diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 83fbd79..0192213 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,774 +1,18 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permissions.h libselinux-2.0.42/include/selinux/av_permissions.h ---- nsalibselinux/include/selinux/av_permissions.h 2007-08-03 16:02:55.000000000 -0400 -+++ libselinux-2.0.42/include/selinux/av_permissions.h 2007-11-15 14:56:59.000000000 -0500 -@@ -47,6 +47,12 @@ - #define COMMON_IPC__ASSOCIATE 0x00000040UL - #define COMMON_IPC__UNIX_READ 0x00000080UL - #define COMMON_IPC__UNIX_WRITE 0x00000100UL -+#define COMMON_DATABASE__CREATE 0x00000001UL -+#define COMMON_DATABASE__DROP 0x00000002UL -+#define COMMON_DATABASE__GETATTR 0x00000004UL -+#define COMMON_DATABASE__SETATTR 0x00000008UL -+#define COMMON_DATABASE__RELABELFROM 0x00000010UL -+#define COMMON_DATABASE__RELABELTO 0x00000020UL - #define FILESYSTEM__MOUNT 0x00000001UL - #define FILESYSTEM__REMOUNT 0x00000002UL - #define FILESYSTEM__UNMOUNT 0x00000004UL -@@ -928,3 +936,61 @@ - #define DCCP_SOCKET__NODE_BIND 0x00400000UL - #define DCCP_SOCKET__NAME_CONNECT 0x00800000UL - #define MEMPROTECT__MMAP_ZERO 0x00000001UL -+#define DB_DATABASE__CREATE 0x00000001UL -+#define DB_DATABASE__DROP 0x00000002UL -+#define DB_DATABASE__GETATTR 0x00000004UL -+#define DB_DATABASE__SETATTR 0x00000008UL -+#define DB_DATABASE__RELABELFROM 0x00000010UL -+#define DB_DATABASE__RELABELTO 0x00000020UL -+#define DB_DATABASE__ACCESS 0x00000040UL -+#define DB_DATABASE__INSTALL_MODULE 0x00000080UL -+#define DB_DATABASE__LOAD_MODULE 0x00000100UL -+#define DB_DATABASE__GET_PARAM 0x00000200UL -+#define DB_DATABASE__SET_PARAM 0x00000400UL -+#define DB_TABLE__CREATE 0x00000001UL -+#define DB_TABLE__DROP 0x00000002UL -+#define DB_TABLE__GETATTR 0x00000004UL -+#define DB_TABLE__SETATTR 0x00000008UL -+#define DB_TABLE__RELABELFROM 0x00000010UL -+#define DB_TABLE__RELABELTO 0x00000020UL -+#define DB_TABLE__USE 0x00000040UL -+#define DB_TABLE__SELECT 0x00000080UL -+#define DB_TABLE__UPDATE 0x00000100UL -+#define DB_TABLE__INSERT 0x00000200UL -+#define DB_TABLE__DELETE 0x00000400UL -+#define DB_TABLE__LOCK 0x00000800UL -+#define DB_PROCEDURE__CREATE 0x00000001UL -+#define DB_PROCEDURE__DROP 0x00000002UL -+#define DB_PROCEDURE__GETATTR 0x00000004UL -+#define DB_PROCEDURE__SETATTR 0x00000008UL -+#define DB_PROCEDURE__RELABELFROM 0x00000010UL -+#define DB_PROCEDURE__RELABELTO 0x00000020UL -+#define DB_PROCEDURE__EXECUTE 0x00000040UL -+#define DB_PROCEDURE__ENTRYPOINT 0x00000080UL -+#define DB_COLUMN__CREATE 0x00000001UL -+#define DB_COLUMN__DROP 0x00000002UL -+#define DB_COLUMN__GETATTR 0x00000004UL -+#define DB_COLUMN__SETATTR 0x00000008UL -+#define DB_COLUMN__RELABELFROM 0x00000010UL -+#define DB_COLUMN__RELABELTO 0x00000020UL -+#define DB_COLUMN__USE 0x00000040UL -+#define DB_COLUMN__SELECT 0x00000080UL -+#define DB_COLUMN__UPDATE 0x00000100UL -+#define DB_COLUMN__INSERT 0x00000200UL -+#define DB_TUPLE__RELABELFROM 0x00000001UL -+#define DB_TUPLE__RELABELTO 0x00000002UL -+#define DB_TUPLE__USE 0x00000004UL -+#define DB_TUPLE__SELECT 0x00000008UL -+#define DB_TUPLE__UPDATE 0x00000010UL -+#define DB_TUPLE__INSERT 0x00000020UL -+#define DB_TUPLE__DELETE 0x00000040UL -+#define DB_BLOB__CREATE 0x00000001UL -+#define DB_BLOB__DROP 0x00000002UL -+#define DB_BLOB__GETATTR 0x00000004UL -+#define DB_BLOB__SETATTR 0x00000008UL -+#define DB_BLOB__RELABELFROM 0x00000010UL -+#define DB_BLOB__RELABELTO 0x00000020UL -+#define DB_BLOB__READ 0x00000040UL -+#define DB_BLOB__WRITE 0x00000080UL -+#define DB_BLOB__IMPORT 0x00000100UL -+#define DB_BLOB__EXPORT 0x00000200UL -diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/flask.h libselinux-2.0.42/include/selinux/flask.h ---- nsalibselinux/include/selinux/flask.h 2007-08-03 16:02:55.000000000 -0400 -+++ libselinux-2.0.42/include/selinux/flask.h 2007-11-15 14:57:01.000000000 -0500 -@@ -66,6 +66,12 @@ - #define SECCLASS_CONTEXT 59 - #define SECCLASS_DCCP_SOCKET 60 - #define SECCLASS_MEMPROTECT 61 -+#define SECCLASS_DB_DATABASE 62 -+#define SECCLASS_DB_TABLE 63 -+#define SECCLASS_DB_PROCEDURE 64 -+#define SECCLASS_DB_COLUMN 65 -+#define SECCLASS_DB_TUPLE 66 -+#define SECCLASS_DB_BLOB 67 - - /* - * Security identifier indices for initial entities -diff --exclude-from=exclude -N -u -r nsalibselinux/src/av_inherit.h libselinux-2.0.42/src/av_inherit.h ---- nsalibselinux/src/av_inherit.h 2007-07-16 14:20:46.000000000 -0400 -+++ libselinux-2.0.42/src/av_inherit.h 2007-11-15 14:56:59.000000000 -0500 -@@ -1,32 +1,38 @@ - /* This file is automatically generated. Do not edit. */ --S_(SECCLASS_DIR, file, 0x00020000UL) -- S_(SECCLASS_FILE, file, 0x00020000UL) -- S_(SECCLASS_LNK_FILE, file, 0x00020000UL) -- S_(SECCLASS_CHR_FILE, file, 0x00020000UL) -- S_(SECCLASS_BLK_FILE, file, 0x00020000UL) -- S_(SECCLASS_SOCK_FILE, file, 0x00020000UL) -- S_(SECCLASS_FIFO_FILE, file, 0x00020000UL) -- S_(SECCLASS_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_IPC, ipc, 0x00000200UL) -- S_(SECCLASS_SEM, ipc, 0x00000200UL) -- S_(SECCLASS_MSGQ, ipc, 0x00000200UL) -- S_(SECCLASS_SHM, ipc, 0x00000200UL) -- S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL) -- S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_DIR, file, 0x00020000UL) -+ S_(SECCLASS_FILE, file, 0x00020000UL) -+ S_(SECCLASS_LNK_FILE, file, 0x00020000UL) -+ S_(SECCLASS_CHR_FILE, file, 0x00020000UL) -+ S_(SECCLASS_BLK_FILE, file, 0x00020000UL) -+ S_(SECCLASS_SOCK_FILE, file, 0x00020000UL) -+ S_(SECCLASS_FIFO_FILE, file, 0x00020000UL) -+ S_(SECCLASS_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_IPC, ipc, 0x00000200UL) -+ S_(SECCLASS_SEM, ipc, 0x00000200UL) -+ S_(SECCLASS_MSGQ, ipc, 0x00000200UL) -+ S_(SECCLASS_SHM, ipc, 0x00000200UL) -+ S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_DCCP_SOCKET, socket, 