• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# FLASK
2
3#
4# Define the security object classes
5#
6
7# Classes marked as userspace are classes
8# for userspace object managers
9
10class security
11class process
12class system
13class capability
14
15# file-related classes
16class filesystem
17class file
18class dir
19class fd
20class lnk_file
21class chr_file
22class blk_file
23class sock_file
24class fifo_file
25
26# network-related classes
27class socket
28class tcp_socket
29class udp_socket
30class rawip_socket
31class node
32class netif
33class netlink_socket
34class packet_socket
35class key_socket
36class unix_stream_socket
37class unix_dgram_socket
38
39# sysv-ipc-related classes
40class sem
41class msg
42class msgq
43class shm
44class ipc
45
46# extended netlink sockets
47class netlink_route_socket
48class netlink_tcpdiag_socket
49class netlink_nflog_socket
50class netlink_xfrm_socket
51class netlink_selinux_socket
52class netlink_audit_socket
53class netlink_dnrt_socket
54
55# IPSec association
56class association
57
58# Updated Netlink class for KOBJECT_UEVENT family.
59class netlink_kobject_uevent_socket
60
61class appletalk_socket
62
63class packet
64
65# Kernel access key retention
66class key
67
68class dccp_socket
69
70class memprotect
71
72# network peer labels
73class peer
74
75# Capabilities >= 32
76class capability2
77
78# kernel services that need to override task security, e.g. cachefiles
79class kernel_service
80
81class tun_socket
82
83class binder
84
85# Updated netlink classes for more recent netlink protocols.
86class netlink_iscsi_socket
87class netlink_fib_lookup_socket
88class netlink_connector_socket
89class netlink_netfilter_socket
90class netlink_generic_socket
91class netlink_scsitransport_socket
92class netlink_rdma_socket
93class netlink_crypto_socket
94
95# Infiniband
96class infiniband_pkey
97class infiniband_endport
98
99# Capability checks when on a non-init user namespace
100class cap_userns
101class cap2_userns
102
103# New socket classes introduced by extended_socket_class policy capability.
104# These two were previously mapped to rawip_socket.
105class sctp_socket
106class icmp_socket
107# These were previously mapped to socket.
108class ax25_socket
109class ipx_socket
110class netrom_socket
111class atmpvc_socket
112class x25_socket
113class rose_socket
114class decnet_socket
115class atmsvc_socket
116class rds_socket
117class irda_socket
118class pppox_socket
119class llc_socket
120class can_socket
121class tipc_socket
122class bluetooth_socket
123class iucv_socket
124class rxrpc_socket
125class isdn_socket
126class phonet_socket
127class ieee802154_socket
128class caif_socket
129class alg_socket
130class nfc_socket
131class vsock_socket
132class kcm_socket
133class qipcrtr_socket
134class smc_socket
135
136class process2
137
138class bpf
139
140class xdp_socket
141
142class perf_event
143
144# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331
145class lockdown
146
147# Property service
148class property_service          # userspace
149
150# Service manager
151class service_manager           # userspace
152
153# hardware service manager      # userspace
154class hwservice_manager
155
156# Keystore Key
157class keystore_key              # userspace
158
159class drmservice                # userspace
160# FLASK
161