PK���������vFZ�A�������������av_permissions.hnu���[������������#warning "Please remove any #include of this header in your source code."
#warning "Instead, use string_to_av_perm() to map the permission name to a value."
/* This file is automatically generated. Do not edit. */
#define COMMON_FILE__IOCTL 0x00000001UL
#define COMMON_FILE__READ 0x00000002UL
#define COMMON_FILE__WRITE 0x00000004UL
#define COMMON_FILE__CREATE 0x00000008UL
#define COMMON_FILE__GETATTR 0x00000010UL
#define COMMON_FILE__SETATTR 0x00000020UL
#define COMMON_FILE__LOCK 0x00000040UL
#define COMMON_FILE__RELABELFROM 0x00000080UL
#define COMMON_FILE__RELABELTO 0x00000100UL
#define COMMON_FILE__APPEND 0x00000200UL
#define COMMON_FILE__UNLINK 0x00000400UL
#define COMMON_FILE__LINK 0x00000800UL
#define COMMON_FILE__RENAME 0x00001000UL
#define COMMON_FILE__EXECUTE 0x00002000UL
#define COMMON_FILE__SWAPON 0x00004000UL
#define COMMON_FILE__QUOTAON 0x00008000UL
#define COMMON_FILE__MOUNTON 0x00010000UL
#define COMMON_SOCKET__IOCTL 0x00000001UL
#define COMMON_SOCKET__READ 0x00000002UL
#define COMMON_SOCKET__WRITE 0x00000004UL
#define COMMON_SOCKET__CREATE 0x00000008UL
#define COMMON_SOCKET__GETATTR 0x00000010UL
#define COMMON_SOCKET__SETATTR 0x00000020UL
#define COMMON_SOCKET__LOCK 0x00000040UL
#define COMMON_SOCKET__RELABELFROM 0x00000080UL
#define COMMON_SOCKET__RELABELTO 0x00000100UL
#define COMMON_SOCKET__APPEND 0x00000200UL
#define COMMON_SOCKET__BIND 0x00000400UL
#define COMMON_SOCKET__CONNECT 0x00000800UL
#define COMMON_SOCKET__LISTEN 0x00001000UL
#define COMMON_SOCKET__ACCEPT 0x00002000UL
#define COMMON_SOCKET__GETOPT 0x00004000UL
#define COMMON_SOCKET__SETOPT 0x00008000UL
#define COMMON_SOCKET__SHUTDOWN 0x00010000UL
#define COMMON_SOCKET__RECVFROM 0x00020000UL
#define COMMON_SOCKET__SENDTO 0x00040000UL
#define COMMON_SOCKET__RECV_MSG 0x00080000UL
#define COMMON_SOCKET__SEND_MSG 0x00100000UL
#define COMMON_SOCKET__NAME_BIND 0x00200000UL
#define COMMON_IPC__CREATE 0x00000001UL
#define COMMON_IPC__DESTROY 0x00000002UL
#define COMMON_IPC__GETATTR 0x00000004UL
#define COMMON_IPC__SETATTR 0x00000008UL
#define COMMON_IPC__READ 0x00000010UL
#define COMMON_IPC__WRITE 0x00000020UL
#define COMMON_IPC__ASSOCIATE 0x00000040UL
#define COMMON_IPC__UNIX_READ 0x00000080UL
#define COMMON_IPC__UNIX_WRITE 0x00000100UL
#define COMMON_DATABASE__CREATE 0x00000001UL
#define COMMON_DATABASE__DROP 0x00000002UL
#define COMMON_DATABASE__GETATTR 0x00000004UL
#define COMMON_DATABASE__SETATTR 0x00000008UL
#define COMMON_DATABASE__RELABELFROM 0x00000010UL
#define COMMON_DATABASE__RELABELTO 0x00000020UL
#define FILESYSTEM__MOUNT 0x00000001UL
#define FILESYSTEM__REMOUNT 0x00000002UL
#define FILESYSTEM__UNMOUNT 0x00000004UL
#define FILESYSTEM__GETATTR 0x00000008UL
#define FILESYSTEM__RELABELFROM 0x00000010UL
#define FILESYSTEM__RELABELTO 0x00000020UL
#define FILESYSTEM__TRANSITION 0x00000040UL
#define FILESYSTEM__ASSOCIATE 0x00000080UL
#define FILESYSTEM__QUOTAMOD 0x00000100UL
#define FILESYSTEM__QUOTAGET 0x00000200UL
#define DIR__IOCTL 0x00000001UL
#define DIR__READ 0x00000002UL
#define DIR__WRITE 0x00000004UL
#define DIR__CREATE 0x00000008UL
#define DIR__GETATTR 0x00000010UL
#define DIR__SETATTR 0x00000020UL
#define DIR__LOCK 0x00000040UL
#define DIR__RELABELFROM 0x00000080UL
#define DIR__RELABELTO 0x00000100UL
#define DIR__APPEND 0x00000200UL
#define DIR__UNLINK 0x00000400UL
#define DIR__LINK 0x00000800UL
#define DIR__RENAME 0x00001000UL
#define DIR__EXECUTE 0x00002000UL
#define DIR__SWAPON 0x00004000UL
#define DIR__QUOTAON 0x00008000UL
#define DIR__MOUNTON 0x00010000UL
#define DIR__ADD_NAME 0x00020000UL
#define DIR__REMOVE_NAME 0x00040000UL
#define DIR__REPARENT 0x00080000UL
#define DIR__SEARCH 0x00100000UL
#define DIR__RMDIR 0x00200000UL
#define DIR__OPEN 0x00400000UL
#define FILE__IOCTL 0x00000001UL
#define FILE__READ 0x00000002UL
#define FILE__WRITE 0x00000004UL
#define FILE__CREATE 0x00000008UL
#define FILE__GETATTR 0x00000010UL
#define FILE__SETATTR 0x00000020UL
#define FILE__LOCK 0x00000040UL
#define FILE__RELABELFROM 0x00000080UL
#define FILE__RELABELTO 0x00000100UL
#define FILE__APPEND 0x00000200UL
#define FILE__UNLINK 0x00000400UL
#define FILE__LINK 0x00000800UL
#define FILE__RENAME 0x00001000UL
#define FILE__EXECUTE 0x00002000UL
#define FILE__SWAPON 0x00004000UL
#define FILE__QUOTAON 0x00008000UL
#define FILE__MOUNTON 0x00010000UL
#define FILE__EXECUTE_NO_TRANS 0x00020000UL
#define FILE__ENTRYPOINT 0x00040000UL
#define FILE__EXECMOD 0x00080000UL
#define FILE__OPEN 0x00100000UL
#define LNK_FILE__IOCTL 0x00000001UL
#define LNK_FILE__READ 0x00000002UL
#define LNK_FILE__WRITE 0x00000004UL
#define LNK_FILE__CREATE 0x00000008UL
#define LNK_FILE__GETATTR 0x00000010UL
#define LNK_FILE__SETATTR 0x00000020UL
#define LNK_FILE__LOCK 0x00000040UL
#define LNK_FILE__RELABELFROM 0x00000080UL
#define LNK_FILE__RELABELTO 0x00000100UL
#define LNK_FILE__APPEND 0x00000200UL
#define LNK_FILE__UNLINK 0x00000400UL
#define LNK_FILE__LINK 0x00000800UL
#define LNK_FILE__RENAME 0x00001000UL
#define LNK_FILE__EXECUTE 0x00002000UL
#define LNK_FILE__SWAPON 0x00004000UL
#define LNK_FILE__QUOTAON 0x00008000UL
#define LNK_FILE__MOUNTON 0x00010000UL
#define CHR_FILE__IOCTL 0x00000001UL
#define CHR_FILE__READ 0x00000002UL
#define CHR_FILE__WRITE 0x00000004UL
#define CHR_FILE__CREATE 0x00000008UL
#define CHR_FILE__GETATTR 0x00000010UL
#define CHR_FILE__SETATTR 0x00000020UL
#define CHR_FILE__LOCK 0x00000040UL
#define CHR_FILE__RELABELFROM 0x00000080UL
#define CHR_FILE__RELABELTO 0x00000100UL
#define CHR_FILE__APPEND 0x00000200UL
#define CHR_FILE__UNLINK 0x00000400UL
#define CHR_FILE__LINK 0x00000800UL
#define CHR_FILE__RENAME 0x00001000UL
#define CHR_FILE__EXECUTE 0x00002000UL
#define CHR_FILE__SWAPON 0x00004000UL
#define CHR_FILE__QUOTAON 0x00008000UL
#define CHR_FILE__MOUNTON 0x00010000UL
#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
#define CHR_FILE__ENTRYPOINT 0x00040000UL
#define CHR_FILE__EXECMOD 0x00080000UL
#define CHR_FILE__OPEN 0x00100000UL
#define BLK_FILE__IOCTL 0x00000001UL
#define BLK_FILE__READ 0x00000002UL
#define BLK_FILE__WRITE 0x00000004UL
#define BLK_FILE__CREATE 0x00000008UL
#define BLK_FILE__GETATTR 0x00000010UL
#define BLK_FILE__SETATTR 0x00000020UL
#define BLK_FILE__LOCK 0x00000040UL
#define BLK_FILE__RELABELFROM 0x00000080UL
#define BLK_FILE__RELABELTO 0x00000100UL
#define BLK_FILE__APPEND 0x00000200UL
#define BLK_FILE__UNLINK 0x00000400UL
#define BLK_FILE__LINK 0x00000800UL
#define BLK_FILE__RENAME 0x00001000UL
#define BLK_FILE__EXECUTE 0x00002000UL
#define BLK_FILE__SWAPON 0x00004000UL
#define BLK_FILE__QUOTAON 0x00008000UL
#define BLK_FILE__MOUNTON 0x00010000UL
#define BLK_FILE__OPEN 0x00020000UL
#define SOCK_FILE__IOCTL 0x00000001UL
#define SOCK_FILE__READ 0x00000002UL
#define SOCK_FILE__WRITE 0x00000004UL
#define SOCK_FILE__CREATE 0x00000008UL
#define SOCK_FILE__GETATTR 0x00000010UL
#define SOCK_FILE__SETATTR 0x00000020UL
#define SOCK_FILE__LOCK 0x00000040UL
#define SOCK_FILE__RELABELFROM 0x00000080UL
#define SOCK_FILE__RELABELTO 0x00000100UL
#define SOCK_FILE__APPEND 0x00000200UL
#define SOCK_FILE__UNLINK 0x00000400UL
#define SOCK_FILE__LINK 0x00000800UL
#define SOCK_FILE__RENAME 0x00001000UL
#define SOCK_FILE__EXECUTE 0x00002000UL
#define SOCK_FILE__SWAPON 0x00004000UL
#define SOCK_FILE__QUOTAON 0x00008000UL
#define SOCK_FILE__MOUNTON 0x00010000UL
#define FIFO_FILE__IOCTL 0x00000001UL
#define FIFO_FILE__READ 0x00000002UL
#define FIFO_FILE__WRITE 0x00000004UL
#define FIFO_FILE__CREATE 0x00000008UL
#define FIFO_FILE__GETATTR 0x00000010UL
#define FIFO_FILE__SETATTR 0x00000020UL
#define FIFO_FILE__LOCK 0x00000040UL
#define FIFO_FILE__RELABELFROM 0x00000080UL
#define FIFO_FILE__RELABELTO 0x00000100UL
#define FIFO_FILE__APPEND 0x00000200UL
#define FIFO_FILE__UNLINK 0x00000400UL
#define FIFO_FILE__LINK 0x00000800UL
#define FIFO_FILE__RENAME 0x00001000UL
#define FIFO_FILE__EXECUTE 0x00002000UL
#define FIFO_FILE__SWAPON 0x00004000UL
#define FIFO_FILE__QUOTAON 0x00008000UL
#define FIFO_FILE__MOUNTON 0x00010000UL
#define FIFO_FILE__OPEN 0x00020000UL
#define FD__USE 0x00000001UL
#define SOCKET__IOCTL 0x00000001UL
#define SOCKET__READ 0x00000002UL
#define SOCKET__WRITE 0x00000004UL
#define SOCKET__CREATE 0x00000008UL
#define SOCKET__GETATTR 0x00000010UL
#define SOCKET__SETATTR 0x00000020UL
#define SOCKET__LOCK 0x00000040UL
#define SOCKET__RELABELFROM 0x00000080UL
#define SOCKET__RELABELTO 0x00000100UL
#define SOCKET__APPEND 0x00000200UL
#define SOCKET__BIND 0x00000400UL
#define SOCKET__CONNECT 0x00000800UL
#define SOCKET__LISTEN 0x00001000UL
#define SOCKET__ACCEPT 0x00002000UL
#define SOCKET__GETOPT 0x00004000UL
#define SOCKET__SETOPT 0x00008000UL
#define SOCKET__SHUTDOWN 0x00010000UL
#define SOCKET__RECVFROM 0x00020000UL
#define SOCKET__SENDTO 0x00040000UL
#define SOCKET__RECV_MSG 0x00080000UL
#define SOCKET__SEND_MSG 0x00100000UL
#define SOCKET__NAME_BIND 0x00200000UL
#define TCP_SOCKET__IOCTL 0x00000001UL
#define TCP_SOCKET__READ 0x00000002UL
#define TCP_SOCKET__WRITE 0x00000004UL
#define TCP_SOCKET__CREATE 0x00000008UL
#define TCP_SOCKET__GETATTR 0x00000010UL
#define TCP_SOCKET__SETATTR 0x00000020UL
#define TCP_SOCKET__LOCK 0x00000040UL
#define TCP_SOCKET__RELABELFROM 0x00000080UL
#define TCP_SOCKET__RELABELTO 0x00000100UL
#define TCP_SOCKET__APPEND 0x00000200UL
#define TCP_SOCKET__BIND 0x00000400UL
#define TCP_SOCKET__CONNECT 0x00000800UL
#define TCP_SOCKET__LISTEN 0x00001000UL
#define TCP_SOCKET__ACCEPT 0x00002000UL
#define TCP_SOCKET__GETOPT 0x00004000UL
#define TCP_SOCKET__SETOPT 0x00008000UL
#define TCP_SOCKET__SHUTDOWN 0x00010000UL
#define TCP_SOCKET__RECVFROM 0x00020000UL
#define TCP_SOCKET__SENDTO 0x00040000UL
#define TCP_SOCKET__RECV_MSG 0x00080000UL
#define TCP_SOCKET__SEND_MSG 0x00100000UL
#define TCP_SOCKET__NAME_BIND 0x00200000UL
#define TCP_SOCKET__CONNECTTO 0x00400000UL
#define TCP_SOCKET__NEWCONN 0x00800000UL
#define TCP_SOCKET__ACCEPTFROM 0x01000000UL
#define TCP_SOCKET__NODE_BIND 0x02000000UL
#define TCP_SOCKET__NAME_CONNECT 0x04000000UL
#define UDP_SOCKET__IOCTL 0x00000001UL
#define UDP_SOCKET__READ 0x00000002UL
#define UDP_SOCKET__WRITE 0x00000004UL
#define UDP_SOCKET__CREATE 0x00000008UL
#define UDP_SOCKET__GETATTR 0x00000010UL
#define UDP_SOCKET__SETATTR 0x00000020UL
#define UDP_SOCKET__LOCK 0x00000040UL
#define UDP_SOCKET__RELABELFROM 0x00000080UL
#define UDP_SOCKET__RELABELTO 0x00000100UL
#define UDP_SOCKET__APPEND 0x00000200UL
#define UDP_SOCKET__BIND 0x00000400UL
#define UDP_SOCKET__CONNECT 0x00000800UL
#define UDP_SOCKET__LISTEN 0x00001000UL
