1c6d3aaa4SStephen Smalley #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \
2c6d3aaa4SStephen Smalley     "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append"
3c6d3aaa4SStephen Smalley 
4c6d3aaa4SStephen Smalley #define COMMON_FILE_PERMS COMMON_FILE_SOCK_PERMS, "unlink", "link", \
542a9699aSStephen Smalley     "rename", "execute", "quotaon", "mounton", "audit_access", \
6b424485aSEric Paris     "open", "execmod"
7c6d3aaa4SStephen Smalley 
8c6d3aaa4SStephen Smalley #define COMMON_SOCK_PERMS COMMON_FILE_SOCK_PERMS, "bind", "connect", \
9c6d3aaa4SStephen Smalley     "listen", "accept", "getopt", "setopt", "shutdown", "recvfrom",  \
1042a9699aSStephen Smalley     "sendto", "name_bind"
11c6d3aaa4SStephen Smalley 
12c6d3aaa4SStephen Smalley #define COMMON_IPC_PERMS "create", "destroy", "getattr", "setattr", "read", \
13c6d3aaa4SStephen Smalley 	    "write", "associate", "unix_read", "unix_write"
14c6d3aaa4SStephen Smalley 
154bc6c2d5SHarry Ciao /*
164bc6c2d5SHarry Ciao  * Note: The name for any socket class should be suffixed by "socket",
174bc6c2d5SHarry Ciao  *	 and doesn't contain more than one substr of "socket".
184bc6c2d5SHarry Ciao  */
19c6d3aaa4SStephen Smalley struct security_class_mapping secclass_map[] = {
20c6d3aaa4SStephen Smalley 	{ "security",
21c6d3aaa4SStephen Smalley 	  { "compute_av", "compute_create", "compute_member",
22c6d3aaa4SStephen Smalley 	    "check_context", "load_policy", "compute_relabel",
23c6d3aaa4SStephen Smalley 	    "compute_user", "setenforce", "setbool", "setsecparam",
24f9df6458SAndrew Perepechko 	    "setcheckreqprot", "read_policy", "validate_trans", NULL } },
25c6d3aaa4SStephen Smalley 	{ "process",
26c6d3aaa4SStephen Smalley 	  { "fork", "transition", "sigchld", "sigkill",
27c6d3aaa4SStephen Smalley 	    "sigstop", "signull", "signal", "ptrace", "getsched", "setsched",
28c6d3aaa4SStephen Smalley 	    "getsession", "getpgid", "setpgid", "getcap", "setcap", "share",
29c6d3aaa4SStephen Smalley 	    "getattr", "setexec", "setfscreate", "noatsecure", "siginh",
30c6d3aaa4SStephen Smalley 	    "setrlimit", "rlimitinh", "dyntransition", "setcurrent",
31c6d3aaa4SStephen Smalley 	    "execmem", "execstack", "execheap", "setkeycreate",
32c6d3aaa4SStephen Smalley 	    "setsockcreate", NULL } },
33c6d3aaa4SStephen Smalley 	{ "system",
34c6d3aaa4SStephen Smalley 	  { "ipc_info", "syslog_read", "syslog_mod",
3561d612eaSJeff Vander Stoep 	    "syslog_console", "module_request", "module_load", NULL } },
36c6d3aaa4SStephen Smalley 	{ "capability",
37c6d3aaa4SStephen Smalley 	  { "chown", "dac_override", "dac_read_search",
38c6d3aaa4SStephen Smalley 	    "fowner", "fsetid", "kill", "setgid", "setuid", "setpcap",
39c6d3aaa4SStephen Smalley 	    "linux_immutable", "net_bind_service", "net_broadcast",
40c6d3aaa4SStephen Smalley 	    "net_admin", "net_raw", "ipc_lock", "ipc_owner", "sys_module",
41c6d3aaa4SStephen Smalley 	    "sys_rawio", "sys_chroot", "sys_ptrace", "sys_pacct", "sys_admin",
42c6d3aaa4SStephen Smalley 	    "sys_boot", "sys_nice", "sys_resource", "sys_time",
43c6d3aaa4SStephen Smalley 	    "sys_tty_config", "mknod", "lease", "audit_write",
44c6d3aaa4SStephen Smalley 	    "audit_control", "setfcap", NULL } },
45c6d3aaa4SStephen Smalley 	{ "filesystem",
46c6d3aaa4SStephen Smalley 	  { "mount", "remount", "unmount", "getattr",
