• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2021-2023 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14common file
15{
16    ioctl
17    read
18    write
19    create
20    getattr
21    setattr
22    lock
23    relabelfrom
24    relabelto
25    append
26    map
27    unlink
28    link
29    rename
30    execute
31    quotaon
32    mounton
33    audit_access
34    open
35    execmod
36    watch
37    watch_mount
38    watch_sb
39    watch_with_perm
40    watch_reads
41}
42common socket
43{
44    ioctl
45    read
46    write
47    create
48    getattr
49    setattr
50    lock
51    relabelfrom
52    relabelto
53    append
54    map
55    bind
56    connect
57    listen
58    accept
59    getopt
60    setopt
61    shutdown
62    recvfrom
63    sendto
64    name_bind
65}
66common ipc
67{
68    create
69    destroy
70    getattr
71    setattr
72    read
73    write
74    associate
75    unix_read
76    unix_write
77}
78common cap
79{
80    chown
81    dac_override
82    dac_read_search
83    fowner
84    fsetid
85    kill
86    setgid
87    setuid
88    setpcap
89    linux_immutable
90    net_bind_service
91    net_broadcast
92    net_admin
93    net_raw
94    ipc_lock
95    ipc_owner
96    sys_module
97    sys_rawio
98    sys_chroot
99    sys_ptrace
100    sys_pacct
101    sys_admin
102    sys_boot
103    sys_nice
104    sys_resource
105    sys_time
106    sys_tty_config
107    mknod
108    lease
109    audit_write
110    audit_control
111    setfcap
112}
113common cap2
114{
115    mac_override
116    mac_admin
117    syslog
118    wake_alarm
119    block_suspend
120    audit_read
121    checkpoint_restore
122    perfmon
123    bpf
124}
125class filesystem
126{
127    mount
128    remount
129    unmount
130    getattr
131    relabelfrom
132    relabelto
133    associate
134    quotamod
135    quotaget
136    watch
137}
138class dir
139inherits file
140{
141    add_name
142    remove_name
143    reparent
144    search
145    rmdir
146}
147class file
148inherits file
149{
150    execute_no_trans
151    entrypoint
152}
153class lnk_file
154inherits file
155class chr_file
156inherits file
157{
158    execute_no_trans
159    entrypoint
160}
161class blk_file
162inherits file
163class sock_file
164inherits file
165class fifo_file
166inherits file
167class fd
168{
169    use
170}
171class socket
172inherits socket
173class tcp_socket
174inherits socket
175{
176    node_bind
177    name_connect
178}
179class udp_socket
180inherits socket
181{
182    node_bind
183}
184class rawip_socket
185inherits socket
186{
187    node_bind
188}
189class node
190{
191    recvfrom
192    sendto
193}
194class netif
195{
196    ingress
197    egress
198}
199class netlink_socket
200inherits socket
201class packet_socket
202inherits socket
203class key_socket
204inherits socket
205class unix_stream_socket
206inherits socket
207{
208    connectto
209}
210class unix_dgram_socket
211inherits socket
212class process
213{
214    fork
215    transition
216    sigchld
217    sigkill
218    sigstop
219    signull
220    signal
221    ptrace
222    getsched
223    setsched
224    getsession
225    getpgid
226    setpgid
227    getcap
228    setcap
229    share
230    getattr
231    setexec
232    setfscreate
233    noatsecure
234    siginh
235    setrlimit
236    rlimitinh
237    dyntransition
238    setcurrent
239    execmem
240    execstack
241    execheap
242    setkeycreate
243    setsockcreate
244    getrlimit
245}
246class process2
247{
248    nnp_transition
249    nosuid_transition
250}
251class ipc
252inherits ipc
253class sem
254inherits ipc
255class msgq
256inherits ipc
257{
258    enqueue
259}
260class msg
261{
262    send
263    receive
264}
265class shm
266inherits ipc
267{
268    lock
269}
270class security
271{
272    compute_av
273    compute_create
274    compute_member
275    check_context
276    load_policy
277    compute_relabel
278    compute_user
279    setenforce
280    setbool
281    setsecparam
282    setcheckreqprot
283    read_policy
284    validate_trans
285}
286class system
287{
288    ipc_info
289    syslog_read
290    syslog_mod
291    syslog_console
292    module_request
293    module_load
294}
295class capability
296inherits cap
297class capability2
298inherits cap2
299class netlink_route_socket
300inherits socket
301{
302    nlmsg_read
303    nlmsg_write
304    nlmsg_readpriv
305}
306class netlink_tcpdiag_socket
307inherits socket
308{
309    nlmsg_read
310    nlmsg_write
311}
312class netlink_nflog_socket
313inherits socket
314class netlink_xfrm_socket