#define UDP_SOCKET__ACCEPT 0x00002000UL
#define UDP_SOCKET__GETOPT 0x00004000UL
#define UDP_SOCKET__SETOPT 0x00008000UL
#define UDP_SOCKET__SHUTDOWN 0x00010000UL
#define UDP_SOCKET__RECVFROM 0x00020000UL
#define UDP_SOCKET__SENDTO 0x00040000UL
#define UDP_SOCKET__RECV_MSG 0x00080000UL
#define UDP_SOCKET__SEND_MSG 0x00100000UL
#define UDP_SOCKET__NAME_BIND 0x00200000UL
#define UDP_SOCKET__NODE_BIND 0x00400000UL
#define RAWIP_SOCKET__IOCTL 0x00000001UL
#define RAWIP_SOCKET__READ 0x00000002UL
#define RAWIP_SOCKET__WRITE 0x00000004UL
#define RAWIP_SOCKET__CREATE 0x00000008UL
#define RAWIP_SOCKET__GETATTR 0x00000010UL
#define RAWIP_SOCKET__SETATTR 0x00000020UL
#define RAWIP_SOCKET__LOCK 0x00000040UL
#define RAWIP_SOCKET__RELABELFROM 0x00000080UL
#define RAWIP_SOCKET__RELABELTO 0x00000100UL
#define RAWIP_SOCKET__APPEND 0x00000200UL
#define RAWIP_SOCKET__BIND 0x00000400UL
#define RAWIP_SOCKET__CONNECT 0x00000800UL
#define RAWIP_SOCKET__LISTEN 0x00001000UL
#define RAWIP_SOCKET__ACCEPT 0x00002000UL
#define RAWIP_SOCKET__GETOPT 0x00004000UL
#define RAWIP_SOCKET__SETOPT 0x00008000UL
#define RAWIP_SOCKET__SHUTDOWN 0x00010000UL
#define RAWIP_SOCKET__RECVFROM 0x00020000UL
#define RAWIP_SOCKET__SENDTO 0x00040000UL
#define RAWIP_SOCKET__RECV_MSG 0x00080000UL
#define RAWIP_SOCKET__SEND_MSG 0x00100000UL
#define RAWIP_SOCKET__NAME_BIND 0x00200000UL
#define RAWIP_SOCKET__NODE_BIND 0x00400000UL
#define NODE__TCP_RECV 0x00000001UL
#define NODE__TCP_SEND 0x00000002UL
#define NODE__UDP_RECV 0x00000004UL
#define NODE__UDP_SEND 0x00000008UL
#define NODE__RAWIP_RECV 0x00000010UL
#define NODE__RAWIP_SEND 0x00000020UL
#define NODE__ENFORCE_DEST 0x00000040UL
#define NODE__DCCP_RECV 0x00000080UL
#define NODE__DCCP_SEND 0x00000100UL
#define NODE__RECVFROM 0x00000200UL
#define NODE__SENDTO 0x00000400UL
#define NETIF__TCP_RECV 0x00000001UL
#define NETIF__TCP_SEND 0x00000002UL
#define NETIF__UDP_RECV 0x00000004UL
#define NETIF__UDP_SEND 0x00000008UL
#define NETIF__RAWIP_RECV 0x00000010UL
#define NETIF__RAWIP_SEND 0x00000020UL
#define NETIF__DCCP_RECV 0x00000040UL
#define NETIF__DCCP_SEND 0x00000080UL
#define NETIF__INGRESS 0x00000100UL
#define NETIF__EGRESS 0x00000200UL
#define NETLINK_SOCKET__IOCTL 0x00000001UL
#define NETLINK_SOCKET__READ 0x00000002UL
#define NETLINK_SOCKET__WRITE 0x00000004UL
#define NETLINK_SOCKET__CREATE 0x00000008UL
#define NETLINK_SOCKET__GETATTR 0x00000010UL
#define NETLINK_SOCKET__SETATTR 0x00000020UL
#define NETLINK_SOCKET__LOCK 0x00000040UL
#define NETLINK_SOCKET__RELABELFROM 0x00000080UL
#define NETLINK_SOCKET__RELABELTO 0x00000100UL
#define NETLINK_SOCKET__APPEND 0x00000200UL
#define NETLINK_SOCKET__BIND 0x00000400UL
#define NETLINK_SOCKET__CONNECT 0x00000800UL
#define NETLINK_SOCKET__LISTEN 0x00001000UL
#define NETLINK_SOCKET__ACCEPT 0x00002000UL
#define NETLINK_SOCKET__GETOPT 0x00004000UL
#define NETLINK_SOCKET__SETOPT 0x00008000UL
#define NETLINK_SOCKET__SHUTDOWN 0x00010000UL
#define NETLINK_SOCKET__RECVFROM 0x00020000UL
#define NETLINK_SOCKET__SENDTO 0x00040000UL
#define NETLINK_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_SOCKET__NAME_BIND 0x00200000UL
#define PACKET_SOCKET__IOCTL 0x00000001UL
#define PACKET_SOCKET__READ 0x00000002UL
#define PACKET_SOCKET__WRITE 0x00000004UL
#define PACKET_SOCKET__CREATE 0x00000008UL
#define PACKET_SOCKET__GETATTR 0x00000010UL
#define PACKET_SOCKET__SETATTR 0x00000020UL
#define PACKET_SOCKET__LOCK 0x00000040UL
#define PACKET_SOCKET__RELABELFROM 0x00000080UL
#define PACKET_SOCKET__RELABELTO 0x00000100UL
#define PACKET_SOCKET__APPEND 0x00000200UL
#define PACKET_SOCKET__BIND 0x00000400UL
#define PACKET_SOCKET__CONNECT 0x00000800UL
#define PACKET_SOCKET__LISTEN 0x00001000UL
#define PACKET_SOCKET__ACCEPT 0x00002000UL
#define PACKET_SOCKET__GETOPT 0x00004000UL
#define PACKET_SOCKET__SETOPT 0x00008000UL
#define PACKET_SOCKET__SHUTDOWN 0x00010000UL
#define PACKET_SOCKET__RECVFROM 0x00020000UL
#define PACKET_SOCKET__SENDTO 0x00040000UL
#define PACKET_SOCKET__RECV_MSG 0x00080000UL
#define PACKET_SOCKET__SEND_MSG 0x00100000UL
#define PACKET_SOCKET__NAME_BIND 0x00200000UL
#define KEY_SOCKET__IOCTL 0x00000001UL
#define KEY_SOCKET__READ 0x00000002UL
#define KEY_SOCKET__WRITE 0x00000004UL
#define KEY_SOCKET__CREATE 0x00000008UL
#define KEY_SOCKET__GETATTR 0x00000010UL
#define KEY_SOCKET__SETATTR 0x00000020UL
#define KEY_SOCKET__LOCK 0x00000040UL
#define KEY_SOCKET__RELABELFROM 0x00000080UL
#define KEY_SOCKET__RELABELTO 0x00000100UL
#define KEY_SOCKET__APPEND 0x00000200UL
#define KEY_SOCKET__BIND 0x00000400UL
#define KEY_SOCKET__CONNECT 0x00000800UL
#define KEY_SOCKET__LISTEN 0x00001000UL
#define KEY_SOCKET__ACCEPT 0x00002000UL
#define KEY_SOCKET__GETOPT 0x00004000UL
#define KEY_SOCKET__SETOPT 0x00008000UL
#define KEY_SOCKET__SHUTDOWN 0x00010000UL
#define KEY_SOCKET__RECVFROM 0x00020000UL
#define KEY_SOCKET__SENDTO 0x00040000UL
#define KEY_SOCKET__RECV_MSG 0x00080000UL
#define KEY_SOCKET__SEND_MSG 0x00100000UL
#define KEY_SOCKET__NAME_BIND 0x00200000UL
#define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL
#define UNIX_STREAM_SOCKET__READ 0x00000002UL
#define UNIX_STREAM_SOCKET__WRITE 0x00000004UL
#define UNIX_STREAM_SOCKET__CREATE 0x00000008UL
#define UNIX_STREAM_SOCKET__GETATTR 0x00000010UL
#define UNIX_STREAM_SOCKET__SETATTR 0x00000020UL
#define UNIX_STREAM_SOCKET__LOCK 0x00000040UL
#define UNIX_STREAM_SOCKET__RELABELFROM 0x00000080UL
#define UNIX_STREAM_SOCKET__RELABELTO 0x00000100UL
#define UNIX_STREAM_SOCKET__APPEND 0x00000200UL
#define UNIX_STREAM_SOCKET__BIND 0x00000400UL
#define UNIX_STREAM_SOCKET__CONNECT 0x00000800UL
#define UNIX_STREAM_SOCKET__LISTEN 0x00001000UL
#define UNIX_STREAM_SOCKET__ACCEPT 0x00002000UL
#define UNIX_STREAM_SOCKET__GETOPT 0x00004000UL
#define UNIX_STREAM_SOCKET__SETOPT 0x00008000UL
#define UNIX_STREAM_SOCKET__SHUTDOWN 0x00010000UL
#define UNIX_STREAM_SOCKET__RECVFROM 0x00020000UL
#define UNIX_STREAM_SOCKET__SENDTO 0x00040000UL
#define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL
#define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL
#define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL
#define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL
#define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL
#define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL
#define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL
#define UNIX_DGRAM_SOCKET__READ 0x00000002UL
#define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL
#define UNIX_DGRAM_SOCKET__CREATE 0x00000008UL
#define UNIX_DGRAM_SOCKET__GETATTR 0x00000010UL
#define UNIX_DGRAM_SOCKET__SETATTR 0x00000020UL
#define UNIX_DGRAM_SOCKET__LOCK 0x00000040UL
#define UNIX_DGRAM_SOCKET__RELABELFROM 0x00000080UL
#define UNIX_DGRAM_SOCKET__RELABELTO 0x00000100UL
#define UNIX_DGRAM_SOCKET__APPEND 0x00000200UL
#define UNIX_DGRAM_SOCKET__BIND 0x00000400UL
#define UNIX_DGRAM_SOCKET__CONNECT 0x00000800UL
#define UNIX_DGRAM_SOCKET__LISTEN 0x00001000UL
#define UNIX_DGRAM_SOCKET__ACCEPT 0x00002000UL
#define UNIX_DGRAM_SOCKET__GETOPT 0x00004000UL
#define UNIX_DGRAM_SOCKET__SETOPT 0x00008000UL
#define UNIX_DGRAM_SOCKET__SHUTDOWN 0x00010000UL
#define UNIX_DGRAM_SOCKET__RECVFROM 0x00020000UL
#define UNIX_DGRAM_SOCKET__SENDTO 0x00040000UL
#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL
#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL
#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL
#define PROCESS__FORK 0x00000001UL
#define PROCESS__TRANSITION 0x00000002UL
#define PROCESS__SIGCHLD 0x00000004UL
#define PROCESS__SIGKILL 0x00000008UL
#define PROCESS__SIGSTOP 0x00000010UL
#define PROCESS__SIGNULL 0x00000020UL
#define PROCESS__SIGNAL 0x00000040UL
#define PROCESS__PTRACE 0x00000080UL
#define PROCESS__GETSCHED 0x00000100UL
#define PROCESS__SETSCHED 0x00000200UL
#define PROCESS__GETSESSION 0x00000400UL
#define PROCESS__GETPGID 0x00000800UL
#define PROCESS__SETPGID 0x00001000UL
#define PROCESS__GETCAP 0x00002000UL
#define PROCESS__SETCAP 0x00004000UL
#define PROCESS__SHARE 0x00008000UL
#define PROCESS__GETATTR 0x00010000UL
#define PROCESS__SETEXEC 0x00020000UL
#define PROCESS__SETFSCREATE 0x00040000UL
#define PROCESS__NOATSECURE 0x00080000UL
#define PROCESS__SIGINH 0x00100000UL
#define PROCESS__SETRLIMIT 0x00200000UL
#define PROCESS__RLIMITINH 0x00400000UL
#define PROCESS__DYNTRANSITION 0x00800000UL
#define PROCESS__SETCURRENT 0x01000000UL
#define PROCESS__EXECMEM 0x02000000UL
#define PROCESS__EXECSTACK 0x04000000UL
#define PROCESS__EXECHEAP 0x08000000UL
#define PROCESS__SETKEYCREATE 0x10000000UL
#define PROCESS__SETSOCKCREATE 0x20000000UL
#define IPC__CREATE 0x00000001UL
#define IPC__DESTROY 0x00000002UL
#define IPC__GETATTR 0x00000004UL
#define IPC__SETATTR 0x00000008UL
#define IPC__READ 0x00000010UL
#define IPC__WRITE 0x00000020UL
#define IPC__ASSOCIATE 0x00000040UL
#define IPC__UNIX_READ 0x00000080UL
#define IPC__UNIX_WRITE 0x00000100UL
#define SEM__CREATE 0x00000001UL
#define SEM__DESTROY 0x00000002UL
#define SEM__GETATTR 0x00000004UL
#define SEM__SETATTR 0x00000008UL
#define SEM__READ 0x00000010UL
#define SEM__WRITE 0x00000020UL
#define SEM__ASSOCIATE 0x00000040UL
#define SEM__UNIX_READ 0x00000080UL
#define SEM__UNIX_WRITE 0x00000100UL
#define MSGQ__CREATE 0x00000001UL
#define MSGQ__DESTROY 0x00000002UL
#define MSGQ__GETATTR 0x00000004UL
#define MSGQ__SETATTR 0x00000008UL
#define MSGQ__READ 0x00000010UL
#define MSGQ__WRITE 0x00000020UL
#define MSGQ__ASSOCIATE 0x00000040UL
#define MSGQ__UNIX_READ 0x00000080UL
#define MSGQ__UNIX_WRITE 0x00000100UL
#define MSGQ__ENQUEUE 0x00000200UL
#define MSG__SEND 0x00000001UL
#define MSG__RECEIVE 0x00000002UL
#define SHM__CREATE 0x00000001UL
#define SHM__DESTROY 0x00000002UL
#define SHM__GETATTR 0x00000004UL
#define SHM__SETATTR 0x00000008UL
#define SHM__READ 0x00000010UL
#define SHM__WRITE 0x00000020UL
#define SHM__ASSOCIATE 0x00000040UL
#define SHM__UNIX_READ 0x00000080UL
#define SHM__UNIX_WRITE 0x00000100UL
#define SHM__LOCK 0x00000200UL
#define SECURITY__COMPUTE_AV 0x00000001UL
#define SECURITY__COMPUTE_CREATE 0x00000002UL
#define SECURITY__COMPUTE_MEMBER 0x00000004UL
#define SECURITY__CHECK_CONTEXT 0x00000008UL
#define SECURITY__LOAD_POLICY 0x00000010UL
#define SECURITY__COMPUTE_RELABEL 0x00000020UL
#define SECURITY__COMPUTE_USER 0x00000040UL
#define SECURITY__SETENFORCE 0x00000080UL
#define SECURITY__SETBOOL 0x00000100UL
#define SECURITY__SETSECPARAM 0x00000200UL
#define SECURITY__SETCHECKREQPROT 0x00000400UL
#define SYSTEM__IPC_INFO 0x00000001UL
#define SYSTEM__SYSLOG_READ 0x00000002UL
#define SYSTEM__SYSLOG_MOD 0x00000004UL
