COMMON_IPC__ASSOCIATE 0x00000040UL + #define COMMON_IPC__UNIX_READ 0x00000080UL + #define COMMON_IPC__UNIX_WRITE 0x00000100UL ++#define COMMON_DATABASE__CREATE 0x00000001UL ++#define COMMON_DATABASE__DROP 0x00000002UL ++#define COMMON_DATABASE__GETATTR 0x00000004UL ++#define COMMON_DATABASE__SETATTR 0x00000008UL ++#define COMMON_DATABASE__RELABELFROM 0x00000010UL ++#define COMMON_DATABASE__RELABELTO 0x00000020UL + #define FILESYSTEM__MOUNT 0x00000001UL + #define FILESYSTEM__REMOUNT 0x00000002UL + #define FILESYSTEM__UNMOUNT 0x00000004UL +@@ -928,3 +936,61 @@ + #define DCCP_SOCKET__NODE_BIND 0x00400000UL + #define DCCP_SOCKET__NAME_CONNECT 0x00800000UL + #define MEMPROTECT__MMAP_ZERO 0x00000001UL ++#define DB_DATABASE__CREATE 0x00000001UL ++#define DB_DATABASE__DROP 0x00000002UL ++#define DB_DATABASE__GETATTR 0x00000004UL ++#define DB_DATABASE__SETATTR 0x00000008UL ++#define DB_DATABASE__RELABELFROM 0x00000010UL ++#define DB_DATABASE__RELABELTO 0x00000020UL ++#define DB_DATABASE__ACCESS 0x00000040UL ++#define DB_DATABASE__INSTALL_MODULE 0x00000080UL ++#define DB_DATABASE__LOAD_MODULE 0x00000100UL ++#define DB_DATABASE__GET_PARAM 0x00000200UL ++#define DB_DATABASE__SET_PARAM 0x00000400UL ++#define DB_TABLE__CREATE 0x00000001UL ++#define DB_TABLE__DROP 0x00000002UL ++#define DB_TABLE__GETATTR 0x00000004UL ++#define DB_TABLE__SETATTR 0x00000008UL ++#define DB_TABLE__RELABELFROM 0x00000010UL ++#define DB_TABLE__RELABELTO 0x00000020UL ++#define DB_TABLE__USE 0x00000040UL ++#define DB_TABLE__SELECT 0x00000080UL ++#define DB_TABLE__UPDATE 0x00000100UL ++#define DB_TABLE__INSERT 0x00000200UL ++#define DB_TABLE__DELETE 0x00000400UL ++#define DB_TABLE__LOCK 0x00000800UL ++#define DB_PROCEDURE__CREATE 0x00000001UL ++#define DB_PROCEDURE__DROP 0x00000002UL ++#define DB_PROCEDURE__GETATTR 0x00000004UL ++#define DB_PROCEDURE__SETATTR 0x00000008UL ++#define DB_PROCEDURE__RELABELFROM 0x00000010UL ++#define DB_PROCEDURE__RELABELTO 0x00000020UL ++#define DB_PROCEDURE__EXECUTE 0x00000040UL ++#define DB_PROCEDURE__ENTRYPOINT 0x00000080UL ++#define DB_COLUMN__CREATE 0x00000001UL ++#define DB_COLUMN__DROP 0x00000002UL ++#define DB_COLUMN__GETATTR 0x00000004UL ++#define DB_COLUMN__SETATTR 0x00000008UL ++#define DB_COLUMN__RELABELFROM 0x00000010UL ++#define DB_COLUMN__RELABELTO 0x00000020UL ++#define DB_COLUMN__USE 0x00000040UL ++#define DB_COLUMN__SELECT 0x00000080UL ++#define DB_COLUMN__UPDATE 0x00000100UL ++#define DB_COLUMN__INSERT 0x00000200UL ++#define DB_TUPLE__RELABELFROM 0x00000001UL ++#define DB_TUPLE__RELABELTO 0x00000002UL ++#define DB_TUPLE__USE 0x00000004UL ++#define DB_TUPLE__SELECT 0x00000008UL ++#define DB_TUPLE__UPDATE 0x00000010UL ++#define DB_TUPLE__INSERT 0x00000020UL ++#define DB_TUPLE__DELETE 0x00000040UL ++#define DB_BLOB__CREATE 0x00000001UL ++#define DB_BLOB__DROP 0x00000002UL ++#define DB_BLOB__GETATTR 0x00000004UL ++#define DB_BLOB__SETATTR 0x00000008UL ++#define DB_BLOB__RELABELFROM 0x00000010UL ++#define DB_BLOB__RELABELTO 0x00000020UL ++#define DB_BLOB__READ 0x00000040UL ++#define DB_BLOB__WRITE 0x00000080UL ++#define DB_BLOB__IMPORT 0x00000100UL ++#define DB_BLOB__EXPORT 0x00000200UL +diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/flask.h libselinux-2.0.42/include/selinux/flask.h +--- nsalibselinux/include/selinux/flask.h 2007-08-03 16:02:55.000000000 -0400 ++++ libselinux-2.0.42/include/selinux/flask.h 2007-11-15 14:57:01.000000000 -0500 +@@ -66,6 +66,12 @@ + #define SECCLASS_CONTEXT 59 + #define SECCLASS_DCCP_SOCKET 60 + #define SECCLASS_MEMPROTECT 61 ++#define SECCLASS_DB_DATABASE 62 ++#define SECCLASS_DB_TABLE 63 ++#define SECCLASS_DB_PROCEDURE 64 ++#define SECCLASS_DB_COLUMN 65 ++#define SECCLASS_DB_TUPLE 66 ++#define SECCLASS_DB_BLOB 67 + + /* + * Security identifier indices for initial entities +diff --exclude-from=exclude -N -u -r nsalibselinux/src/av_inherit.h libselinux-2.0.42/src/av_inherit.h +--- nsalibselinux/src/av_inherit.h 2007-07-16 14:20:46.000000000 -0400 ++++ libselinux-2.0.42/src/av_inherit.h 2007-11-15 14:56:59.000000000 -0500 +@@ -1,32 +1,38 @@ + /* This file is automatically generated. Do not edit. */ +-S_(SECCLASS_DIR, file, 0x00020000UL) +- S_(SECCLASS_FILE, file, 0x00020000UL) +- S_(SECCLASS_LNK_FILE, file, 0x00020000UL) +- S_(SECCLASS_CHR_FILE, file, 0x00020000UL) +- S_(SECCLASS_BLK_FILE, file, 0x00020000UL) +- S_(SECCLASS_SOCK_FILE, file, 0x00020000UL) +- S_(SECCLASS_FIFO_FILE, file, 0x00020000UL) +- S_(SECCLASS_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_IPC, ipc, 0x00000200UL) +- S_(SECCLASS_SEM, ipc, 0x00000200UL) +- S_(SECCLASS_MSGQ, ipc, 0x00000200UL) +- S_(SECCLASS_SHM, ipc, 0x00000200UL) +- S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL) +- S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_DIR, file, 0x00020000UL) ++ S_(SECCLASS_FILE, file, 0x00020000UL) ++ S_(SECCLASS_LNK_FILE, file, 0x00020000UL) ++ S_(SECCLASS_CHR_FILE, file, 0x00020000UL) ++ S_(SECCLASS_BLK_FILE, file, 0x00020000UL) ++ S_(SECCLASS_SOCK_FILE, file, 0x00020000UL) ++ S_(SECCLASS_FIFO_FILE, file, 0x00020000UL) ++ S_(SECCLASS_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_IPC, ipc, 0x00000200UL) ++ S_(SECCLASS_SEM, ipc, 0x00000200UL) ++ S_(SECCLASS_MSGQ, ipc, 0x00000200UL) ++ S_(SECCLASS_SHM, ipc, 0x00000200UL) ++ S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_DCCP_SOCKET, socket, 0x00400000UL) ++ S_(SECCLASS_DB_DATABASE, database, 0x00000040UL) ++ S_(SECCLASS_DB_TABLE, database, 0x00000040UL) ++ S_(SECCLASS_DB_PROCEDURE, database, 0x00000040UL) ++ S_(SECCLASS_DB_COLUMN, database, 0x00000040UL) ++ S_(SECCLASS_DB_BLOB, database, 0x00000040UL) +diff --exclude-from=exclude -N -u -r nsalibselinux/src/av_perm_to_string.h libselinux-2.0.42/src/av_perm_to_string.h +--- nsalibselinux/src/av_perm_to_string.h 2007-07-16 14:20:46.000000000 -0400 ++++ libselinux-2.0.42/src/av_perm_to_string.h 2007-11-15 14:57:00.000000000 -0500 +@@ -1,269 +1,295 @@ + /* This file is automatically generated. Do not edit. */ +-S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount") +- S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount") +- S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount") +- S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr") +- S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom") +- S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto") +- S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition") +- S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate") +- S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod") +- S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget") +- S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name") +- S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name") +- S_(SECCLASS_DIR, DIR__REPARENT, "reparent") +- S_(SECCLASS_DIR, DIR__SEARCH, "search") +- S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") +- S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") +- S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") +- S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") +- S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans") +- S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint") +- S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod") +- S_(SECCLASS_FD, FD__USE, "use") +- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") +- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") +- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom") +- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind") +- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect") +- S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind") +- S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind") +- S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv") +- S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send") +- S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv") +- S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send") +- S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv") +- S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send") +- S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") +- S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") +- S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") +- S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") +- S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send") +- S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv") +- S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") +- S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") +- S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") +- S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") +- S_(SECCLASS_PROCESS, PROCESS__FORK, "fork") +- S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition") +- S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld") +- S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill") +- S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop") +- S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull") +- S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal") +- S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace") +- S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched") +- S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched") +- S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession") +- S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid") +- S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid") +- S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap") +- S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap") +- S_(SECCLASS_PROCESS, PROCESS__SHARE, "share") +- S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr") +- S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec") +- S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate") +- S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure") +- S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") +- S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") +- S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") +- S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") +- S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") +- S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") +- S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") +- S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") +- S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate") +- S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate") +- S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") +- S_(SECCLASS_MSG, MSG__SEND, "send") +- S_(SECCLASS_MSG, MSG__RECEIVE, "receive") +- S_(SECCLASS_SHM, SHM__LOCK, "lock") +- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") +- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") +- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") +- S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") +- S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") +- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") +- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") +- S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") +- S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") +- S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam") +- S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot") +- S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info") +- S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") +- S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") +- S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") +- S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") +- S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override") +- S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") +- S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner") +- S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid") +- S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap") +- S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable") +- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service") +- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast") +- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin") +- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw") +- S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock") +- S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time") +- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config") +- S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod") +- S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") +- S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") +- S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") +- S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd") +- S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn") +- S