Lines Matching refs:kernel_t

888 type kernel_t, can_load_kernmodule;
1255 	allow kernel_t file_t:dir mounton;
1281 	allow kernel_t root_t:dir mounton;
1396 	typeattribute kernel_t domain;
1397 	allow kernel_t self:dir { read getattr lock search ioctl };
1398 	allow kernel_t self:lnk_file { read getattr lock ioctl };
1399 	allow kernel_t self:file { getattr read write append ioctl lock };
1400 	allow kernel_t self:process { fork sigchld };
1401 		role secadm_r types kernel_t;
1402 		role sysadm_r types kernel_t;
1403 		role user_r types kernel_t;
1404 		role staff_r types kernel_t;
1405 	typeattribute kernel_t privrangetrans;
1406 role system_r types kernel_t;
1426 allow kernel_t self:capability *;
1427 allow kernel_t unlabeled_t:dir mounton;
1428 allow kernel_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack ex…
1429 allow kernel_t self:shm { associate getattr setattr create destroy read write lock unix_read unix_w…
1430 allow kernel_t self:sem { associate getattr setattr create destroy read write unix_read unix_write …
1431 allow kernel_t self:msg { send receive };
1432 allow kernel_t self:msgq { associate getattr setattr create destroy read write enqueue unix_read un…
1433 allow kernel_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind conne…
1434 allow kernel_t self:unix_stream_socket { { create { ioctl read getattr write setattr append bind co…
1435 allow kernel_t self:unix_dgram_socket sendto;
1436 allow kernel_t self:unix_stream_socket connectto;
1437 allow kernel_t self:fifo_file { getattr read write append ioctl lock };
1438 allow kernel_t self:sock_file { read getattr lock ioctl };
1439 allow kernel_t self:fd use;
1440 allow kernel_t proc_t:dir { read getattr lock search ioctl };
1441 allow kernel_t proc_t:{ lnk_file file } { read getattr lock ioctl };
1442 allow kernel_t proc_net_t:dir { read getattr lock search ioctl };
1443 allow kernel_t proc_net_t:file { read getattr lock ioctl };
1444 allow kernel_t proc_mdstat_t:file { read getattr lock ioctl };
1445 allow kernel_t proc_kcore_t:file getattr;
1446 allow kernel_t proc_kmsg_t:file getattr;
1447 allow kernel_t sysctl_t:dir { read getattr lock search ioctl };
1448 allow kernel_t sysctl_kernel_t:dir { read getattr lock search ioctl };
1449 allow kernel_t sysctl_kernel_t:file { read getattr lock ioctl };
1450 allow kernel_t unlabeled_t:fifo_file { getattr read write append ioctl lock };
1451 	allow kernel_t unlabeled_t:association { sendto recvfrom };
1452 	allow kernel_t netif_type:netif rawip_send;
1453 	allow kernel_t netif_type:netif rawip_recv;
1454 	allow kernel_t node_type:node rawip_send;
1455 	allow kernel_t node_type:node rawip_recv;
1456 	allow kernel_t netif_t:netif rawip_send;
1457 	allow kernel_t netif_type:netif { tcp_send tcp_recv };
1458 	allow kernel_t node_type:node { tcp_send tcp_recv };
1459 	allow kernel_t node_t:node rawip_send;
1460 	allow kernel_t multicast_node_t:node rawip_send;
1461 	allow kernel_t sysfs_t:dir { read getattr lock search ioctl };
1462 	allow kernel_t sysfs_t:{ file lnk_file } { read getattr lock ioctl };
1463 	allow kernel_t usbfs_t:dir search;
1464 	allow kernel_t filesystem_type:filesystem mount;
1465 	allow kernel_t security_t:dir { read search getattr };
1466 	allow kernel_t security_t:file { getattr read write };
1467 	typeattribute kernel_t can_load_policy;
1469 		allow kernel_t security_t:security load_policy;
1470 		auditallow kernel_t security_t:security load_policy;
1472 	allow kernel_t device_t:dir { read getattr lock search ioctl };
1473 	allow kernel_t device_t:lnk_file { getattr read };
1474 	allow kernel_t console_device_t:chr_file { getattr read write append ioctl lock };
1475 	allow kernel_t bin_t:dir { read getattr lock search ioctl };
1476 	allow kernel_t bin_t:lnk_file { read getattr lock ioctl };
1477 	allow kernel_t shell_exec_t:file { { read getattr lock execute ioctl } execute_no_trans };
1478 	allow kernel_t sbin_t:dir { read getattr lock search ioctl };
1479 	allow kernel_t bin_t:dir { read getattr lock search ioctl };
1480 	allow kernel_t bin_t:lnk_file { read getattr lock ioctl };
1481 	allow kernel_t bin_t:file { { read getattr lock execute ioctl } execute_no_trans };
1482 	allow kernel_t domain:process signal;
1483 	allow kernel_t proc_t:dir search;
1484 	allow kernel_t domain:dir search;
1485 	allow kernel_t root_t:dir { read getattr lock search ioctl };
1486 	allow kernel_t root_t:lnk_file { read getattr lock ioctl };
1487 	allow kernel_t etc_t:dir { read getattr lock search ioctl };
1488 	allow kernel_t home_root_t:dir { read getattr lock search ioctl };
1489 	allow kernel_t usr_t:dir { read getattr lock search ioctl };