#define SYSTEM__SYSLOG_CONSOLE 0x00000008UL
#define CAPABILITY__CHOWN 0x00000001UL
#define CAPABILITY__DAC_OVERRIDE 0x00000002UL
#define CAPABILITY__DAC_READ_SEARCH 0x00000004UL
#define CAPABILITY__FOWNER 0x00000008UL
#define CAPABILITY__FSETID 0x00000010UL
#define CAPABILITY__KILL 0x00000020UL
#define CAPABILITY__SETGID 0x00000040UL
#define CAPABILITY__SETUID 0x00000080UL
#define CAPABILITY__SETPCAP 0x00000100UL
#define CAPABILITY__LINUX_IMMUTABLE 0x00000200UL
#define CAPABILITY__NET_BIND_SERVICE 0x00000400UL
#define CAPABILITY__NET_BROADCAST 0x00000800UL
#define CAPABILITY__NET_ADMIN 0x00001000UL
#define CAPABILITY__NET_RAW 0x00002000UL
#define CAPABILITY__IPC_LOCK 0x00004000UL
#define CAPABILITY__IPC_OWNER 0x00008000UL
#define CAPABILITY__SYS_MODULE 0x00010000UL
#define CAPABILITY__SYS_RAWIO 0x00020000UL
#define CAPABILITY__SYS_CHROOT 0x00040000UL
#define CAPABILITY__SYS_PTRACE 0x00080000UL
#define CAPABILITY__SYS_PACCT 0x00100000UL
#define CAPABILITY__SYS_ADMIN 0x00200000UL
#define CAPABILITY__SYS_BOOT 0x00400000UL
#define CAPABILITY__SYS_NICE 0x00800000UL
#define CAPABILITY__SYS_RESOURCE 0x01000000UL
#define CAPABILITY__SYS_TIME 0x02000000UL
#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL
#define CAPABILITY__MKNOD 0x08000000UL
#define CAPABILITY__LEASE 0x10000000UL
#define CAPABILITY__AUDIT_WRITE 0x20000000UL
#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
#define CAPABILITY__SETFCAP 0x80000000UL
#define CAPABILITY2__MAC_OVERRIDE 0x00000001UL
#define CAPABILITY2__MAC_ADMIN 0x00000002UL
#define PASSWD__PASSWD 0x00000001UL
#define PASSWD__CHFN 0x00000002UL
#define PASSWD__CHSH 0x00000004UL
#define PASSWD__ROOTOK 0x00000008UL
#define PASSWD__CRONTAB 0x00000010UL
#define X_DRAWABLE__CREATE 0x00000001UL
#define X_DRAWABLE__DESTROY 0x00000002UL
#define X_DRAWABLE__READ 0x00000004UL
#define X_DRAWABLE__WRITE 0x00000008UL
#define X_DRAWABLE__BLEND 0x00000010UL
#define X_DRAWABLE__GETATTR 0x00000020UL
#define X_DRAWABLE__SETATTR 0x00000040UL
#define X_DRAWABLE__LIST_CHILD 0x00000080UL
#define X_DRAWABLE__ADD_CHILD 0x00000100UL
#define X_DRAWABLE__REMOVE_CHILD 0x00000200UL
#define X_DRAWABLE__LIST_PROPERTY 0x00000400UL
#define X_DRAWABLE__GET_PROPERTY 0x00000800UL
#define X_DRAWABLE__SET_PROPERTY 0x00001000UL
#define X_DRAWABLE__MANAGE 0x00002000UL
#define X_DRAWABLE__OVERRIDE 0x00004000UL
#define X_DRAWABLE__SHOW 0x00008000UL
#define X_DRAWABLE__HIDE 0x00010000UL
#define X_DRAWABLE__SEND 0x00020000UL
#define X_DRAWABLE__RECEIVE 0x00040000UL
#define X_SCREEN__GETATTR 0x00000001UL
#define X_SCREEN__SETATTR 0x00000002UL
#define X_SCREEN__HIDE_CURSOR 0x00000004UL
#define X_SCREEN__SHOW_CURSOR 0x00000008UL
#define X_SCREEN__SAVER_GETATTR 0x00000010UL
#define X_SCREEN__SAVER_SETATTR 0x00000020UL
#define X_SCREEN__SAVER_HIDE 0x00000040UL
#define X_SCREEN__SAVER_SHOW 0x00000080UL
#define X_GC__CREATE 0x00000001UL
#define X_GC__DESTROY 0x00000002UL
#define X_GC__GETATTR 0x00000004UL
#define X_GC__SETATTR 0x00000008UL
#define X_GC__USE 0x00000010UL
#define X_FONT__CREATE 0x00000001UL
#define X_FONT__DESTROY 0x00000002UL
#define X_FONT__GETATTR 0x00000004UL
#define X_FONT__ADD_GLYPH 0x00000008UL
#define X_FONT__REMOVE_GLYPH 0x00000010UL
#define X_FONT__USE 0x00000020UL
#define X_COLORMAP__CREATE 0x00000001UL
#define X_COLORMAP__DESTROY 0x00000002UL
#define X_COLORMAP__READ 0x00000004UL
#define X_COLORMAP__WRITE 0x00000008UL
#define X_COLORMAP__GETATTR 0x00000010UL
#define X_COLORMAP__ADD_COLOR 0x00000020UL
#define X_COLORMAP__REMOVE_COLOR 0x00000040UL
#define X_COLORMAP__INSTALL 0x00000080UL
#define X_COLORMAP__UNINSTALL 0x00000100UL
#define X_COLORMAP__USE 0x00000200UL
#define X_PROPERTY__CREATE 0x00000001UL
#define X_PROPERTY__DESTROY 0x00000002UL
#define X_PROPERTY__READ 0x00000004UL
#define X_PROPERTY__WRITE 0x00000008UL
#define X_PROPERTY__APPEND 0x00000010UL
#define X_PROPERTY__GETATTR 0x00000020UL
#define X_PROPERTY__SETATTR 0x00000040UL
#define X_SELECTION__READ 0x00000001UL
#define X_SELECTION__WRITE 0x00000002UL
#define X_SELECTION__GETATTR 0x00000004UL
#define X_SELECTION__SETATTR 0x00000008UL
#define X_CURSOR__CREATE 0x00000001UL
#define X_CURSOR__DESTROY 0x00000002UL
#define X_CURSOR__READ 0x00000004UL
#define X_CURSOR__WRITE 0x00000008UL
#define X_CURSOR__GETATTR 0x00000010UL
#define X_CURSOR__SETATTR 0x00000020UL
#define X_CURSOR__USE 0x00000040UL
#define X_CLIENT__DESTROY 0x00000001UL
#define X_CLIENT__GETATTR 0x00000002UL
#define X_CLIENT__SETATTR 0x00000004UL
#define X_CLIENT__MANAGE 0x00000008UL
#define X_DEVICE__GETATTR 0x00000001UL
#define X_DEVICE__SETATTR 0x00000002UL
#define X_DEVICE__USE 0x00000004UL
#define X_DEVICE__READ 0x00000008UL
#define X_DEVICE__WRITE 0x00000010UL
#define X_DEVICE__GETFOCUS 0x00000020UL
#define X_DEVICE__SETFOCUS 0x00000040UL
#define X_DEVICE__BELL 0x00000080UL
#define X_DEVICE__FORCE_CURSOR 0x00000100UL
#define X_DEVICE__FREEZE 0x00000200UL
#define X_DEVICE__GRAB 0x00000400UL
#define X_DEVICE__MANAGE 0x00000800UL
#define X_SERVER__GETATTR 0x00000001UL
#define X_SERVER__SETATTR 0x00000002UL
#define X_SERVER__RECORD 0x00000004UL
#define X_SERVER__DEBUG 0x00000008UL
#define X_SERVER__GRAB 0x00000010UL
#define X_SERVER__MANAGE 0x00000020UL
#define X_EXTENSION__QUERY 0x00000001UL
#define X_EXTENSION__USE 0x00000002UL
#define X_RESOURCE__READ 0x00000001UL
#define X_RESOURCE__WRITE 0x00000002UL
#define X_EVENT__SEND 0x00000001UL
#define X_EVENT__RECEIVE 0x00000002UL
#define X_SYNTHETIC_EVENT__SEND 0x00000001UL
#define X_SYNTHETIC_EVENT__RECEIVE 0x00000002UL
#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
#define NETLINK_ROUTE_SOCKET__CREATE 0x00000008UL
#define NETLINK_ROUTE_SOCKET__GETATTR 0x00000010UL
#define NETLINK_ROUTE_SOCKET__SETATTR 0x00000020UL
#define NETLINK_ROUTE_SOCKET__LOCK 0x00000040UL
#define NETLINK_ROUTE_SOCKET__RELABELFROM 0x00000080UL
#define NETLINK_ROUTE_SOCKET__RELABELTO 0x00000100UL
#define NETLINK_ROUTE_SOCKET__APPEND 0x00000200UL
#define NETLINK_ROUTE_SOCKET__BIND 0x00000400UL
#define NETLINK_ROUTE_SOCKET__CONNECT 0x00000800UL
#define NETLINK_ROUTE_SOCKET__LISTEN 0x00001000UL
#define NETLINK_ROUTE_SOCKET__ACCEPT 0x00002000UL
#define NETLINK_ROUTE_SOCKET__GETOPT 0x00004000UL
#define NETLINK_ROUTE_SOCKET__SETOPT 0x00008000UL
#define NETLINK_ROUTE_SOCKET__SHUTDOWN 0x00010000UL
#define NETLINK_ROUTE_SOCKET__RECVFROM 0x00020000UL
#define NETLINK_ROUTE_SOCKET__SENDTO 0x00040000UL
#define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL
#define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL
#define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL
#define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL
#define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL
#define NETLINK_FIREWALL_SOCKET__CREATE 0x00000008UL
#define NETLINK_FIREWALL_SOCKET__GETATTR 0x00000010UL
#define NETLINK_FIREWALL_SOCKET__SETATTR 0x00000020UL
#define NETLINK_FIREWALL_SOCKET__LOCK 0x00000040UL
#define NETLINK_FIREWALL_SOCKET__RELABELFROM 0x00000080UL
#define NETLINK_FIREWALL_SOCKET__RELABELTO 0x00000100UL
#define NETLINK_FIREWALL_SOCKET__APPEND 0x00000200UL
#define NETLINK_FIREWALL_SOCKET__BIND 0x00000400UL
#define NETLINK_FIREWALL_SOCKET__CONNECT 0x00000800UL
#define NETLINK_FIREWALL_SOCKET__LISTEN 0x00001000UL
#define NETLINK_FIREWALL_SOCKET__ACCEPT 0x00002000UL
#define NETLINK_FIREWALL_SOCKET__GETOPT 0x00004000UL
#define NETLINK_FIREWALL_SOCKET__SETOPT 0x00008000UL
#define NETLINK_FIREWALL_SOCKET__SHUTDOWN 0x00010000UL
#define NETLINK_FIREWALL_SOCKET__RECVFROM 0x00020000UL
#define NETLINK_FIREWALL_SOCKET__SENDTO 0x00040000UL
#define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL
#define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL
#define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL
#define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL
#define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL
#define NETLINK_TCPDIAG_SOCKET__CREATE 0x00000008UL
#define NETLINK_TCPDIAG_SOCKET__GETATTR 0x00000010UL
#define NETLINK_TCPDIAG_SOCKET__SETATTR 0x00000020UL
#define NETLINK_TCPDIAG_SOCKET__LOCK 0x00000040UL
#define NETLINK_TCPDIAG_SOCKET__RELABELFROM 0x00000080UL
#define NETLINK_TCPDIAG_SOCKET__RELABELTO 0x00000100UL
#define NETLINK_TCPDIAG_SOCKET__APPEND 0x00000200UL
#define NETLINK_TCPDIAG_SOCKET__BIND 0x00000400UL
#define NETLINK_TCPDIAG_SOCKET__CONNECT 0x00000800UL
#define NETLINK_TCPDIAG_SOCKET__LISTEN 0x00001000UL
#define NETLINK_TCPDIAG_SOCKET__ACCEPT 0x00002000UL
#define NETLINK_TCPDIAG_SOCKET__GETOPT 0x00004000UL
#define NETLINK_TCPDIAG_SOCKET__SETOPT 0x00008000UL
#define NETLINK_TCPDIAG_SOCKET__SHUTDOWN 0x00010000UL
#define NETLINK_TCPDIAG_SOCKET__RECVFROM 0x00020000UL
#define NETLINK_TCPDIAG_SOCKET__SENDTO 0x00040000UL
#define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL
#define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL
#define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL
#define NETLINK_NFLOG_SOCKET__READ 0x00000002UL
#define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL
#define NETLINK_NFLOG_SOCKET__CREATE 0x00000008UL
#define NETLINK_NFLOG_SOCKET__GETATTR 0x00000010UL
#define NETLINK_NFLOG_SOCKET__SETATTR 0x00000020UL
#define NETLINK_NFLOG_SOCKET__LOCK 0x00000040UL
#define NETLINK_NFLOG_SOCKET__RELABELFROM 0x00000080UL
#define NETLINK_NFLOG_SOCKET__RELABELTO 0x00000100UL
#define NETLINK_NFLOG_SOCKET__APPEND 0x00000200UL
#define NETLINK_NFLOG_SOCKET__BIND 0x00000400UL
#define NETLINK_NFLOG_SOCKET__CONNECT 0x00000800UL
#define NETLINK_NFLOG_SOCKET__LISTEN 0x00001000UL
#define NETLINK_NFLOG_SOCKET__ACCEPT 0x00002000UL
#define NETLINK_NFLOG_SOCKET__GETOPT 0x00004000UL
#define NETLINK_NFLOG_SOCKET__SETOPT 0x00008000UL
#define NETLINK_NFLOG_SOCKET__SHUTDOWN 0x00010000UL
#define NETLINK_NFLOG_SOCKET__RECVFROM 0x00020000UL
#define NETLINK_NFLOG_SOCKET__SENDTO 0x00040000UL
#define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL
#define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL
#define NETLINK_XFRM_SOCKET__READ 0x00000002UL
#define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL
#define NETLINK_XFRM_SOCKET__CREATE 0x00000008UL
#define NETLINK_XFRM_SOCKET__GETATTR 0x00000010UL
#define NETLINK_XFRM_SOCKET__SETATTR 0x00000020UL
#define NETLINK_XFRM_SOCKET__LOCK 0x00000040UL
#define NETLINK_XFRM_SOCKET__RELABELFROM 0x00000080UL
#define NETLINK_XFRM_SOCKET__RELABELTO 0x00000100UL
#define NETLINK_XFRM_SOCKET__APPEND 0x00000200UL
#define NETLINK_XFRM_SOCKET__BIND 0x00000400UL
#define NETLINK_XFRM_SOCKET__CONNECT 0x00000800UL
#define NETLINK_XFRM_SOCKET__LISTEN 0x00001000UL