0x00400000UL) -+ S_(SECCLASS_DB_DATABASE, database, 0x00000040UL) -+ S_(SECCLASS_DB_TABLE, database, 0x00000040UL) -+ S_(SECCLASS_DB_PROCEDURE, database, 0x00000040UL) -+ S_(SECCLASS_DB_COLUMN, database, 0x00000040UL) -+ S_(SECCLASS_DB_BLOB, database, 0x00000040UL) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/av_perm_to_string.h libselinux-2.0.42/src/av_perm_to_string.h ---- nsalibselinux/src/av_perm_to_string.h 2007-07-16 14:20:46.000000000 -0400 -+++ libselinux-2.0.42/src/av_perm_to_string.h 2007-11-15 14:57:00.000000000 -0500 -@@ -1,269 +1,295 @@ - /* This file is automatically generated. Do not edit. */ --S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount") -- S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount") -- S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount") -- S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr") -- S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom") -- S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto") -- S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition") -- S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate") -- S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod") -- S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget") -- S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name") -- S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name") -- S_(SECCLASS_DIR, DIR__REPARENT, "reparent") -- S_(SECCLASS_DIR, DIR__SEARCH, "search") -- S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") -- S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") -- S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") -- S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") -- S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans") -- S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint") -- S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod") -- S_(SECCLASS_FD, FD__USE, "use") -- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") -- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") -- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom") -- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind") -- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect") -- S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind") -- S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind") -- S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv") -- S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send") -- S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv") -- S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send") -- S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv") -- S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send") -- S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") -- S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") -- S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") -- S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") -- S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send") -- S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv") -- S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") -- S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") -- S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") -- S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") -- S_(SECCLASS_PROCESS, PROCESS__FORK, "fork") -- S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition") -- S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld") -- S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill") -- S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop") -- S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull") -- S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal") -- S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace") -- S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched") -- S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched") -- S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession") -- S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid") -- S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid") -- S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap") -- S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap") -- S_(SECCLASS_PROCESS, PROCESS__SHARE, "share") -- S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr") -- S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec") -- S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate") -- S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure") -- S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") -- S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") -- S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") -- S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") -- S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") -- S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") -- S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") -- S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") -- S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate") -- S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate") -- S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") -- S_(SECCLASS_MSG, MSG__SEND, "send") -- S_(SECCLASS_MSG, MSG__RECEIVE, "receive") -- S_(SECCLASS_SHM, SHM__LOCK, "lock") -- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") -- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") -- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") -- S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") -- S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") -- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") -- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