1490 	allow kernel_t usr_t:{ file lnk_file } { read getattr lock ioctl };
1491 	typeattribute kernel_t mlsprocread;
1492 	typeattribute kernel_t mlsprocwrite;
1493 	allow kernel_t self:capability *;
1494 …allow kernel_t self:fifo_file { create ioctl read getattr lock write setattr append link unlink re…
1495 	allow kernel_t self:process transition;
1496 	allow kernel_t self:file { getattr read write append ioctl lock };
1497 	allow kernel_t self:nscd *;
1498 	allow kernel_t self:dbus *;
1499 	allow kernel_t self:passwd *;
1500 	allow kernel_t proc_type:{ dir file } *;
1501 	allow kernel_t sysctl_t:{ dir file } *;
1502 	allow kernel_t kernel_t:system *;
1503 	allow kernel_t unlabeled_t:{ dir file lnk_file sock_file fifo_file chr_file blk_file } *;
1504 	allow kernel_t unlabeled_t:filesystem *;
1505 	allow kernel_t unlabeled_t:association *;
1506 	typeattribute kernel_t can_load_kernmodule, can_receive_kernel_messages;
1507 	typeattribute kernel_t kern_unconfined;
1508 	allow kernel_t { proc_t proc_net_t }:dir search;
1509 	allow kernel_t sysctl_type:dir { read getattr lock search ioctl };
1510 	allow kernel_t sysctl_type:file { { getattr read write append ioctl lock } setattr };
1511 	allow kernel_t node_type:node *;
1512 	allow kernel_t netif_type:netif *;
1513 	allow kernel_t port_type:tcp_socket { send_msg recv_msg name_connect };
1514 	allow kernel_t port_type:udp_socket { send_msg recv_msg };
1515 	allow kernel_t port_type:{ tcp_socket udp_socket rawip_socket } name_bind;
1516 	allow kernel_t node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
1517 	allow kernel_t unlabeled_t:association { sendto recvfrom };
1518 	allow kernel_t device_node:{ chr_file blk_file } *;
1519 	allow kernel_t mtrr_device_t:{ dir file } *;
1520 	allow kernel_t self:capability sys_rawio;
1521 	typeattribute kernel_t memory_raw_write, memory_raw_read;
1522 	typeattribute kernel_t unconfined_domain_type;
1523 	typeattribute kernel_t can_change_process_identity;
1524 	typeattribute kernel_t can_change_process_role;
1525 	typeattribute kernel_t can_change_object_identity;
1526 	typeattribute kernel_t set_curr_context;
1527 …allow kernel_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_str…
1528 	allow kernel_t domain:fd use;
1529 	allow kernel_t domain:fifo_file { getattr read write append ioctl lock };
1530 	allow kernel_t domain:process ~{ transition dyntransition execmem execstack execheap };
1531 	allow kernel_t domain:{ sem msgq shm } *;
1532 	allow kernel_t domain:msg { send receive };
1533 	allow kernel_t domain:dir { read getattr lock search ioctl };
1534 	allow kernel_t domain:file { read getattr lock ioctl };
1535 	allow kernel_t domain:lnk_file { read getattr lock ioctl };
1536 	dontaudit kernel_t domain:dir { read getattr lock search ioctl };
1537 	dontaudit kernel_t domain:lnk_file { read getattr lock ioctl };
1538 	dontaudit kernel_t domain:file { read getattr lock ioctl };
1539 	dontaudit kernel_t domain:sock_file { read getattr lock ioctl };
1540 	dontaudit kernel_t domain:fifo_file { read getattr lock ioctl };
1541 	allow kernel_t file_type:{ file chr_file } ~execmod;
1542 	allow kernel_t file_type:{ dir lnk_file sock_file fifo_file blk_file } *;
1543 	allow kernel_t file_type:filesystem *;
1544 	allow kernel_t file_type:{ unix_stream_socket unix_dgram_socket } name_bind;
1546 			allow kernel_t file_type:file execmod;
1548 	allow kernel_t filesystem_type:filesystem *;
1549 	allow kernel_t filesystem_type:{ dir file lnk_file sock_file fifo_file chr_file blk_file } *;
1550 	allow kernel_t security_t:dir { getattr search read };
1551 	allow kernel_t security_t:file { getattr read write };
1552 	typeattribute kernel_t can_load_policy, can_setenforce, can_setsecparam;
1554 		allow kernel_t security_t:security *;
1555 		auditallow kernel_t security_t:security { load_policy setenforce setbool };
1558 		allow kernel_t self:process execheap;
1561 		allow kernel_t self:process execmem;
1564 		allow kernel_t self:process execstack;
1565 		auditallow kernel_t self:process execstack;
1569 		auditallow kernel_t self:process execheap;
1572 		auditallow kernel_t self:process execmem;
1575 	allow kernel_t default_t:dir { read getattr lock search ioctl };
1576 	allow kernel_t default_t:file { read getattr lock ioctl };
1577 	allow kernel_t default_t:lnk_file { read getattr lock ioctl };
1578 	allow kernel_t default_t:sock_file { read getattr lock ioctl };
1579 	allow kernel_t default_t:fifo_file { read getattr lock ioctl };
1589 range_transition kernel_t udev_exec_t s0 - s0:c0.c255;
1657 sid kernel system_u:system_r:kernel_t:s0