#define NETLINK_XFRM_SOCKET__ACCEPT 0x00002000UL
#define NETLINK_XFRM_SOCKET__GETOPT 0x00004000UL
#define NETLINK_XFRM_SOCKET__SETOPT 0x00008000UL
#define NETLINK_XFRM_SOCKET__SHUTDOWN 0x00010000UL
#define NETLINK_XFRM_SOCKET__RECVFROM 0x00020000UL
#define NETLINK_XFRM_SOCKET__SENDTO 0x00040000UL
#define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL
#define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL
#define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL
#define NETLINK_SELINUX_SOCKET__READ 0x00000002UL
#define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL
#define NETLINK_SELINUX_SOCKET__CREATE 0x00000008UL
#define NETLINK_SELINUX_SOCKET__GETATTR 0x00000010UL
#define NETLINK_SELINUX_SOCKET__SETATTR 0x00000020UL
#define NETLINK_SELINUX_SOCKET__LOCK 0x00000040UL
#define NETLINK_SELINUX_SOCKET__RELABELFROM 0x00000080UL
#define NETLINK_SELINUX_SOCKET__RELABELTO 0x00000100UL
#define NETLINK_SELINUX_SOCKET__APPEND 0x00000200UL
#define NETLINK_SELINUX_SOCKET__BIND 0x00000400UL
#define NETLINK_SELINUX_SOCKET__CONNECT 0x00000800UL
#define NETLINK_SELINUX_SOCKET__LISTEN 0x00001000UL
#define NETLINK_SELINUX_SOCKET__ACCEPT 0x00002000UL
#define NETLINK_SELINUX_SOCKET__GETOPT 0x00004000UL
#define NETLINK_SELINUX_SOCKET__SETOPT 0x00008000UL
#define NETLINK_SELINUX_SOCKET__SHUTDOWN 0x00010000UL
#define NETLINK_SELINUX_SOCKET__RECVFROM 0x00020000UL
#define NETLINK_SELINUX_SOCKET__SENDTO 0x00040000UL
#define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL
#define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL
#define NETLINK_AUDIT_SOCKET__READ 0x00000002UL
#define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL
#define NETLINK_AUDIT_SOCKET__CREATE 0x00000008UL
#define NETLINK_AUDIT_SOCKET__GETATTR 0x00000010UL
#define NETLINK_AUDIT_SOCKET__SETATTR 0x00000020UL
#define NETLINK_AUDIT_SOCKET__LOCK 0x00000040UL
#define NETLINK_AUDIT_SOCKET__RELABELFROM 0x00000080UL
#define NETLINK_AUDIT_SOCKET__RELABELTO 0x00000100UL
#define NETLINK_AUDIT_SOCKET__APPEND 0x00000200UL
#define NETLINK_AUDIT_SOCKET__BIND 0x00000400UL
#define NETLINK_AUDIT_SOCKET__CONNECT 0x00000800UL
#define NETLINK_AUDIT_SOCKET__LISTEN 0x00001000UL
#define NETLINK_AUDIT_SOCKET__ACCEPT 0x00002000UL
#define NETLINK_AUDIT_SOCKET__GETOPT 0x00004000UL
#define NETLINK_AUDIT_SOCKET__SETOPT 0x00008000UL
#define NETLINK_AUDIT_SOCKET__SHUTDOWN 0x00010000UL
#define NETLINK_AUDIT_SOCKET__RECVFROM 0x00020000UL
#define NETLINK_AUDIT_SOCKET__SENDTO 0x00040000UL
#define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL
#define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL
#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL
#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL
#define NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT 0x04000000UL
#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL
#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL
#define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL
#define NETLINK_IP6FW_SOCKET__CREATE 0x00000008UL
#define NETLINK_IP6FW_SOCKET__GETATTR 0x00000010UL
#define NETLINK_IP6FW_SOCKET__SETATTR 0x00000020UL
#define NETLINK_IP6FW_SOCKET__LOCK 0x00000040UL
#define NETLINK_IP6FW_SOCKET__RELABELFROM 0x00000080UL
#define NETLINK_IP6FW_SOCKET__RELABELTO 0x00000100UL
#define NETLINK_IP6FW_SOCKET__APPEND 0x00000200UL
#define NETLINK_IP6FW_SOCKET__BIND 0x00000400UL
#define NETLINK_IP6FW_SOCKET__CONNECT 0x00000800UL
#define NETLINK_IP6FW_SOCKET__LISTEN 0x00001000UL
#define NETLINK_IP6FW_SOCKET__ACCEPT 0x00002000UL
#define NETLINK_IP6FW_SOCKET__GETOPT 0x00004000UL
#define NETLINK_IP6FW_SOCKET__SETOPT 0x00008000UL
#define NETLINK_IP6FW_SOCKET__SHUTDOWN 0x00010000UL
#define NETLINK_IP6FW_SOCKET__RECVFROM 0x00020000UL
#define NETLINK_IP6FW_SOCKET__SENDTO 0x00040000UL
#define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL
#define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL
#define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL
#define NETLINK_DNRT_SOCKET__READ 0x00000002UL
#define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL
#define NETLINK_DNRT_SOCKET__CREATE 0x00000008UL
#define NETLINK_DNRT_SOCKET__GETATTR 0x00000010UL
#define NETLINK_DNRT_SOCKET__SETATTR 0x00000020UL
#define NETLINK_DNRT_SOCKET__LOCK 0x00000040UL
#define NETLINK_DNRT_SOCKET__RELABELFROM 0x00000080UL
#define NETLINK_DNRT_SOCKET__RELABELTO 0x00000100UL
#define NETLINK_DNRT_SOCKET__APPEND 0x00000200UL
#define NETLINK_DNRT_SOCKET__BIND 0x00000400UL
#define NETLINK_DNRT_SOCKET__CONNECT 0x00000800UL
#define NETLINK_DNRT_SOCKET__LISTEN 0x00001000UL
#define NETLINK_DNRT_SOCKET__ACCEPT 0x00002000UL
#define NETLINK_DNRT_SOCKET__GETOPT 0x00004000UL
#define NETLINK_DNRT_SOCKET__SETOPT 0x00008000UL
#define NETLINK_DNRT_SOCKET__SHUTDOWN 0x00010000UL
#define NETLINK_DNRT_SOCKET__RECVFROM 0x00020000UL
#define NETLINK_DNRT_SOCKET__SENDTO 0x00040000UL
#define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL
#define DBUS__ACQUIRE_SVC 0x00000001UL
#define DBUS__SEND_MSG 0x00000002UL
#define NSCD__GETPWD 0x00000001UL
#define NSCD__GETGRP 0x00000002UL
#define NSCD__GETHOST 0x00000004UL
#define NSCD__GETSTAT 0x00000008UL
#define NSCD__ADMIN 0x00000010UL
#define NSCD__SHMEMPWD 0x00000020UL
#define NSCD__SHMEMGRP 0x00000040UL
#define NSCD__SHMEMHOST 0x00000080UL
#define NSCD__GETSERV 0x00000100UL
#define NSCD__SHMEMSERV 0x00000200UL
#define NSCD__GETNETGRP 0x00000400UL
#define NSCD__SHMEMNETGRP 0x00000800UL
#define ASSOCIATION__SENDTO 0x00000001UL
#define ASSOCIATION__RECVFROM 0x00000002UL
#define ASSOCIATION__SETCONTEXT 0x00000004UL
#define ASSOCIATION__POLMATCH 0x00000008UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE 0x00000008UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR 0x00000010UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR 0x00000020UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK 0x00000040UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO 0x00000100UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND 0x00000200UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND 0x00000400UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT 0x00000800UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN 0x00001000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT 0x00002000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT 0x00004000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT 0x00008000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN 0x00010000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM 0x00020000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO 0x00040000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
#define APPLETALK_SOCKET__IOCTL 0x00000001UL
#define APPLETALK_SOCKET__READ 0x00000002UL
#define APPLETALK_SOCKET__WRITE 0x00000004UL
#define APPLETALK_SOCKET__CREATE 0x00000008UL
#define APPLETALK_SOCKET__GETATTR 0x00000010UL
#define APPLETALK_SOCKET__SETATTR 0x00000020UL
#define APPLETALK_SOCKET__LOCK 0x00000040UL
#define APPLETALK_SOCKET__RELABELFROM 0x00000080UL
#define APPLETALK_SOCKET__RELABELTO 0x00000100UL
#define APPLETALK_SOCKET__APPEND 0x00000200UL
#define APPLETALK_SOCKET__BIND 0x00000400UL
#define APPLETALK_SOCKET__CONNECT 0x00000800UL
#define APPLETALK_SOCKET__LISTEN 0x00001000UL
#define APPLETALK_SOCKET__ACCEPT 0x00002000UL
#define APPLETALK_SOCKET__GETOPT 0x00004000UL
#define APPLETALK_SOCKET__SETOPT 0x00008000UL
#define APPLETALK_SOCKET__SHUTDOWN 0x00010000UL
#define APPLETALK_SOCKET__RECVFROM 0x00020000UL
#define APPLETALK_SOCKET__SENDTO 0x00040000UL
#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL
#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL
#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL
#define PACKET__SEND 0x00000001UL
#define PACKET__RECV 0x00000002UL
#define PACKET__RELABELTO 0x00000004UL
#define PACKET__FLOW_IN 0x00000008UL
#define PACKET__FLOW_OUT 0x00000010UL
#define PACKET__FORWARD_IN 0x00000020UL
#define PACKET__FORWARD_OUT 0x00000040UL
#define KEY__VIEW 0x00000001UL
#define KEY__READ 0x00000002UL
#define KEY__WRITE 0x00000004UL
#define KEY__SEARCH 0x00000008UL
#define KEY__LINK 0x00000010UL
#define KEY__SETATTR 0x00000020UL
#define KEY__CREATE 0x00000040UL
#define CONTEXT__TRANSLATE 0x00000001UL
#define CONTEXT__CONTAINS 0x00000002UL
#define DCCP_SOCKET__IOCTL 0x00000001UL
#define DCCP_SOCKET__READ 0x00000002UL
#define DCCP_SOCKET__WRITE 0x00000004UL
#define DCCP_SOCKET__CREATE 0x00000008UL
#define DCCP_SOCKET__GETATTR 0x00000010UL
#define DCCP_SOCKET__SETATTR 0x00000020UL
#define DCCP_SOCKET__LOCK 0x00000040UL
#define DCCP_SOCKET__RELABELFROM 0x00000080UL
#define DCCP_SOCKET__RELABELTO 0x00000100UL
#define DCCP_SOCKET__APPEND 0x00000200UL
#define DCCP_SOCKET__BIND 0x00000400UL
#define DCCP_SOCKET__CONNECT 0x00000800UL
#define DCCP_SOCKET__LISTEN 0x00001000UL
#define DCCP_SOCKET__ACCEPT 0x00002000UL
#define DCCP_SOCKET__GETOPT 0x00004000UL
#define DCCP_SOCKET__SETOPT 0x00008000UL
#define DCCP_SOCKET__SHUTDOWN 0x00010000UL
#define DCCP_SOCKET__RECVFROM 0x00020000UL
#define DCCP_SOCKET__SENDTO 0x00040000UL
#define DCCP_SOCKET__RECV_MSG 0x00080000UL
#define DCCP_SOCKET__SEND_MSG 0x00100000UL
#define DCCP_SOCKET__NAME_BIND 0x00200000UL
#define DCCP_SOCKET__NODE_BIND 0x00400000UL
#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
#define MEMPROTECT__MMAP_ZERO 0x00000001UL
#define DB_DATABASE__CREATE 0x00000001UL
#define DB_DATABASE__DROP 0x00000002UL
#define DB_DATABASE__GETATTR 0x00000004UL
#define DB_DATABASE__SETATTR 0x00000008UL
#define DB_DATABASE__RELABELFROM 0x00000010UL
#define DB_DATABASE__RELABELTO 0x00000020UL
#define DB_DATABASE__ACCESS 0x00000040UL
#define DB_DATABASE__INSTALL_MODULE 0x00000080UL
#define DB_DATABASE__LOAD_MODULE 0x00000100UL
#define DB_DATABASE__GET_PARAM 0x00000200UL
#define DB_DATABASE__SET_PARAM 0x00000400UL
#define DB_TABLE__CREATE 0x00000001UL
#define DB_TABLE__DROP 0x00000002UL
#define DB_TABLE__GETATTR 0x00000004UL
#define DB_TABLE__SETATTR 0x00000008UL
#define DB_TABLE__RELABELFROM 0x00000010UL
#define DB_TABLE__RELABELTO 0x00000020UL
#define DB_TABLE__USE 0x00000040UL
#define DB_TABLE__SELECT 0x00000080UL
#define DB_TABLE__UPDATE 0x00000100UL
#define DB_TABLE__INSERT 0x00000200UL
#define DB_TABLE__DELETE 0x00000400UL
#define DB_TABLE__LOCK 0x00000800UL
#define DB_PROCEDURE__CREATE 0x00000001UL
#define DB_PROCEDURE__DROP 0x00000002UL
#define DB_PROCEDURE__GETATTR 0x00000004UL
#define DB_PROCEDURE__SETATTR 0x00000008UL
#define DB_PROCEDURE__RELABELFROM 0x00000010UL
#define DB_PROCEDURE__RELABELTO 0x00000020UL
#define DB_PROCEDURE__EXECUTE 0x00000040UL