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh") +- S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok") +- S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab") +- S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create") +- S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy") +- S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw") +- S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy") +- S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr") +- S_(SECCLASS_GC, GC__CREATE, "create") +- S_(SECCLASS_GC, GC__FREE, "free") +- S_(SECCLASS_GC, GC__GETATTR, "getattr") +- S_(SECCLASS_GC, GC__SETATTR, "setattr") +- S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild") +- S_(SECCLASS_WINDOW, WINDOW__CREATE, "create") +- S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy") +- S_(SECCLASS_WINDOW, WINDOW__MAP, "map") +- S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap") +- S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack") +- S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist") +- S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop") +- S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop") +- S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr") +- S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr") +- S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus") +- S_(SECCLASS_WINDOW, WINDOW__MOVE, "move") +- S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection") +- S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent") +- S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife") +- S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate") +- S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent") +- S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion") +- S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent") +- S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent") +- S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent") +- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent") +- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest") +- S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent") +- S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent") +- S_(SECCLASS_FONT, FONT__LOAD, "load") +- S_(SECCLASS_FONT, FONT__FREE, "free") +- S_(SECCLASS_FONT, FONT__GETATTR, "getattr") +- S_(SECCLASS_FONT, FONT__USE, "use") +- S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create") +- S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free") +- S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install") +- S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall") +- S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list") +- S_(SECCLASS_COLORMAP, COLORMAP__READ, "read") +- S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store") +- S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr") +- S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr") +- S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create") +- S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free") +- S_(SECCLASS_PROPERTY, PROPERTY__READ, "read") +- S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write") +- S_(SECCLASS_CURSOR, CURSOR__CREATE, "create") +- S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph") +- S_(SECCLASS_CURSOR, CURSOR__FREE, "free") +- S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign") +- S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr") +- S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill") +- S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup") +- S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr") +- S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr") +- S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus") +- S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer") +- S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab") +- S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab") +- S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab") +- S_(SECCLASS_XINPUT, XINPUT__BELL, "bell") +- S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion") +- S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput") +- S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver") +- S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist") +- S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist") +- S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath") +- S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath") +- S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr") +- S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab") +- S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab") +- S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query") +- S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use") +- S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec") +- S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp") +- S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect") +- S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap") +- S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec") +- S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec") +- S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, +- "nlmsg_read") +- S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, +- "nlmsg_write") +- S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, +- "nlmsg_read") +- S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, +- "nlmsg_write") +- S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, +- "nlmsg_read") +- S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, +- "nlmsg_write") +- S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read") +- S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, +- "nlmsg_write") +- S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, +- "nlmsg_read") +- S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, +- "nlmsg_write") +- S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, +- "nlmsg_relay") +- S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, +- "nlmsg_readpriv") +- S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, +- "nlmsg_read") +- S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, +- "nlmsg_write") +- S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc") +- S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg") +- S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd") +- S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp") +- S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost") +- S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat") +- S_(SECCLASS_NSCD, NSCD__ADMIN, "admin") +- S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd") +- S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp") +- S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") +- S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") +- S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") +- S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext") +- S_(SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, "polmatch") +- S_(SECCLASS_PACKET, PACKET__SEND, "send") +- S_(SECCLASS_PACKET, PACKET__RECV, "recv") +- S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto") +- S_(SECCLASS_KEY, KEY__VIEW, "view") +- S_(SECCLASS_KEY, KEY__READ, "read") +- S_(SECCLASS_KEY, KEY__WRITE, "write") +- S_(SECCLASS_KEY, KEY__SEARCH, "search") +- S_(SECCLASS_KEY, KEY__LINK, "link") +- S_(SECCLASS_KEY, KEY__SETATTR, "setattr") +- S_(SECCLASS_KEY, KEY__CREATE, "create") +- S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate") +- S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains") ++ S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount") ++ S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount") ++ S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount") ++ S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr") ++ S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom") ++ S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto") ++ S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition") ++ S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate") ++ S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod") ++ S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget") ++ S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name") ++ S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name") ++ S_(SECCLASS_DIR, DIR__REPARENT, "reparent") ++ S_(SECCLASS_DIR, DIR__SEARCH, "search") ++ S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") ++ S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") ++ S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") ++ S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") ++ S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans") ++ S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint") ++ S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod") ++ S_(SECCLASS_FD, FD__USE, "use") ++ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") ++ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") ++ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom") ++ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind") ++ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect") ++ S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind") ++ S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind") ++ S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv") ++ S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send") ++ S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv") ++ S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send") ++ S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv") ++ S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send") ++ S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") ++ S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv") ++ S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send") ++ S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") ++ S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") ++ S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") ++ S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send") ++ S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv") ++ S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") ++ S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv") ++ S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send") ++ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") ++ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") ++ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") ++ S_(SECCLASS_PROCESS, PROCESS__FORK, "fork") ++ S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition") ++ S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld") ++ S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill") ++ S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop") ++ S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull") ++ S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal") ++ S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace") ++ S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched") ++ S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched") ++ S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession") ++ S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid") ++ S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid") ++ S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap") ++ S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap") ++ S_(SECCLASS_PROCESS, PROCESS__SHARE, "share") ++ S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr") ++ S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec") ++ S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate") ++ S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure") ++ S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") ++ S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") ++ S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") ++ S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") ++ S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") ++ S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") ++ S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") ++ S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") ++ S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate") ++ S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate") ++ S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") ++ S_(SECCLASS_MSG, MSG__SEND, "send") ++ S_(SECCLASS_MSG, MSG__RECEIVE, "receive") ++ S_(SECCLASS_SHM, SHM__LOCK, "lock") ++ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") ++ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") ++ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") ++ S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") ++ S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") ++ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") ++ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") ++ S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") ++ S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") ++ S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam") ++ S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot") ++ S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info") ++ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") ++ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") ++ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") ++ S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") ++ S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd") ++ S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn") ++ S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh") ++ S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok") ++ S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab") ++ S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create") ++ S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy") ++ S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw") ++ S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy") ++ S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr") ++ S_(SECCLASS_GC, GC__CREATE, "create") ++ S_(SECCLASS_GC, GC__FREE, "free") ++ S_(SECCLASS_GC, GC__GETATTR, "getattr") ++ S_(SECCLASS_GC, GC__SETATTR, "setattr") ++ S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild") ++ S_(SECCLASS_WINDOW, WINDOW__CREATE, "create") ++ S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy") ++ S_(SECCLASS_WINDOW, WINDOW__MAP, "map") ++ S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap") ++ S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack") ++ S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist") ++ S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop") ++ S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop") ++ S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr") ++ S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr") ++ S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus") ++ S_(SECCLASS_WINDOW, WINDOW__MOVE, "move") ++ S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection") ++ S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent") ++ S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife") ++ S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate") ++ S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent") ++ S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion") ++ S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent") ++ S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent") ++ S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent") ++ S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent") ++ S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest") ++ S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent") ++ S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent") ++ S_(SECCLASS_FONT, FONT__LOAD, "load") ++ S_(SECCLASS_FONT, FONT__FREE, "free") ++ S_(SECCLASS_FONT, FONT__GETATTR, "getattr") ++ S_(SECCLASS_FONT, FONT__USE, "use") ++ S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create") ++ S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free") ++ S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install") ++ S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall") ++ S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list") ++ S_(SECCLASS_COLORMAP, COLORMAP__READ, "read") ++ S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store") ++ S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr") ++ S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr") ++ S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create") ++ S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free") ++ S_(SECCLASS_PROPERTY, PROPERTY__READ, "read") ++ S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write") ++ S_(SECCLASS_CURSOR, CURSOR__CREATE, "create") ++ S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph") ++ S_(SECCLASS_CURSOR, CURSOR__FREE, "free") ++ S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign") ++ S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr") ++ S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill") ++ S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup") ++ S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr") ++ S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr") ++ S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus") ++ S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer") ++ S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab") ++ S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab") ++ S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab") ++ S_(SECCLASS_XINPUT, XINPUT__BELL, "bell") ++ S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion") ++ S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput") ++ S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver") ++ S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist") ++ S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist") ++ S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath") ++ S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath") ++ S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr") ++ S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab") ++ S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab") ++ S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query") ++ S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use") ++ S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec") ++ S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp") ++ S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect") ++ S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap") ++ S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec") ++ S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec") ++ S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") ++ S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") ++ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") ++ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write") ++ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read") ++ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write") ++ S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read") ++ S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write") ++ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read") ++ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write") ++ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay") ++ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv") ++ S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read") ++ S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write") ++ S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc") ++ S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg") ++ S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd") ++ S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp") ++ S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost") ++ S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat") ++ S_(SECCLASS_NSCD, NSCD__ADMIN, "admin") ++ S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd") ++ S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp") ++ S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") ++ S_(SECCLASS_NSCD, NSCD__GETSERV, "getserv") ++ S_(SECCLASS_NSCD, NSCD__SHMEMSERV, "shmemserv") ++ S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") ++ S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") ++ S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext") ++ S_(SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, "polmatch") ++ S_(SECCLASS_PACKET, PACKET__SEND, "send") ++ S_(SECCLASS_PACKET, PACKET__RECV, "recv") ++ S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto") ++ S_(SECCLASS_PACKET, PACKET__FLOW_IN, "flow_in") ++ S_(SECCLASS_PACKET, PACKET__FLOW_OUT, "flow_out") ++ S_(SECCLASS_KEY, KEY__VIEW, "view") ++ S_(SECCLASS_KEY, KEY__READ, "read") ++ S_(SECCLASS_KEY, KEY__WRITE, "write") ++ S_(SECCLASS_KEY, KEY__SEARCH, "search") ++ S_(SECCLASS_KEY, KEY__LINK, "link") ++ S_(SECCLASS_KEY, KEY__SETATTR, "setattr") ++ S_(SECCLASS_KEY, KEY__CREATE, "create") ++ S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate") ++ S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains") ++ S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind") ++ S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") ++ S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") ++ S_(SECCLASS_DB_DATABASE, DB_DATABASE__ACCESS, "access") ++ S_(SECCLASS_DB_DATABASE, DB_DATABASE__INSTALL_MODULE, "install_module") ++ S_(SECCLASS_DB_DATABASE, DB_DATABASE__LOAD_MODULE, "load_module") ++ S_(SECCLASS_DB_DATABASE, DB_DATABASE__GET_PARAM, "get_param") ++ S_(SECCLASS_DB_DATABASE, DB_DATABASE__SET_PARAM, "set_param") ++ S_(SECCLASS_DB_TABLE, DB_TABLE__USE, "use") ++ S_(SECCLASS_DB_TABLE, DB_TABLE__SELECT, "select") ++ S_(SECCLASS_DB_TABLE, DB_TABLE__UPDATE, "update") ++ S_(SECCLASS_DB_TABLE, DB_TABLE__INSERT, "insert") ++ S_(SECCLASS_DB_TABLE, DB_TABLE__DELETE, "delete") ++ S_(SECCLASS_DB_TABLE, DB_TABLE__LOCK, "lock") ++ S_(SECCLASS_DB_PROCEDURE, DB_PROCEDURE__EXECUTE, "execute") ++ S_(SECCLASS_DB_PROCEDURE, DB_PROCEDURE__ENTRYPOINT, "entrypoint") ++ S_(SECCLASS_DB_COLUMN, DB_COLUMN__USE, "use") ++ S_(SECCLASS_DB_COLUMN, DB_COLUMN__SELECT, "select") ++ S_(SECCLASS_DB_COLUMN, DB_COLUMN__UPDATE, "update") ++ S_(SECCLASS_DB_COLUMN, DB_COLUMN__INSERT, "insert") ++ S_(SECCLASS_DB_TUPLE, DB_TUPLE__RELABELFROM, "relabelfrom") ++ S_(SECCLASS_DB_TUPLE, DB_TUPLE__RELABELTO, "relabelto") ++ S_(SECCLASS_DB_TUPLE, DB_TUPLE__USE, "use") ++ S_(SECCLASS_DB_TUPLE, DB_TUPLE__SELECT, "select") ++ S_(SECCLASS_DB_TUPLE, DB_TUPLE__UPDATE, "update") ++ S_(SECCLASS_DB_TUPLE, DB_TUPLE__INSERT, "insert") ++ S_(SECCLASS_DB_TUPLE, DB_TUPLE__DELETE, "delete") ++ S_(SECCLASS_DB_BLOB, DB_BLOB__READ, "read") ++ S_(SECCLASS_DB_BLOB, DB_BLOB__WRITE, "write") ++ S_(SECCLASS_DB_BLOB, DB_BLOB__IMPORT, "import") ++ S_(SECCLASS_DB_BLOB, DB_BLOB__EXPORT, "export") +diff --exclude-from=exclude -N -u -r nsalibselinux/src/class_to_string.h libselinux-2.0.42/src/class_to_string.h +--- nsalibselinux/src/class_to_string.h 2007-07-16 14:20:46.000000000 -0400 ++++ libselinux-2.0.42/src/class_to_string.h 2007-11-15 14:57:00.000000000 -0500 +@@ -62,3 +62,11 @@ + S_("packet") + S_("key") + S_("context") ++ S_("dccp_socket") ++ S_("memprotect") ++ S_("db_database") ++ S_("db_table") ++ S_("db_procedure") ++ S_("db_column") ++ S_("db_tuple") ++ S_("db_blob") +diff --exclude-from=exclude -N -u -r nsalibselinux/src/common_perm_to_string.h libselinux-2.0.42/src/common_perm_to_string.h +--- nsalibselinux/src/common_perm_to_string.h 2007-07-16 14:20:46.000000000 -0400 ++++ libselinux-2.0.42/src/common_perm_to_string.h 2007-11-15 14:57:01.000000000 -0500 +@@ -54,4 +54,14 @@ + S_("associate") + S_("unix_read") + S_("unix_write") +- TE_(common_ipc_perm_to_string) ++TE_(common_ipc_perm_to_string) ++ ++TB_(common_database_perm_to_string) ++ S_("create") ++ S_("drop") ++ S_("getattr") ++ S_("setattr") ++ S_("relabelfrom") ++ S_("relabelto") ++TE_(common_database_perm_to_string) ++ +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.42/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2007-09-28 09:48:58.000000000 -0400 -+++ libselinux-2.0.35/src/matchpathcon.c 2007-09-27 13:54:33.000000000 -0400 ++++ libselinux-2.0.42/src/matchpathcon.c 2007-11-15 14:56:45.000000000 -0500 @@ -2,6 +2,7 @@ #include #include @@ -18,10 +786,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux va_end(ap); } - %module selinux -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.35/utils/matchpathcon.c +diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.42/utils/matchpathcon.c --- nsalibselinux/utils/matchpathcon.c 2007-07-16 14:20:45.000000000 -0400 -+++ libselinux-2.0.35/utils/matchpathcon.c 2007-09-27 13:54:33.000000000 -0400 ++++ libselinux-2.0.42/utils/matchpathcon.c 2007-11-15 14:56:45.000000000 -0500 @@ -17,10 +17,24 @@ exit(1); } diff --git a/libselinux.spec b/libselinux.spec index 705d45e..8d881e4 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -2,7 +2,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.0.37 -Release: 2%{?dist} +Release: 3%{?dist} License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -123,6 +123,9 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog +* Thu Nov 15 2007 Dan Walsh - 2.0.37-3 +- Update avc definitions from policy + * Thu Nov 15 2007 Dan Walsh - 2.0.37-2 - Move libselinux.so back into devel package, procps fixed