• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# FLASK
2
3#
4# Define the security object classes
5#
6
7# Classes marked as userspace are classes
8# for userspace object managers
9
10class security
11class process
12class system
13class capability
14
15# file-related classes
16class filesystem
17class file
18class dir
19class fd
20class lnk_file
21class chr_file
22class blk_file
23class sock_file
24class fifo_file
25
26# network-related classes
27class socket
28class tcp_socket
29class udp_socket
30class rawip_socket
31class node
32class netif
33class netlink_socket
34class packet_socket
35class key_socket
36class unix_stream_socket
37class unix_dgram_socket
38
39# sysv-ipc-related classes
40class sem
41class msg
42class msgq
43class shm
44class ipc
45
46# extended netlink sockets
47class netlink_route_socket
48class netlink_tcpdiag_socket
49class netlink_nflog_socket
50class netlink_xfrm_socket
51class netlink_selinux_socket
52class netlink_audit_socket
53class netlink_dnrt_socket
54
55# IPSec association
56class association
57
58# Updated Netlink class for KOBJECT_UEVENT family.
59class netlink_kobject_uevent_socket
60
61class appletalk_socket
62
63class packet
64
65# Kernel access key retention
66class key
67
68class dccp_socket
69
70class memprotect
71
72# network peer labels
73class peer
74
75# Capabilities >= 32
76class capability2
77
78# kernel services that need to override task security, e.g. cachefiles
79class kernel_service
80
81class tun_socket
82
83class binder
84
85# Updated netlink classes for more recent netlink protocols.
86class netlink_iscsi_socket
87class netlink_fib_lookup_socket
88class netlink_connector_socket
89class netlink_netfilter_socket
90class netlink_generic_socket
91class netlink_scsitransport_socket
92class netlink_rdma_socket
93class netlink_crypto_socket
94
95# Capability checks when on a non-init user namespace
96class cap_userns
97class cap2_userns
98
99# New socket classes introduced by extended_socket_class policy capability.
100# These two were previously mapped to rawip_socket.
101class sctp_socket
102class icmp_socket
103# These were previously mapped to socket.
104class ax25_socket
105class ipx_socket
106class netrom_socket
107class atmpvc_socket
108class x25_socket
109class rose_socket
110class decnet_socket
111class atmsvc_socket
112class rds_socket
113class irda_socket
114class pppox_socket
115class llc_socket
116class can_socket
117class tipc_socket
118class bluetooth_socket
119class iucv_socket
120class rxrpc_socket
121class isdn_socket
122class phonet_socket
123class ieee802154_socket
124class caif_socket
125class alg_socket
126class nfc_socket
127class vsock_socket
128class kcm_socket
129class qipcrtr_socket
130
131# Property service
132class property_service          # userspace
133
134# Service manager
135class service_manager           # userspace
136
137# hardware service manager      # userspace
138class hwservice_manager
139
140# Keystore Key
141class keystore_key              # userspace
142
143class drmservice                # userspace
144# FLASK
145