#define DB_PROCEDURE__ENTRYPOINT 0x00000080UL
#define DB_COLUMN__CREATE 0x00000001UL
#define DB_COLUMN__DROP 0x00000002UL
#define DB_COLUMN__GETATTR 0x00000004UL
#define DB_COLUMN__SETATTR 0x00000008UL
#define DB_COLUMN__RELABELFROM 0x00000010UL
#define DB_COLUMN__RELABELTO 0x00000020UL
#define DB_COLUMN__USE 0x00000040UL
#define DB_COLUMN__SELECT 0x00000080UL
#define DB_COLUMN__UPDATE 0x00000100UL
#define DB_COLUMN__INSERT 0x00000200UL
#define DB_TUPLE__RELABELFROM 0x00000001UL
#define DB_TUPLE__RELABELTO 0x00000002UL
#define DB_TUPLE__USE 0x00000004UL
#define DB_TUPLE__SELECT 0x00000008UL
#define DB_TUPLE__UPDATE 0x00000010UL
#define DB_TUPLE__INSERT 0x00000020UL
#define DB_TUPLE__DELETE 0x00000040UL
#define DB_BLOB__CREATE 0x00000001UL
#define DB_BLOB__DROP 0x00000002UL
#define DB_BLOB__GETATTR 0x00000004UL
#define DB_BLOB__SETATTR 0x00000008UL
#define DB_BLOB__RELABELFROM 0x00000010UL
#define DB_BLOB__RELABELTO 0x00000020UL
#define DB_BLOB__READ 0x00000040UL
#define DB_BLOB__WRITE 0x00000080UL
#define DB_BLOB__IMPORT 0x00000100UL
#define DB_BLOB__EXPORT 0x00000200UL
#define PEER__RECV 0x00000001UL
#define X_APPLICATION_DATA__PASTE 0x00000001UL
#define X_APPLICATION_DATA__PASTE_AFTER_CONFIRM 0x00000002UL
#define X_APPLICATION_DATA__COPY 0x00000004UL
PK���������vFZ笶�h���h�������get_context_list.hnu���[������������#ifndef _SELINUX_GET_SID_LIST_H_
#define _SELINUX_GET_SID_LIST_H_
#include <selinux/selinux.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SELINUX_DEFAULTUSER "user_u"
/* Get an ordered list of authorized security contexts for a user session
for 'user' spawned by 'fromcon' and set *conary to refer to the
NULL-terminated array of contexts. Every entry in the list will
be authorized by the policy, but the ordering is subject to user
customizable preferences. Returns number of entries in *conary.
If 'fromcon' is NULL, defaults to current context.
Caller must free via freeconary. */
extern int get_ordered_context_list(const char *user,
char * fromcon,
char *** list);
/* As above, but use the provided MLS level rather than the
default level for the user. */
int get_ordered_context_list_with_level(const char *user,
const char *level,
char * fromcon,
char *** list);
/* Get the default security context for a user session for 'user'
spawned by 'fromcon' and set *newcon to refer to it. The context
will be one of those authorized by the policy, but the selection
of a default is subject to user customizable preferences.
If 'fromcon' is NULL, defaults to current context.
Returns 0 on success or -1 otherwise.
Caller must free via freecon. */
extern int get_default_context(const char *user,
char * fromcon,
char ** newcon);
/* As above, but use the provided MLS level rather than the
default level for the user. */
int get_default_context_with_level(const char *user,
const char *level,
char * fromcon,
char ** newcon);
/* Same as get_default_context, but only return a context
that has the specified role. If no reachable context exists
for the user with that role, then return -1. */
int get_default_context_with_role(const char *user,
const char *role,
char * fromcon,
char ** newcon);
/* Same as get_default_context, but only return a context
that has the specified role and level. If no reachable context exists
for the user with that role, then return -1. */
int get_default_context_with_rolelevel(const char *user,
const char *role,
const char *level,
char * fromcon,
char ** newcon);
/* Given a list of authorized security contexts for the user,
query the user to select one and set *newcon to refer to it.
Caller must free via freecon.
Returns 0 on sucess or -1 otherwise. */
extern int query_user_context(char ** list,
char ** newcon);
/* Allow the user to manually enter a context as a fallback
if a list of authorized contexts could not be obtained.
Caller must free via freecon.
Returns 0 on success or -1 otherwise. */
extern int manual_user_enter_context(const char *user,
char ** newcon);
#ifdef __cplusplus
}
#endif
#endif
PK���������vFZ�;��������������flask.hnu���[������������/* This file is automatically generated. Do not edit. */
#ifndef _SELINUX_FLASK_H_
#define _SELINUX_FLASK_H_
#warning "Please remove any #include's of this header in your source code."
#warning "Instead, use string_to_security_class() to map the class name to a value."
/*
* Security object class definitions
*/
#define SECCLASS_SECURITY 1
#define SECCLASS_PROCESS 2
#define SECCLASS_SYSTEM 3
#define SECCLASS_CAPABILITY 4
#define SECCLASS_FILESYSTEM 5
#define SECCLASS_FILE 6
#define SECCLASS_DIR 7
#define SECCLASS_FD 8
#define SECCLASS_LNK_FILE 9
#define SECCLASS_CHR_FILE 10
#define SECCLASS_BLK_FILE 11
#define SECCLASS_SOCK_FILE 12
#define SECCLASS_FIFO_FILE 13
#define SECCLASS_SOCKET 14
#define SECCLASS_TCP_SOCKET 15
#define SECCLASS_UDP_SOCKET 16
#define SECCLASS_RAWIP_SOCKET 17
#define SECCLASS_NODE 18
#define SECCLASS_NETIF 19
#define SECCLASS_NETLINK_SOCKET 20
#define SECCLASS_PACKET_SOCKET 21
#define SECCLASS_KEY_SOCKET 22
#define SECCLASS_UNIX_STREAM_SOCKET 23
#define SECCLASS_UNIX_DGRAM_SOCKET 24
#define SECCLASS_SEM 25
#define SECCLASS_MSG 26
#define SECCLASS_MSGQ 27
#define SECCLASS_SHM 28
#define SECCLASS_IPC 29
#define SECCLASS_PASSWD 30
#define SECCLASS_X_DRAWABLE 31
#define SECCLASS_X_SCREEN 32
#define SECCLASS_X_GC 33
#define SECCLASS_X_FONT 34
#define SECCLASS_X_COLORMAP 35
#define SECCLASS_X_PROPERTY 36
#define SECCLASS_X_SELECTION 37
#define SECCLASS_X_CURSOR 38
#define SECCLASS_X_CLIENT 39
#define SECCLASS_X_DEVICE 40
#define SECCLASS_X_SERVER 41
#define SECCLASS_X_EXTENSION 42
#define SECCLASS_NETLINK_ROUTE_SOCKET 43
#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
#define SECCLASS_NETLINK_NFLOG_SOCKET 46
#define SECCLASS_NETLINK_XFRM_SOCKET 47
#define SECCLASS_NETLINK_SELINUX_SOCKET 48
#define SECCLASS_NETLINK_AUDIT_SOCKET 49
#define SECCLASS_NETLINK_IP6FW_SOCKET 50
#define SECCLASS_NETLINK_DNRT_SOCKET 51
#define SECCLASS_DBUS 52
#define SECCLASS_NSCD 53
#define SECCLASS_ASSOCIATION 54
#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
#define SECCLASS_APPLETALK_SOCKET 56
#define SECCLASS_PACKET 57
#define SECCLASS_KEY 58
#define SECCLASS_CONTEXT 59
#define SECCLASS_DCCP_SOCKET 60
#define SECCLASS_MEMPROTECT 61
#define SECCLASS_DB_DATABASE 62
#define SECCLASS_DB_TABLE 63
#define SECCLASS_DB_PROCEDURE 64
#define SECCLASS_DB_COLUMN 65
#define SECCLASS_DB_TUPLE 66
#define SECCLASS_DB_BLOB 67
#define SECCLASS_PEER 68
#define SECCLASS_CAPABILITY2 69
#define SECCLASS_X_RESOURCE 70
#define SECCLASS_X_EVENT 71
#define SECCLASS_X_SYNTHETIC_EVENT 72
#define SECCLASS_X_APPLICATION_DATA 73
/*
* Security identifier indices for initial entities
*/
#define SECINITSID_KERNEL 1
#define SECINITSID_SECURITY 2
#define SECINITSID_UNLABELED 3
#define SECINITSID_FS 4
#define SECINITSID_FILE 5
#define SECINITSID_FILE_LABELS 6
#define SECINITSID_INIT 7
#define SECINITSID_ANY_SOCKET 8
#define SECINITSID_PORT 9
#define SECINITSID_NETIF 10
#define SECINITSID_NETMSG 11
#define SECINITSID_NODE 12
#define SECINITSID_IGMP_PACKET 13
#define SECINITSID_ICMP_SOCKET 14
#define SECINITSID_TCP_SOCKET 15
#define SECINITSID_SYSCTL_MODPROBE 16
#define SECINITSID_SYSCTL 17
#define SECINITSID_SYSCTL_FS 18
#define SECINITSID_SYSCTL_KERNEL 19
#define SECINITSID_SYSCTL_NET 20
#define SECINITSID_SYSCTL_NET_UNIX 21
#define SECINITSID_SYSCTL_VM 22
#define SECINITSID_SYSCTL_DEV 23
#define SECINITSID_KMOD 24
#define SECINITSID_POLICY 25
#define SECINITSID_SCMP_PACKET 26
#define SECINITSID_DEVNULL 27
#define SECINITSID_NUM 27
#endif
PK���������vFZڱg�Z���Z�������label.hnu���[������������/*
* Labeling interface for userspace object managers and others.
*
* Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
*/
#ifndef _SELABEL_H_
#define _SELABEL_H_
#include <stdbool.h>
#include <sys/types.h>
#include <selinux/selinux.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* Opaque type used for all label handles.
*/
struct selabel_handle;
/*
* Available backends.
*/
/* file contexts */
#define SELABEL_CTX_FILE 0
/* media contexts */
#define SELABEL_CTX_MEDIA 1
/* x contexts */
#define SELABEL_CTX_X 2
/* db objects */
#define SELABEL_CTX_DB 3
/* Android property service contexts */
#define SELABEL_CTX_ANDROID_PROP 4
/* Android service contexts */
#define SELABEL_CTX_ANDROID_SERVICE 5
/*
* Available options
*/
/* no-op option, useful for unused slots in an array of options */
#define SELABEL_OPT_UNUSED 0
/* validate contexts before returning them (boolean value) */
#define SELABEL_OPT_VALIDATE 1
/* don't use local customizations to backend data (boolean value) */
#define SELABEL_OPT_BASEONLY 2
/* specify an alternate path to use when loading backend data */
#define SELABEL_OPT_PATH 3
/* select a subset of the search space as an optimization (file backend) */
#define SELABEL_OPT_SUBSET 4
/* require a hash calculation on spec files */
#define SELABEL_OPT_DIGEST 5
/* total number of options */
#define SELABEL_NOPT 6
/*
* Label operations
*/
/**
* selabel_open - Create a labeling handle.
* @backend: one of the constants specifying a supported labeling backend.
* @opts: array of selabel_opt structures specifying label options or NULL.
* @nopts: number of elements in opts array or zero for no options.
*
* Open a labeling backend for use. The available backend identifiers are
* listed above. Options may be provided via the opts parameter; available
* options are listed above. Not all options may be supported by every
* backend. Return value is the created handle on success or NULL with
* @errno set on failure.
*/
struct selabel_handle *selabel_open(unsigned int backend,
const struct selinux_opt *opts,
unsigned nopts);
/**
* selabel_close - Close a labeling handle.
* @handle: specifies handle to close
*
* Destroy the specified handle, closing files, freeing allocated memory,
* etc. The handle may not be further used after it has been closed.
*/
void selabel_close(struct selabel_handle *handle);
/**
* selabel_lookup - Perform labeling lookup operation.
* @handle: specifies backend instance to query
* @con: returns the appropriate context with which to label the object
* @key: string input to lookup operation
* @type: numeric input to the lookup operation
*
* Perform a labeling lookup operation. Return %0 on success, -%1 with
* @errno set on failure. The key and type arguments are the inputs to the
* lookup operation; appropriate values are dictated by the backend in use.
* The result is returned in the memory pointed to by @con and must be freed
* by the user with freecon().
