1# FLASK 2 3# 4# Define the security object classes 5# 6 7# Classes marked as userspace are classes 8# for userspace object managers 9 10class security 11class process 12class system 13class capability 14 15# file-related classes 16class filesystem 17class file 18class anon_inode 19class dir 20class fd 21class lnk_file 22class chr_file 23class blk_file 24class sock_file 25class fifo_file 26 27# network-related classes 28class socket 29class tcp_socket 30class udp_socket 31class rawip_socket 32class node 33class netif 34class netlink_socket 35class packet_socket 36class key_socket 37class unix_stream_socket 38class unix_dgram_socket 39 40# sysv-ipc-related classes 41class sem 42class msg 43class msgq 44class shm 45class ipc 46 47# extended netlink sockets 48class netlink_route_socket 49class netlink_tcpdiag_socket 50class netlink_nflog_socket 51class netlink_xfrm_socket 52class netlink_selinux_socket 53class netlink_audit_socket 54class netlink_dnrt_socket 55 56# IPSec association 57class association 58 59# Updated Netlink class for KOBJECT_UEVENT family. 60class netlink_kobject_uevent_socket 61 62class appletalk_socket 63 64class packet 65 66# Kernel access key retention 67class key 68 69class dccp_socket 70 71class memprotect 72 73# network peer labels 74class peer 75 76# Capabilities >= 32 77class capability2 78 79# kernel services that need to override task security, e.g. cachefiles 80class kernel_service 81 82class tun_socket 83 84class binder 85 86# Updated netlink classes for more recent netlink protocols. 87class netlink_iscsi_socket 88class netlink_fib_lookup_socket 89class netlink_connector_socket 90class netlink_netfilter_socket 91class netlink_generic_socket 92class netlink_scsitransport_socket 93class netlink_rdma_socket 94class netlink_crypto_socket 95 96# Infiniband 97class infiniband_pkey 98class infiniband_endport 99 100# Capability checks when on a non-init user namespace 101class cap_userns 102class cap2_userns 103 104# New socket classes introduced by extended_socket_class policy capability. 105# These two were previously mapped to rawip_socket. 106class sctp_socket 107class icmp_socket 108# These were previously mapped to socket. 109class ax25_socket 110class ipx_socket 111class netrom_socket 112class atmpvc_socket 113class x25_socket 114class rose_socket 115class decnet_socket 116class atmsvc_socket 117class rds_socket 118class irda_socket 119class pppox_socket 120class llc_socket 121class can_socket 122class tipc_socket 123class bluetooth_socket 124class iucv_socket 125class rxrpc_socket 126class isdn_socket 127class phonet_socket 128class ieee802154_socket 129class caif_socket 130class alg_socket 131class nfc_socket 132class vsock_socket 133class kcm_socket 134class qipcrtr_socket 135class smc_socket 136 137class process2 138 139class bpf 140 141class xdp_socket 142 143class perf_event 144 145# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331 146class lockdown 147 148# Property service 149class property_service # userspace 150 151# Service manager 152class service_manager # userspace 153 154# hardware service manager # userspace 155class hwservice_manager 156 157# Legacy Keystore key permissions 158class keystore_key # userspace 159 160# Keystore 2.0 permissions 161class keystore2 # userspace 162 163# Keystore 2.0 key permissions 164class keystore2_key # userspace 165 166# Diced permissions 167class diced # userspace 168 169class drmservice # userspace 170# FLASK 171