4742a9699aSStephen Smalley 	    "relabelfrom", "relabelto", "associate", "quotamod",
48c6d3aaa4SStephen Smalley 	    "quotaget", NULL } },
49c6d3aaa4SStephen Smalley 	{ "file",
50c6d3aaa4SStephen Smalley 	  { COMMON_FILE_PERMS,
51b424485aSEric Paris 	    "execute_no_trans", "entrypoint", NULL } },
52c6d3aaa4SStephen Smalley 	{ "dir",
53c6d3aaa4SStephen Smalley 	  { COMMON_FILE_PERMS, "add_name", "remove_name",
5449b7b8deSEric Paris 	    "reparent", "search", "rmdir", NULL } },
55c6d3aaa4SStephen Smalley 	{ "fd", { "use", NULL } },
56c6d3aaa4SStephen Smalley 	{ "lnk_file",
57c6d3aaa4SStephen Smalley 	  { COMMON_FILE_PERMS, NULL } },
58c6d3aaa4SStephen Smalley 	{ "chr_file",
59b424485aSEric Paris 	  { COMMON_FILE_PERMS, NULL } },
60c6d3aaa4SStephen Smalley 	{ "blk_file",
6149b7b8deSEric Paris 	  { COMMON_FILE_PERMS, NULL } },
62c6d3aaa4SStephen Smalley 	{ "sock_file",
6349b7b8deSEric Paris 	  { COMMON_FILE_PERMS, NULL } },
64c6d3aaa4SStephen Smalley 	{ "fifo_file",
6549b7b8deSEric Paris 	  { COMMON_FILE_PERMS, NULL } },
66c6d3aaa4SStephen Smalley 	{ "socket",
67c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
68c6d3aaa4SStephen Smalley 	{ "tcp_socket",
69c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS,
7042a9699aSStephen Smalley 	    "node_bind", "name_connect",
71c6d3aaa4SStephen Smalley 	    NULL } },
72c6d3aaa4SStephen Smalley 	{ "udp_socket",
73c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS,
74c6d3aaa4SStephen Smalley 	    "node_bind", NULL } },
75c6d3aaa4SStephen Smalley 	{ "rawip_socket",
76c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS,
77c6d3aaa4SStephen Smalley 	    "node_bind", NULL } },
78c6d3aaa4SStephen Smalley 	{ "node",
7942a9699aSStephen Smalley 	  { "recvfrom", "sendto", NULL } },
80c6d3aaa4SStephen Smalley 	{ "netif",
8142a9699aSStephen Smalley 	  { "ingress", "egress", NULL } },
82c6d3aaa4SStephen Smalley 	{ "netlink_socket",
83c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
84c6d3aaa4SStephen Smalley 	{ "packet_socket",
85c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
86c6d3aaa4SStephen Smalley 	{ "key_socket",
87c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
88c6d3aaa4SStephen Smalley 	{ "unix_stream_socket",
8942a9699aSStephen Smalley 	  { COMMON_SOCK_PERMS, "connectto", NULL } },
90c6d3aaa4SStephen Smalley 	{ "unix_dgram_socket",
9142a9699aSStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
92c6d3aaa4SStephen Smalley 	{ "sem",
93c6d3aaa4SStephen Smalley 	  { COMMON_IPC_PERMS, NULL } },
94c6d3aaa4SStephen Smalley 	{ "msg", { "send", "receive", NULL } },
95c6d3aaa4SStephen Smalley 	{ "msgq",
96c6d3aaa4SStephen Smalley 	  { COMMON_IPC_PERMS, "enqueue", NULL } },
97c6d3aaa4SStephen Smalley 	{ "shm",
98c6d3aaa4SStephen Smalley 	  { COMMON_IPC_PERMS, "lock", NULL } },
99c6d3aaa4SStephen Smalley 	{ "ipc",
100c6d3aaa4SStephen Smalley 	  { COMMON_IPC_PERMS, NULL } },
101c6d3aaa4SStephen Smalley 	{ "netlink_route_socket",
102c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS,
103c6d3aaa4SStephen Smalley 	    "nlmsg_read", "nlmsg_write", NULL } },
104c6d3aaa4SStephen Smalley 	{ "netlink_tcpdiag_socket",
105c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS,
106c6d3aaa4SStephen Smalley 	    "nlmsg_read", "nlmsg_write", NULL } },
107c6d3aaa4SStephen Smalley 	{ "netlink_nflog_socket",