*/
int selabel_lookup(struct selabel_handle *handle, char **con,
const char *key, int type);
int selabel_lookup_raw(struct selabel_handle *handle, char **con,
const char *key, int type);
bool selabel_partial_match(struct selabel_handle *handle, const char *key);
int selabel_lookup_best_match(struct selabel_handle *rec, char **con,
const char *key, const char **aliases, int type);
int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,
const char *key, const char **aliases, int type);
/**
* selabel_digest - Retrieve the SHA1 digest and the list of specfiles used to
* generate the digest. The SELABEL_OPT_DIGEST option must
* be set in selabel_open() to initiate the digest generation.
* @handle: specifies backend instance to query
* @digest: returns a pointer to the SHA1 digest.
* @digest_len: returns length of digest in bytes.
* @specfiles: a list of specfiles used in the SHA1 digest generation.
* The list is NULL terminated and will hold @num_specfiles entries.
* @num_specfiles: number of specfiles in the list.
*
* Return %0 on success, -%1 with @errno set on failure.
*/
int selabel_digest(struct selabel_handle *rec,
unsigned char **digest, size_t *digest_len,
char ***specfiles, size_t *num_specfiles);
enum selabel_cmp_result {
SELABEL_SUBSET,
SELABEL_EQUAL,
SELABEL_SUPERSET,
SELABEL_INCOMPARABLE
};
/**
* selabel_cmp - Compare two label configurations.
* @h1: handle for the first label configuration
* @h2: handle for the first label configuration
*
* Compare two label configurations.
* Return %SELABEL_SUBSET if @h1 is a subset of @h2, %SELABEL_EQUAL
* if @h1 is identical to @h2, %SELABEL_SUPERSET if @h1 is a superset
* of @h2, and %SELABEL_INCOMPARABLE if @h1 and @h2 are incomparable.
*/
enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1,
struct selabel_handle *h2);
/**
* selabel_stats - log labeling operation statistics.
* @handle: specifies backend instance to query
*
* Log a message with information about the number of queries performed,
* number of unused matching entries, or other operational statistics.
* Message is backend-specific, some backends may not output a message.
*/
void selabel_stats(struct selabel_handle *handle);
/*
* Type codes used by specific backends
*/
/* X backend */
#define SELABEL_X_PROP 1
#define SELABEL_X_EXT 2
#define SELABEL_X_CLIENT 3
#define SELABEL_X_EVENT 4
#define SELABEL_X_SELN 5
#define SELABEL_X_POLYPROP 6
#define SELABEL_X_POLYSELN 7
/* DB backend */
#define SELABEL_DB_DATABASE 1
#define SELABEL_DB_SCHEMA 2
#define SELABEL_DB_TABLE 3
#define SELABEL_DB_COLUMN 4
#define SELABEL_DB_SEQUENCE 5
#define SELABEL_DB_VIEW 6
#define SELABEL_DB_PROCEDURE 7
#define SELABEL_DB_BLOB 8
#define SELABEL_DB_TUPLE 9
#define SELABEL_DB_LANGUAGE 10
#define SELABEL_DB_EXCEPTION 11
#define SELABEL_DB_DATATYPE 12
#ifdef __cplusplus
}
#endif
#endif /* _SELABEL_H_ */
PK���������vFZܼ"�k���k�� ���selinux.hnu���[������������#ifndef _SELINUX_H_
#define _SELINUX_H_
#include <sys/types.h>
#include <stdarg.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
extern int is_selinux_enabled(void);
/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
extern int is_selinux_mls_enabled(void);
/* No longer used; here for compatibility with legacy callers. */
typedef char *security_context_t;
/* Free the memory allocated for a context by any of the below get* calls. */
extern void freecon(char * con);
/* Free the memory allocated for a context array by security_compute_user. */
extern void freeconary(char ** con);
/* Wrappers for the /proc/pid/attr API. */
/* Get current context, and set *con to refer to it.
Caller must free via freecon. */
extern int getcon(char ** con);
extern int getcon_raw(char ** con);
/* Set the current security context to con.
Note that use of this function requires that the entire application
be trusted to maintain any desired separation between the old and new
security contexts, unlike exec-based transitions performed via setexeccon.
When possible, decompose your application and use setexeccon()+execve()
instead. Note that the application may lose access to its open descriptors
as a result of a setcon() unless policy allows it to use descriptors opened
by the old context. */
extern int setcon(const char * con);
extern int setcon_raw(const char * con);
/* Get context of process identified by pid, and
set *con to refer to it. Caller must free via freecon. */
extern int getpidcon(pid_t pid, char ** con);
extern int getpidcon_raw(pid_t pid, char ** con);
/* Get previous context (prior to last exec), and set *con to refer to it.
Caller must free via freecon. */
extern int getprevcon(char ** con);
extern int getprevcon_raw(char ** con);
/* Get exec context, and set *con to refer to it.
Sets *con to NULL if no exec context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
extern int getexeccon(char ** con);
extern int getexeccon_raw(char ** con);
/* Set exec security context for the next execve.
Call with NULL if you want to reset to the default. */
extern int setexeccon(const char * con);
extern int setexeccon_raw(const char * con);
/* Get fscreate context, and set *con to refer to it.
Sets *con to NULL if no fs create context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
extern int getfscreatecon(char ** con);
extern int getfscreatecon_raw(char ** con);
/* Set the fscreate security context for subsequent file creations.
Call with NULL if you want to reset to the default. */
extern int setfscreatecon(const char * context);
extern int setfscreatecon_raw(const char * context);
/* Get keycreate context, and set *con to refer to it.
Sets *con to NULL if no key create context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
extern int getkeycreatecon(char ** con);
extern int getkeycreatecon_raw(char ** con);
/* Set the keycreate security context for subsequent key creations.
Call with NULL if you want to reset to the default. */
extern int setkeycreatecon(const char * context);
extern int setkeycreatecon_raw(const char * context);
/* Get sockcreate context, and set *con to refer to it.
Sets *con to NULL if no socket create context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
extern int getsockcreatecon(char ** con);
extern int getsockcreatecon_raw(char ** con);
/* Set the sockcreate security context for subsequent socket creations.
Call with NULL if you want to reset to the default. */
extern int setsockcreatecon(const char * context);
extern int setsockcreatecon_raw(const char * context);
/* Wrappers for the xattr API. */
/* Get file context, and set *con to refer to it.
Caller must free via freecon. */
extern int getfilecon(const char *path, char ** con);
extern int getfilecon_raw(const char *path, char ** con);
extern int lgetfilecon(const char *path, char ** con);
extern int lgetfilecon_raw(const char *path, char ** con);
extern int fgetfilecon(int fd, char ** con);
extern int fgetfilecon_raw(int fd, char ** con);
/* Set file context */
extern int setfilecon(const char *path, const char * con);
extern int setfilecon_raw(const char *path, const char * con);
extern int lsetfilecon(const char *path, const char * con);
extern int lsetfilecon_raw(const char *path, const char * con);
extern int fsetfilecon(int fd, const char * con);
extern int fsetfilecon_raw(int fd, const char * con);
/* Wrappers for the socket API */
/* Get context of peer socket, and set *con to refer to it.
Caller must free via freecon. */
extern int getpeercon(int fd, char ** con);
extern int getpeercon_raw(int fd, char ** con);
/* Wrappers for the selinuxfs (policy) API. */
typedef unsigned int access_vector_t;
typedef unsigned short security_class_t;
struct av_decision {
access_vector_t allowed;
access_vector_t decided;
access_vector_t auditallow;
access_vector_t auditdeny;
unsigned int seqno;
unsigned int flags;
};
/* Definitions of av_decision.flags */
#define SELINUX_AVD_FLAGS_PERMISSIVE 0x0001
/* Structure for passing options, used by AVC and label subsystems */
struct selinux_opt {
int type;
const char *value;
};
/* Callback facilities */
union selinux_callback {
/* log the printf-style format and arguments,
with the type code indicating the type of message */
int
#ifdef __GNUC__
__attribute__ ((format(printf, 2, 3)))
#endif
(*func_log) (int type, const char *fmt, ...);
/* store a string representation of auditdata (corresponding
to the given security class) into msgbuf. */
int (*func_audit) (void *auditdata, security_class_t cls,
char *msgbuf, size_t msgbufsize);
/* validate the supplied context, modifying if necessary */
int (*func_validate) (char **ctx);
/* netlink callback for setenforce message */
int (*func_setenforce) (int enforcing);
/* netlink callback for policyload message */
int (*func_policyload) (int seqno);
};
#define SELINUX_CB_LOG 0
#define SELINUX_CB_AUDIT 1
#define SELINUX_CB_VALIDATE 2
#define SELINUX_CB_SETENFORCE 3
#define SELINUX_CB_POLICYLOAD 4
extern union selinux_callback selinux_get_callback(int type);
extern void selinux_set_callback(int type, union selinux_callback cb);
/* Logging type codes, passed to the logging callback */
#define SELINUX_ERROR 0
#define SELINUX_WARNING 1
#define SELINUX_INFO 2
#define SELINUX_AVC 3
#define SELINUX_TRANS_DIR "/var/run/setrans"
/* Compute an access decision. */
extern int security_compute_av(const char * scon,
const char * tcon,
security_class_t tclass,
access_vector_t requested,
struct av_decision *avd);
extern int security_compute_av_raw(const char * scon,
const char * tcon,
security_class_t tclass,
access_vector_t requested,
struct av_decision *avd);
extern int security_compute_av_flags(const char * scon,
const char * tcon,
security_class_t tclass,
access_vector_t requested,
struct av_decision *avd);
extern int security_compute_av_flags_raw(const char * scon,
const char * tcon,
security_class_t tclass,
access_vector_t requested,
struct av_decision *avd);
/* Compute a labeling decision and set *newcon to refer to it.
Caller must free via freecon. */
extern int security_compute_create(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon);
extern int security_compute_create_raw(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon);
extern int security_compute_create_name(const char * scon,
const char * tcon,
security_class_t tclass,
const char *objname,
char ** newcon);
extern int security_compute_create_name_raw(const char * scon,
const char * tcon,
security_class_t tclass,
const char *objname,
char ** newcon);
/* Compute a relabeling decision and set *newcon to refer to it.
Caller must free via freecon. */
extern int security_compute_relabel(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon);
extern int security_compute_relabel_raw(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon);
/* Compute a polyinstantiation member decision and set *newcon to refer to it.
Caller must free via freecon. */
extern int security_compute_member(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon);
extern int security_compute_member_raw(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon);
/*
* Compute the set of reachable user contexts and set *con to refer to
* the NULL-terminated array of contexts. Caller must free via freeconary.
* These interfaces are deprecated. Use get_ordered_context_list() or
* one of its variant interfaces instead.
*/
extern int security_compute_user(const char * scon,
const char *username,
char *** con);
extern int security_compute_user_raw(const char * scon,
const char *username,
char *** con);
/* Load a policy configuration. */
extern int security_load_policy(void *data, size_t len);
/* Get the context of an initial kernel security identifier by name.
Caller must free via freecon */
extern int security_get_initial_context(const char *name,
char ** con);
extern int security_get_initial_context_raw(const char *name,
char ** con);
/*
* Make a policy image and load it.
* This function provides a higher level interface for loading policy
* than security_load_policy, internally determining the right policy
* version, locating and opening the policy file, mapping it into memory,
* manipulating it as needed for current boolean settings and/or local
* definitions, and then calling security_load_policy to load it.
*
* 'preservebools' is a boolean flag indicating whether current
* policy boolean values should be preserved into the new policy (if 1)
* or reset to the saved policy settings (if 0). The former case is the
* default for policy reloads, while the latter case is an option for policy
* reloads but is primarily for the initial policy load.
*/
extern int selinux_mkload_policy(int preservebools);
/*
* Perform the initial policy load.
* This function determines the desired enforcing mode, sets the
* the *enforce argument accordingly for the caller to use, sets the
* SELinux kernel enforcing status to match it, and loads the policy.
* It also internally handles the initial selinuxfs mount required to
* perform these actions.
*
* The function returns 0 if everything including the policy load succeeds.
* In this case, init is expected to re-exec itself in order to transition
* to the proper security context.
* Otherwise, the function returns -1, and init must check *enforce to
* determine how to proceed. If enforcing (*enforce > 0), then init should
* halt the system. Otherwise, init may proceed normally without a re-exec.
*/
extern int selinux_init_load_policy(int *enforce);
/* Translate boolean strict to name value pair. */
typedef struct {
char *name;
int value;
} SELboolean;
/* save a list of booleans in a single transaction. */
extern int security_set_boolean_list(size_t boolcnt,
SELboolean * boollist, int permanent);
/* Load policy boolean settings.
Path may be NULL, in which case the booleans are loaded from
the active policy boolean configuration file. */
extern int security_load_booleans(char *path);
/* Check the validity of a security context. */
extern int security_check_context(const char * con);
extern int security_check_context_raw(const char * con);
/* Canonicalize a security context. */
extern int security_canonicalize_context(const char * con,
char ** canoncon);
extern int security_canonicalize_context_raw(const char * con,
char ** canoncon);
/* Get the enforce flag value. */
extern int security_getenforce(void);
/* Set the enforce flag value. */
extern int security_setenforce(int value);
/* Get the load-time behavior for undefined classes/permissions */
extern int security_reject_unknown(void);
/* Get the runtime behavior for undefined classes/permissions */
extern int security_deny_unknown(void);
/* Get the checkreqprot value */
extern int security_get_checkreqprot(void);
/* Disable SELinux at runtime (must be done prior to initial policy load). */
extern int security_disable(void);
/* Get the policy version number. */
extern int security_policyvers(void);
/* Get the boolean names */
extern int security_get_boolean_names(char ***names, int *len);
/* Get the pending value for the boolean */
extern int security_get_boolean_pending(const char *name);
/* Get the active value for the boolean */
extern int security_get_boolean_active(const char *name);
/* Set the pending value for the boolean */
extern int security_set_boolean(const char *name, int value);
/* Commit the pending values for the booleans */
extern int security_commit_booleans(void);
/* Userspace class mapping support */
struct security_class_mapping {
const char *name;
const char *perms[sizeof(access_vector_t) * 8 + 1];
};
/**
* selinux_set_mapping - Enable dynamic mapping between integer offsets and security class names
* @map: array of security_class_mapping structures
*
* The core avc_has_perm() API uses integers to represent security
* classes; previous to the introduction of this function, it was
* common for userspace object managers to be compiled using generated
* offsets for a particular policy. However, that strongly ties the build of the userspace components to a particular policy.