315inherits socket
316{
317    nlmsg_read
318    nlmsg_write
319}
320class netlink_selinux_socket
321inherits socket
322class netlink_audit_socket
323inherits socket
324{
325    nlmsg_read
326    nlmsg_write
327    nlmsg_relay
328    nlmsg_readpriv
329    nlmsg_tty_audit
330}
331class netlink_dnrt_socket
332inherits socket
333class association
334{
335    sendto
336    recvfrom
337    setcontext
338    polmatch
339}
340class netlink_kobject_uevent_socket
341inherits socket
342class appletalk_socket
343inherits socket
344class packet
345{
346    send
347    recv
348    relabelto
349    forward_in
350    forward_out
351}
352class key
353{
354    view
355    read
356    write
357    search
358    link
359    setattr
360    create
361}
362class dccp_socket
363inherits socket
364{
365    node_bind
366    name_connect
367}
368class memprotect
369{
370    mmap_zero
371}
372class peer
373{
374    recv
375}
376class kernel_service
377{
378    use_as_override
379    create_files_as
380}
381class tun_socket
382inherits socket
383{
384    attach_queue
385}
386class binder
387{
388    impersonate
389    call
390    set_context_mgr
391    transfer
392    actv_binder_service
393    actv_binder_call
394}
395class netlink_iscsi_socket
396inherits socket
397class netlink_fib_lookup_socket
398inherits socket
399class netlink_connector_socket
400inherits socket
401class netlink_netfilter_socket
402inherits socket
403class netlink_generic_socket
404inherits socket
405class netlink_scsitransport_socket
406inherits socket
407class netlink_rdma_socket
408inherits socket
409class netlink_crypto_socket
410inherits socket
411class infiniband_pkey
412{
413    access
414}
415class infiniband_endport
416{
417    manage_subnet
418}
419class cap_userns
420inherits cap
421class cap2_userns
422inherits cap2
423class sctp_socket
424inherits socket
425{
426    node_bind
427    name_connect
428    association
429}
430class icmp_socket
431inherits socket
432{
433    node_bind
434}
435class ax25_socket
436inherits socket
437class ipx_socket
438inherits socket
439class netrom_socket
440inherits socket
441class atmpvc_socket
442inherits socket
443class x25_socket
444inherits socket
445class rose_socket
446inherits socket
447class decnet_socket
448inherits socket
449class atmsvc_socket
450inherits socket
451class rds_socket
452inherits socket
453class irda_socket
454inherits socket
455class pppox_socket
456inherits socket
457class llc_socket
458inherits socket
459class can_socket
460inherits socket
461class tipc_socket
462inherits socket
463class bluetooth_socket
464inherits socket
465class iucv_socket
466inherits socket
467class rxrpc_socket
468inherits socket
469class isdn_socket
470inherits socket
471class phonet_socket
472inherits socket
473class ieee802154_socket
474inherits socket
475class caif_socket
476inherits socket
477class alg_socket
478inherits socket
479class nfc_socket
480inherits socket
481class vsock_socket
482inherits socket
483class vsock_host_socket
484inherits socket
485class kcm_socket
486inherits socket
487class qipcrtr_socket
488inherits socket
489class smc_socket
490inherits socket
491class bpf
492{
493    map_create
494    map_read
495    map_write
496    prog_load
497    prog_run
498}
499class xdp_socket
500inherits socket
501class parameter_service
502{
503    set
504}
505class samgr_class
506{
507    add
508    add_remote
509    get
510    get_remote
511    list
512}
513class hdf_devmgr_class
514{
515    add
516    get
517    list
518}
519
520class lockdown
521{
522    integrity
523    confidentiality
524}
525
526class perf_event
527{
528    open
529    cpu
530    kernel
531    tracepoint
532    read
533    write
534}
535
536class xpm
537{
538    exec_no_sign
539    exec_anon_mem
540    exec_in_jitfort
541    exec_allow_debug_id
542    exec_allow_sa_plugin
543    exec_allow_debug_ownerid
544    exec_allow_release_ownerid
545}
546
547class hideaddr
548{
549    hide_exec_anon_mem
550    hide_exec_anon_mem_debug
551}
552
553class code_sign
554{
555    add_cert_chain
556    remove_cert_chain
557}
558
559class hmpsf
560{
561    map_create
562    map_read
563    map_write
564    module_load
565    module_run
566}
567
568class hmprobe
569{
570    event_open
571    event_attach
572}
573
574class ced
575{
576    container_escape_check
577}
578
579class jit_memory
580{
581    exec_mem_ctrl
582}
583
584class hmcap
585{
586    supervsable
587    pid_mem_read
588    pid_mem_write
589    exec_non_lsyscall
590    code_protect
591}
592
593class dmaheap
594{
595    iris_heap
596}
597