108c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
109c6d3aaa4SStephen Smalley 	{ "netlink_xfrm_socket",
110c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS,
111c6d3aaa4SStephen Smalley 	    "nlmsg_read", "nlmsg_write", NULL } },
112c6d3aaa4SStephen Smalley 	{ "netlink_selinux_socket",
113c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
1146c6d2e9bSStephen Smalley 	{ "netlink_iscsi_socket",
1156c6d2e9bSStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
116c6d3aaa4SStephen Smalley 	{ "netlink_audit_socket",
117c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS,
118c6d3aaa4SStephen Smalley 	    "nlmsg_read", "nlmsg_write", "nlmsg_relay", "nlmsg_readpriv",
119c6d3aaa4SStephen Smalley 	    "nlmsg_tty_audit", NULL } },
1206c6d2e9bSStephen Smalley 	{ "netlink_fib_lookup_socket",
1216c6d2e9bSStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
1226c6d2e9bSStephen Smalley 	{ "netlink_connector_socket",
1236c6d2e9bSStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
1246c6d2e9bSStephen Smalley 	{ "netlink_netfilter_socket",
1256c6d2e9bSStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
126c6d3aaa4SStephen Smalley 	{ "netlink_dnrt_socket",
127c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
128c6d3aaa4SStephen Smalley 	{ "association",
129c6d3aaa4SStephen Smalley 	  { "sendto", "recvfrom", "setcontext", "polmatch", NULL } },
130c6d3aaa4SStephen Smalley 	{ "netlink_kobject_uevent_socket",
131c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
1326c6d2e9bSStephen Smalley 	{ "netlink_generic_socket",
1336c6d2e9bSStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
1346c6d2e9bSStephen Smalley 	{ "netlink_scsitransport_socket",
1356c6d2e9bSStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
1366c6d2e9bSStephen Smalley 	{ "netlink_rdma_socket",
1376c6d2e9bSStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
1386c6d2e9bSStephen Smalley 	{ "netlink_crypto_socket",
1396c6d2e9bSStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
140c6d3aaa4SStephen Smalley 	{ "appletalk_socket",
141c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS, NULL } },
142c6d3aaa4SStephen Smalley 	{ "packet",
14347ac19eaSEric Paris 	  { "send", "recv", "relabelto", "forward_in", "forward_out", NULL } },
144c6d3aaa4SStephen Smalley 	{ "key",
145c6d3aaa4SStephen Smalley 	  { "view", "read", "write", "search", "link", "setattr", "create",
146c6d3aaa4SStephen Smalley 	    NULL } },
147c6d3aaa4SStephen Smalley 	{ "dccp_socket",
148c6d3aaa4SStephen Smalley 	  { COMMON_SOCK_PERMS,
149c6d3aaa4SStephen Smalley 	    "node_bind", "name_connect", NULL } },
150c6d3aaa4SStephen Smalley 	{ "memprotect", { "mmap_zero", NULL } },
151c6d3aaa4SStephen Smalley 	{ "peer", { "recv", NULL } },
15264919e60SEric Paris 	{ "capability2",
153e2f3b785SLinus Torvalds 	  { "mac_override", "mac_admin", "syslog", "wake_alarm", "block_suspend",
1543a101b8dSRichard Guy Briggs 	    "audit_read", NULL } },
155c6d3aaa4SStephen Smalley 	{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
156c6d3aaa4SStephen Smalley 	{ "tun_socket",
1576f96c142SPaul Moore 	  { COMMON_SOCK_PERMS, "attach_queue", NULL } },
15879af7307SStephen Smalley 	{ "binder", { "impersonate", "call", "set_context_mgr", "transfer",
15979af7307SStephen Smalley 		      NULL } },
160c6d3aaa4SStephen Smalley 	{ NULL }
161c6d3aaa4SStephen Smalley   };
162