*
* By using this function to map between integer offsets and security
* class names, it's possible to replace a system policies that have
* at least the same set of security class names as used by the
* userspace object managers.
*
* To correctly use this function, you should override the generated
* security class defines from the system policy in a local header,
* starting at 1, and have one security_class_mapping structure entry
* per define.
*/
extern int selinux_set_mapping(struct security_class_mapping *map);
/* Common helpers */
/* Convert between mode and security class values */
extern security_class_t mode_to_security_class(mode_t mode);
/* Convert between security class values and string names */
extern security_class_t string_to_security_class(const char *name);
extern const char *security_class_to_string(security_class_t cls);
/* Convert between individual access vector permissions and string names */
extern const char *security_av_perm_to_string(security_class_t tclass,
access_vector_t perm);
extern access_vector_t string_to_av_perm(security_class_t tclass,
const char *name);
/* Returns an access vector in a string representation. User must free the
* returned string via free(). */
extern int security_av_string(security_class_t tclass,
access_vector_t av, char **result);
/* Display an access vector in a string representation. */
extern void print_access_vector(security_class_t tclass, access_vector_t av);
/* Set the function used by matchpathcon_init when displaying
errors about the file_contexts configuration. If not set,
then this defaults to fprintf(stderr, fmt, ...). */
extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
/* Set the function used by matchpathcon_init when checking the
validity of a context in the file contexts configuration. If not set,
then this defaults to a test based on security_check_context().
The function is also responsible for reporting any such error, and
may include the 'path' and 'lineno' in such error messages. */
extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
unsigned lineno,
char *context));
/* Same as above, but also allows canonicalization of the context,
by changing *context to refer to the canonical form. If not set,
and invalidcon is also not set, then this defaults to calling
security_canonicalize_context(). */
extern void set_matchpathcon_canoncon(int (*f) (const char *path,
unsigned lineno,
char **context));
/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */
#define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */
extern void set_matchpathcon_flags(unsigned int flags);
/* Load the file contexts configuration specified by 'path'
into memory for use by subsequent matchpathcon calls.
If 'path' is NULL, then load the active file contexts configuration,
i.e. the path returned by selinux_file_context_path().
Unless the MATCHPATHCON_BASEONLY flag has been set, this
function also checks for a 'path'.homedirs file and
a 'path'.local file and loads additional specifications
from them if present. */
extern int matchpathcon_init(const char *path);
/* Same as matchpathcon_init, but only load entries with
regexes that have stems that are prefixes of 'prefix'. */
extern int matchpathcon_init_prefix(const char *path, const char *prefix);
/* Free the memory allocated by matchpathcon_init. */
extern void matchpathcon_fini(void);
/* Resolve all of the symlinks and relative portions of a pathname, but NOT
* the final component (same a realpath() unless the final component is a
* symlink. Resolved path must be a path of size PATH_MAX + 1 */
extern int realpath_not_final(const char *name, char *resolved_path);
/* Match the specified pathname and mode against the file contexts
configuration and set *con to refer to the resulting context.
'mode' can be 0 to disable mode matching.
Caller must free via freecon.
If matchpathcon_init has not already been called, then this function
will call it upon its first invocation with a NULL path. */
extern int matchpathcon(const char *path,
mode_t mode, char ** con);
/* Same as above, but return a specification index for
later use in a matchpathcon_filespec_add() call - see below. */
extern int matchpathcon_index(const char *path,
mode_t mode, char ** con);
/* Maintain an association between an inode and a specification index,
and check whether a conflicting specification is already associated
with the same inode (e.g. due to multiple hard links). If so, then
use the latter of the two specifications based on their order in the
file contexts configuration. Return the used specification index. */
extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);
/* Destroy any inode associations that have been added, e.g. to restart
for a new filesystem. */
extern void matchpathcon_filespec_destroy(void);
/* Display statistics on the hash table usage for the associations. */
extern void matchpathcon_filespec_eval(void);
/* Check to see whether any specifications had no matches and report them.
The 'str' is used as a prefix for any warning messages. */
extern void matchpathcon_checkmatches(char *str);
/* Match the specified media and against the media contexts
configuration and set *con to refer to the resulting context.
Caller must free con via freecon. */
extern int matchmediacon(const char *media, char ** con);
/*
selinux_getenforcemode reads the /etc/selinux/config file and determines
whether the machine should be started in enforcing (1), permissive (0) or
disabled (-1) mode.
*/
extern int selinux_getenforcemode(int *enforce);
/*
selinux_boolean_sub reads the /etc/selinux/TYPE/booleans.subs_dist file
looking for a record with boolean_name. If a record exists selinux_boolean_sub
returns the translated name otherwise it returns the original name.
The returned value needs to be freed. On failure NULL will be returned.
*/
extern char *selinux_boolean_sub(const char *boolean_name);
/*
selinux_getpolicytype reads the /etc/selinux/config file and determines
what the default policy for the machine is. Calling application must
free policytype.
*/
extern int selinux_getpolicytype(char **policytype);
/*
selinux_policy_root reads the /etc/selinux/config file and returns
the directory path under which the compiled policy file and context
configuration files exist.
*/
extern const char *selinux_policy_root(void);
/*
selinux_set_policy_root sets an alternate policy root directory path under
which the compiled policy file and context configuration files exist.
*/
extern int selinux_set_policy_root(const char *rootpath);
/* These functions return the paths to specific files under the
policy root directory. */
extern const char *selinux_current_policy_path(void);
extern const char *selinux_binary_policy_path(void);
extern const char *selinux_failsafe_context_path(void);
extern const char *selinux_removable_context_path(void);
extern const char *selinux_default_context_path(void);
extern const char *selinux_user_contexts_path(void);
extern const char *selinux_file_context_path(void);
extern const char *selinux_file_context_homedir_path(void);
extern const char *selinux_file_context_local_path(void);
extern const char *selinux_file_context_subs_path(void);
extern const char *selinux_file_context_subs_dist_path(void);
extern const char *selinux_homedir_context_path(void);
extern const char *selinux_media_context_path(void);
extern const char *selinux_virtual_domain_context_path(void);
extern const char *selinux_virtual_image_context_path(void);
extern const char *selinux_lxc_contexts_path(void);
extern const char *selinux_x_context_path(void);
extern const char *selinux_sepgsql_context_path(void);
extern const char *selinux_openrc_contexts_path(void);
extern const char *selinux_openssh_contexts_path(void);
extern const char *selinux_snapperd_contexts_path(void);
extern const char *selinux_systemd_contexts_path(void);
extern const char *selinux_contexts_path(void);
extern const char *selinux_securetty_types_path(void);
extern const char *selinux_booleans_subs_path(void);
extern const char *selinux_booleans_path(void);
extern const char *selinux_customizable_types_path(void);
extern const char *selinux_users_path(void);
extern const char *selinux_usersconf_path(void);
extern const char *selinux_translations_path(void);
extern const char *selinux_colors_path(void);
extern const char *selinux_netfilter_context_path(void);
extern const char *selinux_path(void);
/**
* selinux_check_access - Check permissions and perform appropriate auditing.
* @scon: source security context
* @tcon: target security context
* @tclass: target security class string
* @perm: requested permissions string, interpreted based on @tclass
* @auditdata: auxiliary audit data
*
* Check the AVC to determine whether the @perm permissions are granted
* for the SID pair (@scon, @tcon), interpreting the permissions
* based on @tclass.
* Return %0 if all @perm permissions are granted, -%1 with
* @errno set to %EACCES if any permissions are denied or to another
* value upon other errors.
* If auditing or logging is configured the appropriate callbacks will be called
* and passed the auditdata field
*/
extern int selinux_check_access(const char * scon, const char * tcon, const char *tclass, const char *perm, void *auditdata);
/* Check a permission in the passwd class.
Return 0 if granted or -1 otherwise. */
extern int selinux_check_passwd_access(access_vector_t requested);
extern int checkPasswdAccess(access_vector_t requested);
/* Check if the tty_context is defined as a securetty
Return 0 if secure, < 0 otherwise. */
extern int selinux_check_securetty_context(const char * tty_context);
/* Set the path to the selinuxfs mount point explicitly.
Normally, this is determined automatically during libselinux
initialization, but this is not always possible, e.g. for /sbin/init
which performs the initial mount of selinuxfs. */
void set_selinuxmnt(const char *mnt);
/* Check if selinuxfs exists as a kernel filesystem */
int selinuxfs_exists(void);
/* clear selinuxmnt variable and free allocated memory */
void fini_selinuxmnt(void);
/* Set an appropriate security context based on the filename of a helper
* program, falling back to a new context with the specified type. */
extern int setexecfilecon(const char *filename, const char *fallback_type);
#ifndef DISABLE_RPM
/* Execute a helper for rpm in an appropriate security context. */
extern int rpm_execcon(unsigned int verified,
const char *filename,
char *const argv[], char *const envp[]);
#endif
/* Returns whether a file context is customizable, and should not
be relabeled . */
extern int is_context_customizable(const char * scontext);
/* Perform context translation between the human-readable format
("translated") and the internal system format ("raw").
Caller must free the resulting context via freecon.
Returns -1 upon an error or 0 otherwise.
If passed NULL, sets the returned context to NULL and returns 0. */
extern int selinux_trans_to_raw_context(const char * trans,
char ** rawp);
extern int selinux_raw_to_trans_context(const char * raw,
char ** transp);
/* Perform context translation between security contexts
and display colors. Returns a space-separated list of ten
ten hex RGB triples prefixed by hash marks, e.g. "#ff0000".
Caller must free the resulting string via free.
Returns -1 upon an error or 0 otherwise. */
extern int selinux_raw_context_to_color(const char * raw,
char **color_str);
/* Get the SELinux username and level to use for a given Linux username.
These values may then be passed into the get_ordered_context_list*
and get_default_context* functions to obtain a context for the user.
Returns 0 on success or -1 otherwise.
Caller must free the returned strings via free. */
extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
/* Get the SELinux username and level to use for a given Linux username and service.
These values may then be passed into the get_ordered_context_list*
and get_default_context* functions to obtain a context for the user.
Returns 0 on success or -1 otherwise.
Caller must free the returned strings via free. */
extern int getseuser(const char *username, const char *service,
char **r_seuser, char **r_level);
/* Compare two file contexts, return 0 if equivalent. */
extern int selinux_file_context_cmp(const char * a,
const char * b);
/*
* Verify the context of the file 'path' against policy.
* Return 1 if match, 0 if not and -1 on error.
*/
extern int selinux_file_context_verify(const char *path, mode_t mode);
/* This function sets the file context on to the system defaults returns 0 on success */
extern int selinux_lsetfilecon_default(const char *path);
/*
* Force a reset of the loaded configuration
* WARNING: This is not thread safe. Be very sure that no other threads
* are calling into libselinux when this is called.
*/
extern void selinux_reset_config(void);
#ifdef __cplusplus
}
#endif
#endif
PK���������vFZ|B,�z���z�������restorecon.hnu���[������������#ifndef _RESTORECON_H_
#define _RESTORECON_H_
#include <sys/types.h>
#include <stdarg.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* selinux_restorecon - Relabel files.
* @pathname: specifies file/directory to relabel.
* @restorecon_flags: specifies the actions to be performed when relabeling.
*
* selinux_restorecon(3) will automatically call
* selinux_restorecon_default_handle(3) and selinux_restorecon_set_sehandle(3)
* first time through to set the selabel_open(3) parameters to use the
* currently loaded policy file_contexts and request their computed digest.
*
* Should other selabel_open(3) parameters be required see
* selinux_restorecon_set_sehandle(3).
*/
extern int selinux_restorecon(const char *pathname,
unsigned int restorecon_flags);
/*
* restorecon_flags options
*/
/*
* Force the checking of labels even if the stored SHA1
* digest matches the specfiles SHA1 digest.
*/
#define SELINUX_RESTORECON_IGNORE_DIGEST 0x0001
/*
* Do not change file labels.
*/
#define SELINUX_RESTORECON_NOCHANGE 0x0002
/*
* If set, change file label to that in spec file.
* If not, only change type component to that in spec file.
*/
#define SELINUX_RESTORECON_SET_SPECFILE_CTX 0x0004
/*
* Recursively descend directories.
*/
#define SELINUX_RESTORECON_RECURSE 0x0008
/*
* Log changes to selinux log. Note that if VERBOSE and
* PROGRESS are set, then PROGRESS will take precedence.
*/
#define SELINUX_RESTORECON_VERBOSE 0x0010
/*
* If SELINUX_RESTORECON_PROGRESS is true and
* SELINUX_RESTORECON_MASS_RELABEL is true, then output approx % complete,
* else output the number of files in 1k blocks processed to stdout.
*/
#define SELINUX_RESTORECON_PROGRESS 0x0020
/*
* Convert passed-in pathname to canonical pathname.
*/
#define SELINUX_RESTORECON_REALPATH 0x0040
/*
* Prevent descending into directories that have a different
* device number than the pathname from which the descent began.
*/
#define SELINUX_RESTORECON_XDEV 0x0080
/*
* Attempt to add an association between an inode and a specification.
* If there is already an association for the inode and it conflicts
* with the specification, then use the last matching specification.
*/
#define SELINUX_RESTORECON_ADD_ASSOC 0x0100
/*
* Abort on errors during the file tree walk.
*/
#define SELINUX_RESTORECON_ABORT_ON_ERROR 0x0200
/*
* Log any label changes to syslog.
*/
#define SELINUX_RESTORECON_SYSLOG_CHANGES 0x0400
/*
* Log what spec matched each file.
*/
#define SELINUX_RESTORECON_LOG_MATCHES 0x0800
/*
* Ignore files that do not exist.
*/
#define SELINUX_RESTORECON_IGNORE_NOENTRY 0x1000
/*
* Do not read /proc/mounts to obtain a list of non-seclabel
* mounts to be excluded from relabeling checks.
*/
#define SELINUX_RESTORECON_IGNORE_MOUNTS 0x2000
/*
* Set if there is a mass relabel required.
* See SELINUX_RESTORECON_PROGRESS flag for details.
*/
#define SELINUX_RESTORECON_MASS_RELABEL 0x4000
/**
* selinux_restorecon_set_sehandle - Set the global fc handle.