") -- S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") -- S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") -- S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam") -- S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot") -- S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info") -- S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") -- S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") -- S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") -- S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") -- S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override") -- S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") -- S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner") -- S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid") -- S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap") -- S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable") -- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service") -- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast") -- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin") -- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw") -- S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock") -- S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time") -- S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config") -- S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod") -- S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") -- S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") -- S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") -- S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd") -- S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn") -- S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh") -- S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok") -- S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab") -- S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create") -- S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy") -- S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw") -- S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy") -- S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr") -- S_(SECCLASS_GC, GC__CREATE, "create") -- S_(SECCLASS_GC, GC__FREE, "free") -- S_(SECCLASS_GC, GC__GETATTR, "getattr") -- S_(SECCLASS_GC, GC__SETATTR, "setattr") -- S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild") -- S_(SECCLASS_WINDOW, WINDOW__CREATE, "create") -- S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy") -- S_(SECCLASS_WINDOW, WINDOW__MAP, "map") -- S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap") -- S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack") -- S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist") -- S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop") -- S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop") -- S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr") -- S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr") -- S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus") -- S_(SECCLASS_WINDOW, WINDOW__MOVE, "move") -- S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection") -- S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent") -- S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife") -- S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate") -- S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent") -- S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion") -- S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent") -- S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent") -- S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent") -- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent") -- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest") -- S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent") -- S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent") -- S_(SECCLASS_FONT, FONT__LOAD, "load") -- S_(SECCLASS_FONT, FONT__FREE, "free") -- S_(SECCLASS_FONT, FONT__GETATTR, "getattr") -- S_(SECCLASS_FONT, FONT__USE, "use") -- S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create") -- S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free") -- S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install") -- S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall") -- S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list") -- S_(SECCLASS_COLORMAP, COLORMAP__READ, "read") -- S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store") -- S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr") -- S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr") -- S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create") -- S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free") -- S_(SECCLASS_PROPERTY, PROPERTY__READ, "read") -- S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write") -- S_(SECCLASS_CURSOR, CURSOR__CREATE, "create") -- S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph") -- S_(SECCLASS_CURSOR, CURSOR__FREE, "free") -- S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign") -- S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr") -- S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill") -- S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup") -- S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr") -- S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr") -- S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus") -- S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer") -- S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab") -- S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab") -- S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab") -- S_(SECCLASS_XINPUT, XINPUT__BELL, "bell") -- S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion") -- S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput") -- S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver") -- S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist") -- S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist") -- S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath") -- S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath") -- S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr") -- S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab") -- S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab") -- S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query") -- S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use") -- S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec") -- S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp") -- S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect") -- S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap") -- S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec") -- S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec") -- S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, -- "nlmsg_read") -- S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, -- "nlmsg_write") -- S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, -- "nlmsg_read") -- S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, -- "nlmsg_write") -- S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, -- "nlmsg_read") -- S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, -- "nlmsg_write") -- S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read") -- S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, -- "nlmsg_write") -- S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, -- "nlmsg_read") -- S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, -- "nlmsg_write") -- S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, -- "nlmsg_relay") -- S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, -- "nlmsg_readpriv") -- S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, -- "nlmsg_read") -- S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, -- "nlmsg_write") -- S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc") -- S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg") -- S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd") -- S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp") -- S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost") -- S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat") -- S_(SECCLASS_NSCD, NSCD__ADMIN, "admin") -- S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd") -- S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp") -- S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") -- S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") -- S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") -- S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext") -- S_(SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, "polmatch") -- S_(SECCLASS_PACKET, PACKET__SEND, "send") -- S_(SECCLASS_PACKET, PACKET__RECV, "recv") -- S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto") -- S_(SECCLASS_KEY, KEY__VIEW, "view") -- S_(SECCLASS_KEY, KEY__READ, "read") -- S_(SECCLASS_KEY, KEY__WRITE, "write") -- S_(SECCLASS_KEY, KEY__SEARCH, "search") -- S_(SECCLASS_KEY, KEY__LINK, "link") -- S_(SECCLASS_KEY, KEY__SETATTR, "setattr") -- S_(SECCLASS_KEY, KEY__CREATE, "create") -- S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate") -- S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains") -+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount") -+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount") -+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount") -+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr") -+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom") -+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto") -+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition") -+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate") -+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod") -+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget") -+ S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name") -+ S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name") -+ S_(SECCLASS_DIR, DIR__REPARENT, "reparent") -+ S_(SECCLASS_DIR, DIR__SEARCH, "search") -+ S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") -+ S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") -+ S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") -+ S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") -+ S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans") -+ S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint") -+ S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod") -+ S_(SECCLASS_FD, FD__USE, "use") -+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") -+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") -+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom") -+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind") -+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect") -+ S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind") -+ S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind") -+ S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv") -+ S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send") -+ S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv") -+ S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send") -+ S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv") -+ S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send") -+ S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") -+ S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv") -+ S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send") -+ S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") -+ S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") -+ S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") -+ S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send") -+ S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv") -+ S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") -+ S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv") -+ S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send") -+ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") -+ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") -+ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") -+ S_(SECCLASS_PROCESS, PROCESS__FORK, "fork") -+ S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition") -+ S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld") -+ S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill") -+ S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop") -+ S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull") -+ S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal") -+ S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace") -+ S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched") -+ S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched") -+ S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession") -+ S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid") -+ S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid") -+ S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap") -+ S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap") -+ S_(SECCLASS_PROCESS, PROCESS__SHARE, "share") -+ S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr") -+ S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec") -+ S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate") -+ S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure") -+ S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") -+ S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") -+ S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") -+ S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") -+ S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") -+ S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") -+ S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") -+ S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") -+ S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate") -+ S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate") -+ S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") -+ S_(SECCLASS_MSG, MSG__SEND, "send") -+ S_(SECCLASS_MSG, MSG__RECEIVE, "receive") -+ S_(SECCLASS_SHM, SHM__LOCK, "lock") -+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") -+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") -+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") -+ S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") -+ S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") -+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") -+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") -+ S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") -+ S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") -+ S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam") -+ S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot") -+ S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info") -+ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") -+ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") -+ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") -+ S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") -+ S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd") -+ S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn") -+ S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh") -+ S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok") -+ S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab") -+ S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create") -+ S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy") -+ S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw") -+ S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy") -+ S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr") -+ S_(SECCLASS_GC, GC__CREATE, "create") -+ S_(SECCLASS_GC, GC__FREE, "free") -+ S_(SECCLASS_GC, GC__GETATTR, "getattr") -+ S_(SECCLASS_GC, GC__SETATTR, "setattr") -+ S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild") -+ S_(SECCLASS_WINDOW, WINDOW__CREATE, "create") -+ S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy") -+ S_(SECCLASS_WINDOW, WINDOW__MAP, "map") -+ S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap") -+ S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack") -+ S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist") -+ S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop") -+ S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop") -+ S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr") -+ S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr") -+ S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus") -+ S_(SECCLASS_WINDOW, WINDOW__MOVE, "move") -+ S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection") -+ S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent") -+ S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife") -+ S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate") -+ S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent") -+ S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion") -+ S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent") -+ S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent") -+ S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent") -+ S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent") -+ S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest") -+ S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent") -+ S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent") -+ S_(SECCLASS_FONT, FONT__LOAD, "load") -+ S_(SECCLASS_FONT, FONT__FREE, "free") -+ S_(SECCLASS_FONT, FONT__GETATTR, "getattr") -+ S_(SECCLASS_FONT, FONT__USE, "use") -+ S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create") -+ S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free") -+ S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install") -+ S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall") -+ S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list") -+ S_(SECCLASS_COLORMAP, COLORMAP__READ, "read") -+ S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store") -+ S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr") -+ S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr") -+ S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create") -+ S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free") -+ S_(SECCLASS_PROPERTY, PROPERTY__READ, "read") -+ S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write") -+ S_(SECCLASS_CURSOR, CURSOR__CREATE, "create") -+ S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph") -+ S_(SECCLASS_CURSOR, CURSOR__FREE, "free") -+ S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign") -+ S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr") -+ S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill") -+ S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup") -+ S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr") -+ S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr") -+ S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus") -+ S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer") -+ S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab") -+ S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab") -+ S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab") -+ S_(SECCLASS_XINPUT, XINPUT__BELL, "bell") -+ S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion") -+ S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput") -+ S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver") -+ S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist") -+ S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist") -+ S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath") -+ S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath") -+ S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr") -+ S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab") -+ S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab") -+ S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query") -+ S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use") -+ S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec") -+ S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp") -+ S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect") -+ S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap") -+ S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec") -+ S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec") -+ S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") -+ S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") -+ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") -+ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write") -+ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read") -+ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write") -+ S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read") -+ S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write") -+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read") -+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write") -+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay") -+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv") -+ S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read") -+ S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write") -+ S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc") -+ S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg") -+ S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd") -+ S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp") -+ S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost") -+ S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat") -+ S_(SECCLASS_NSCD, NSCD__ADMIN, "admin") -+ S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd") -+ S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp") -+ S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") -+ S_(SECCLASS_NSCD, NSCD__GETSERV, "getserv") -+ S_(SECCLASS_NSCD, NSCD__SHMEMSERV, "shmemserv") -+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") -+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") -+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext") -+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, "polmatch") -+ S_(SECCLASS_PACKET, PACKET__SEND, "send") -+ S_(SECCLASS_PACKET, PACKET__RECV, "recv") -+ S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto") -+ S_(SECCLASS_PACKET, PACKET__FLOW_IN, "flow_in") -+ S_(SECCLASS_PACKET, PACKET__FLOW_OUT, "flow_out") -+ S_(SECCLASS_KEY, KEY__VIEW, "view") -+ S_(SECCLASS_KEY, KEY__READ, "read") -+ S_(SECCLASS_KEY, KEY__WRITE, "write") -+ S_(SECCLASS_KEY, KEY__SEARCH, "search") -+ S_(SECCLASS_KEY, KEY__LINK, "link") -+ S_(SECCLASS_KEY, KEY__SETATTR, "setattr") -+ S_(SECCLASS_KEY, KEY__CREATE, "create") -+ S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate") -+ S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains") -+ S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind") -+ S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") -+ S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") -+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__ACCESS, "access") -+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__INSTALL_MODULE, "install_module") -+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__LOAD_MODULE, "load_module") -+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__GET_PARAM, "get_param") -+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__SET_PARAM, "set_param") -+ S_(SECCLASS_DB_TABLE, DB_TABLE__USE, "use") -+ S_(SECCLASS_DB_TABLE, DB_TABLE__SELECT, "select") -+ S_(SECCLASS_DB_TABLE, DB_TABLE__UPDATE, "update") -+ S_(SECCLASS_DB_TABLE, DB_TABLE__INSERT, "insert") -+ S_(SECCLASS_DB_TABLE, DB_TABLE__DELETE, "delete") -+ S_(SECCLASS_DB_TABLE, DB_TABLE__LOCK, "lock") -+ S_(SECCLASS_DB_PROCEDURE, DB_PROCEDURE__EXECUTE, "execute") -+ S_(SECCLASS_DB_PROCEDURE, DB_PROCEDURE__ENTRYPOINT, "entrypoint") -+ S_(SECCLASS_DB_COLUMN, DB_COLUMN__USE, "use") -+ S_(SECCLASS_DB_COLUMN, DB_COLUMN__SELECT, "select") -+ S_(SECCLASS_DB_COLUMN, DB_COLUMN__UPDATE, "update") -+ S_(SECCLASS_DB_COLUMN, DB_COLUMN__INSERT, "insert") -+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__RELABELFROM, "relabelfrom") -+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__RELABELTO, "relabelto") -+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__USE, "use") -+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__SELECT, "select") -+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__UPDATE, "update") -+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__INSERT, "insert") -+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__DELETE, "delete") -+ S_(SECCLASS_DB_BLOB, DB_BLOB__READ, "read") -+ S_(SECCLASS_DB_BLOB, DB_BLOB__WRITE, "write") -+ S_(SECCLASS_DB_BLOB, DB_BLOB__IMPORT, "import") -+ S_(SECCLASS_DB_BLOB, DB_BLOB__EXPORT, "export") -diff --exclude-from=exclude -N -u -r nsalibselinux/src/class_to_string.h libselinux-2.0.42/src/class_to_string.h ---- nsalibselinux/src/class_to_string.h 2007-07-16 14:20:46.000000000 -0400 -+++ libselinux-2.0.42/src/class_to_string.h 2007-11-15 14:57:00.000000000 -0500 -@@ -62,3 +62,11 @@ - S_("packet") - S_("key") - S_("context") -+ S_("dccp_socket") -+ S_("memprotect") -+ S_("db_database") -+ S_("db_table") -+ S_("db_procedure") -+ S_("db_column") -+ S_("db_tuple") -+ S_("db_blob") -diff --exclude-from=exclude -N -u -r nsalibselinux/src/common_perm_to_string.h libselinux-2.0.42/src/common_perm_to_string.h ---- nsalibselinux/src/common_perm_to_string.h 2007-07-16 14:20:46.000000000 -0400 -+++ libselinux-2.0.42/src/common_perm_to_string.h 2007-11-15 14:57:01.000000000 -0500 -@@ -54,4 +54,14 @@ - S_("associate") - S_("unix_read") - S_("unix_write") -- TE_(common_ipc_perm_to_string) -+TE_(common_ipc_perm_to_string) -+ -+TB_(common_database_perm_to_string) -+ S_("create") -+ S_("drop") -+ S_("getattr") -+ S_("setattr") -+ S_("relabelfrom") -+ S_("relabelto") -+TE_(common_database_perm_to_string) -+ +--- nsalibselinux/include/selinux/av_permissions.h 2007-11-15 15:52:46.000000000 -0500 ++++ libselinux-2.0.42/include/selinux/av_permissions.h 2007-11-15 16:30:48.000000000 -0500 +@@ -900,6 +900,8 @@ + #define PACKET__SEND 0x00000001UL + #define PACKET__RECV 0x00000002UL + #define PACKET__RELABELTO 0x00000004UL ++#define PACKET__FLOW_IN 0x00000008UL ++#define PACKET__FLOW_OUT 0x00000010UL + #define KEY__VIEW 0x00000001UL + #define KEY__READ 0x00000002UL + #define KEY__WRITE 0x00000004UL diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.42/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2007-09-28 09:48:58.000000000 -0400 -+++ libselinux-2.0.42/src/matchpathcon.c 2007-11-15 14:56:45.000000000 -0500 ++++ libselinux-2.0.42/src/matchpathcon.c 2007-11-15 15:08:23.000000000 -0500 @@ -2,6 +2,7 @@ #include #include @@ -788,7 +32,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.42/utils/matchpathcon.c --- nsalibselinux/utils/matchpathcon.c 2007-07-16 14:20:45.000000000 -0400 -+++ libselinux-2.0.42/utils/matchpathcon.c 2007-11-15 14:56:45.000000000 -0500 ++++ libselinux-2.0.42/utils/matchpathcon.c 2007-11-15 15:08:23.000000000 -0500 @@ -17,10 +17,24 @@ exit(1); } diff --git a/libselinux.spec b/libselinux.spec index 8d881e4..91c9f04 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,8 +1,8 @@ %define libsepolver 2.0.10-1 Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.37 -Release: 3%{?dist} +Version: 2.0.43 +Release: 1%{?dist} License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -123,11 +123,21 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog -* Thu Nov 15 2007 Dan Walsh - 2.0.37-3 -- Update avc definitions from policy +* Thu Nov 15 2007 Dan Walsh - 2.0.43-1 +- Upgrade to upstream + * Regenerated Flask headers from policy. + +* Thu Nov 15 2007 Dan Walsh - 2.0.42-1 +- Upgrade to upstream + * AVC enforcing mode override patch from Eamon Walsh. + * Aligned attributes in AVC netlink code from Eamon Walsh. +- Move libselinux.so back into devel package, procps has been fixed -* Thu Nov 15 2007 Dan Walsh - 2.0.37-2 -- Move libselinux.so back into devel package, procps fixed +* Tue Nov 6 2007 Dan Walsh - 2.0.40-1 +- Upgrade to upstream + * Merged refactored AVC netlink code from Eamon Walsh. + * Merged new X label namespaces from Eamon Walsh. + * Bux fix and minor refactoring in string representation code. * Fri Oct 5 2007 Dan Walsh - 2.0.37-1 - Upgrade to upstream diff --git a/sources b/sources index 9c9485d..fba28c6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -15d6162ff0d4f5b3ab75c4076935d59e libselinux-2.0.37.tgz +e6227df653d38cc4af7bd84ec5614d91 libselinux-2.0.43.tgz