* @hndl: specifies handle to set as the global fc handle.
*
* Called by a process that has already called selabel_open(3) with it's
* required parameters, or if selinux_restorecon_default_handle(3) has been
* called to set the default selabel_open(3) parameters.
*/
extern void selinux_restorecon_set_sehandle(struct selabel_handle *hndl);
/**
* selinux_restorecon_default_handle - Sets default selabel_open(3) parameters
* to use the currently loaded policy and
* file_contexts, also requests the digest.
*
* Return value is the created handle on success or NULL with @errno set on
* failure.
*/
extern struct selabel_handle *selinux_restorecon_default_handle(void);
/**
* selinux_restorecon_set_exclude_list - Add a list of directories that are
* to be excluded from relabeling.
* @exclude_list: containing a NULL terminated list of one or more
* directories not to be relabeled.
*/
extern void selinux_restorecon_set_exclude_list(const char **exclude_list);
/**
* selinux_restorecon_set_alt_rootpath - Use alternate rootpath.
* @alt_rootpath: containing the alternate rootpath to be used.
*
* Return %0 on success, -%1 with @errno set on failure.
*/
extern int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath);
/**
* selinux_restorecon_xattr - Read/remove RESTORECON_LAST xattr entries.
* @pathname: specifies directory path to check.
* @xattr_flags: specifies the actions to be performed.
* @xattr_list: a linked list of struct dir_xattr structures containing
* the directory, digest and result of the action on the
* RESTORECON_LAST entry.
*
* selinux_restorecon_xattr(3) will automatically call
* selinux_restorecon_default_handle(3) and selinux_restorecon_set_sehandle(3)
* first time through to set the selabel_open(3) parameters to use the
* currently loaded policy file_contexts and request their computed digest.
*
* Should other selabel_open(3) parameters be required see
* selinux_restorecon_set_sehandle(3), however note that a file_contexts
* computed digest is required for selinux_restorecon_xattr().
*/
enum digest_result {
MATCH = 0,
NOMATCH,
DELETED_MATCH,
DELETED_NOMATCH,
ERROR
};
struct dir_xattr {
char *directory;
char *digest; /* A hex encoded string that can be printed. */
enum digest_result result;
struct dir_xattr *next;
};
extern int selinux_restorecon_xattr(const char *pathname,
unsigned int xattr_flags,
struct dir_xattr ***xattr_list);
/*
* xattr_flags options
*/
/* Recursively descend directories. */
#define SELINUX_RESTORECON_XATTR_RECURSE 0x0001
/* Delete non-matching digests from each directory in pathname. */
#define SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS 0x0002
/* Delete all digests found in pathname. */
#define SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS 0x0004
/* Do not read /proc/mounts. */
#define SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS 0x0008
#ifdef __cplusplus
}
#endif
#endif
PK���������vFZA�Ɩu���u�������get_default_type.hnu���[������������/* get_default_type.h - contains header information and function prototypes
* for functions to get the default type for a role
*/
#ifndef _SELINUX_GET_DEFAULT_TYPE_H_
#define _SELINUX_GET_DEFAULT_TYPE_H_
#ifdef __cplusplus
extern "C" {
#endif
/* Return path to default type file. */
const char *selinux_default_type_path(void);
/* Get the default type (domain) for 'role' and set 'type' to refer to it.
Caller must free via free().
Return 0 on success or -1 otherwise. */
int get_default_type(const char *role, char **type);
#ifdef __cplusplus
}
#endif
#endif /* ifndef _GET_DEFAULT_TYPE_H_ */
PK���������vFZ�咵>@��>@������avc.hnu���[������������/*
* Access vector cache interface for object managers.
*
* Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
*/
#ifndef _SELINUX_AVC_H_
#define _SELINUX_AVC_H_
#include <stdint.h>
#include <errno.h>
#include <stdlib.h>
#include <selinux/selinux.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* SID format and operations
*/
struct security_id {
char * ctx;
unsigned int refcnt;
};
typedef struct security_id *security_id_t;
#define SECSID_WILD (security_id_t)NULL /* unspecified SID */
/**
* avc_sid_to_context - get copy of context corresponding to SID.
* @sid: input SID
* @ctx: pointer to context reference
*
* Return a copy of the security context corresponding to the input
* @sid in the memory referenced by @ctx. The caller is expected to
* free the context with freecon(). Return %0 on success, -%1 on
* failure, with @errno set to %ENOMEM if insufficient memory was
* available to make the copy, or %EINVAL if the input SID is invalid.
*/
int avc_sid_to_context(security_id_t sid, char ** ctx);
int avc_sid_to_context_raw(security_id_t sid, char ** ctx);
/**
* avc_context_to_sid - get SID for context.
* @ctx: input security context
* @sid: pointer to SID reference
*
* Look up security context @ctx in SID table, making
* a new entry if @ctx is not found. Increment the
* reference counter for the SID. Store a pointer
* to the SID structure into the memory referenced by @sid,
* returning %0 on success or -%1 on error with @errno set.
*/
int avc_context_to_sid(const char * ctx, security_id_t * sid);
int avc_context_to_sid_raw(const char * ctx, security_id_t * sid);
/**
* sidget - increment SID reference counter.
* @sid: SID reference
*
* Increment the reference counter for @sid, indicating that
* @sid is in use by an (additional) object. Return the
* new reference count, or zero if @sid is invalid (has zero
* reference count). Note that avc_context_to_sid() also
* increments reference counts.
*/
int sidget(security_id_t sid);
/**
* sidput - decrement SID reference counter.
* @sid: SID reference
*
* Decrement the reference counter for @sid, indicating that
* a reference to @sid is no longer in use. Return the
* new reference count. When the reference count reaches
* zero, the SID is invalid, and avc_context_to_sid() must
* be called to obtain a new SID for the security context.
*/
int sidput(security_id_t sid);
/**
* avc_get_initial_sid - get SID for an initial kernel security identifier
* @name: input name of initial kernel security identifier
* @sid: pointer to a SID reference
*
* Get the context for an initial kernel security identifier specified by
* @name using security_get_initial_context() and then call
* avc_context_to_sid() to get the corresponding SID.
*/
int avc_get_initial_sid(const char *name, security_id_t * sid);
/*
* AVC entry
*/
struct avc_entry;
struct avc_entry_ref {
struct avc_entry *ae;
};
/**
* avc_entry_ref_init - initialize an AVC entry reference.
* @aeref: pointer to avc entry reference structure
*
* Use this macro to initialize an avc entry reference structure
* before first use. These structures are passed to avc_has_perm(),
* which stores cache entry references in them. They can increase
* performance on repeated queries.
*/
#define avc_entry_ref_init(aeref) ((aeref)->ae = NULL)
/*
* User-provided callbacks for memory, auditing, and locking
*/
/* These structures are passed by reference to avc_init(). Passing
* a NULL reference will cause the AVC to use a default. The default
* memory callbacks are malloc() and free(). The default logging method
* is to print on stderr. If no thread callbacks are passed, a separate
* listening thread won't be started for kernel policy change messages.
* If no locking callbacks are passed, no locking will take place.
*/
struct avc_memory_callback {
/* malloc() equivalent. */
void *(*func_malloc) (size_t size);
/* free() equivalent. */
void (*func_free) (void *ptr);
/* Note that these functions should set errno on failure.
If not, some avc routines may return -1 without errno set. */
};
struct avc_log_callback {
/* log the printf-style format and arguments. */
void
#ifdef __GNUC__
__attribute__ ((format(printf, 1, 2)))
#endif
(*func_log) (const char *fmt, ...);
/* store a string representation of auditdata (corresponding
to the given security class) into msgbuf. */
void (*func_audit) (void *auditdata, security_class_t cls,
char *msgbuf, size_t msgbufsize);
};
struct avc_thread_callback {
/* create and start a thread, returning an opaque pointer to it;
the thread should run the given function. */
void *(*func_create_thread) (void (*run) (void));
/* cancel a given thread and free its resources. */
void (*func_stop_thread) (void *thread);
};
struct avc_lock_callback {
/* create a lock and return an opaque pointer to it. */
void *(*func_alloc_lock) (void);
/* obtain a given lock, blocking if necessary. */
void (*func_get_lock) (void *lock);
/* release a given lock. */
void (*func_release_lock) (void *lock);
/* destroy a given lock (free memory, etc.) */
void (*func_free_lock) (void *lock);
};
/*
* Available options
*/
/* no-op option, useful for unused slots in an array of options */
#define AVC_OPT_UNUSED 0
/* override kernel enforcing mode (boolean value) */
#define AVC_OPT_SETENFORCE 1
/*
* AVC operations
*/
/**
* avc_init - Initialize the AVC.
* @msgprefix: prefix for log messages
* @mem_callbacks: user-supplied memory callbacks
* @log_callbacks: user-supplied logging callbacks
* @thread_callbacks: user-supplied threading callbacks
* @lock_callbacks: user-supplied locking callbacks
*
* Initialize the access vector cache. Return %0 on
* success or -%1 with @errno set on failure.
* If @msgprefix is NULL, use "uavc". If any callback
* structure references are NULL, use default methods
* for those callbacks (see the definition of the callback
* structures above).
*/
int avc_init(const char *msgprefix,
const struct avc_memory_callback *mem_callbacks,
const struct avc_log_callback *log_callbacks,
const struct avc_thread_callback *thread_callbacks,
const struct avc_lock_callback *lock_callbacks);
/**
* avc_open - Initialize the AVC.
* @opts: array of selabel_opt structures specifying AVC options or NULL.
* @nopts: number of elements in opts array or zero for no options.
*
* This function is identical to avc_init(), except the message prefix
* is set to "avc" and any callbacks desired should be specified via
* selinux_set_callback(). Available options are listed above.
*/
int avc_open(struct selinux_opt *opts, unsigned nopts);
/**
* avc_cleanup - Remove unused SIDs and AVC entries.
*
* Search the SID table for SID structures with zero
* reference counts, and remove them along with all
* AVC entries that reference them. This can be used
* to return memory to the system.
*/
void avc_cleanup(void);
/**
* avc_reset - Flush the cache and reset statistics.
*
* Remove all entries from the cache and reset all access
* statistics (as returned by avc_cache_stats()) to zero.
* The SID mapping is not affected. Return %0 on success,
* -%1 with @errno set on error.
*/
int avc_reset(void);
/**
* avc_destroy - Free all AVC structures.
*
* Destroy all AVC structures and free all allocated
* memory. User-supplied locking, memory, and audit
* callbacks will be retained, but security-event
* callbacks will not. All SID's will be invalidated.
* User must call avc_init() if further use of AVC is desired.
*/
void avc_destroy(void);
/**
* avc_has_perm_noaudit - Check permissions but perform no auditing.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
* @requested: requested permissions, interpreted based on @tclass
* @aeref: AVC entry reference
* @avd: access vector decisions
*
* Check the AVC to determine whether the @requested permissions are granted
* for the SID pair (@ssid, @tsid), interpreting the permissions
* based on @tclass, and call the security server on a cache miss to obtain
* a new decision and add it to the cache. Update @aeref to refer to an AVC
* entry with the resulting decisions, and return a copy of the decisions
* in @avd. Return %0 if all @requested permissions are granted, -%1 with
* @errno set to %EACCES if any permissions are denied, or to another value
* upon other errors. This function is typically called by avc_has_perm(),
* but may also be called directly to separate permission checking from
* auditing, e.g. in cases where a lock must be held for the check but
* should be released for the auditing.
*/
int avc_has_perm_noaudit(security_id_t ssid,
security_id_t tsid,
security_class_t tclass,
access_vector_t requested,
struct avc_entry_ref *aeref, struct av_decision *avd);
/**
* avc_has_perm - Check permissions and perform any appropriate auditing.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
* @requested: requested permissions, interpreted based on @tclass
* @aeref: AVC entry reference
* @auditdata: auxiliary audit data
*
* Check the AVC to determine whether the @requested permissions are granted
* for the SID pair (@ssid, @tsid), interpreting the permissions
* based on @tclass, and call the security server on a cache miss to obtain
* a new decision and add it to the cache. Update @aeref to refer to an AVC
* entry with the resulting decisions. Audit the granting or denial of
* permissions in accordance with the policy. Return %0 if all @requested
* permissions are granted, -%1 with @errno set to %EACCES if any permissions
* are denied or to another value upon other errors.
*/
int avc_has_perm(security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t requested,
struct avc_entry_ref *aeref, void *auditdata);
/**
* avc_audit - Audit the granting or denial of permissions.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
* @requested: requested permissions
* @avd: access vector decisions
* @result: result from avc_has_perm_noaudit
* @auditdata: auxiliary audit data
*
* Audit the granting or denial of permissions in accordance
* with the policy. This function is typically called by
* avc_has_perm() after a permission check, but can also be
* called directly by callers who use avc_has_perm_noaudit()
* in order to separate the permission check from the auditing.
* For example, this separation is useful when the permission check must
* be performed under a lock, to allow the lock to be released
* before calling the auditing code.
*/
void avc_audit(security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t requested,
struct av_decision *avd, int result, void *auditdata);
/**
* avc_compute_create - Compute SID for labeling a new object.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
* @newsid: pointer to SID reference
*
* Call the security server to obtain a context for labeling a
* new object. Look up the context in the SID table, making
* a new entry if not found. Increment the reference counter
* for the SID. Store a pointer to the SID structure into the
* memory referenced by @newsid, returning %0 on success or -%1 on
* error with @errno set.
*/
int avc_compute_create(security_id_t ssid,
security_id_t tsid,
security_class_t tclass, security_id_t * newsid);
/**
* avc_compute_member - Compute SID for polyinstantation.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
* @newsid: pointer to SID reference
*
* Call the security server to obtain a context for labeling an
* object instance. Look up the context in the SID table, making
* a new entry if not found. Increment the reference counter
* for the SID. Store a pointer to the SID structure into the
* memory referenced by @newsid, returning %0 on success or -%1 on
* error with @errno set.
*/
int avc_compute_member(security_id_t ssid,
security_id_t tsid,
security_class_t tclass, security_id_t * newsid);
/*
* security event callback facility
*/
/* security events */
#define AVC_CALLBACK_GRANT 1
#define AVC_CALLBACK_TRY_REVOKE 2
#define AVC_CALLBACK_REVOKE 4
#define AVC_CALLBACK_RESET 8
#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
#define AVC_CALLBACK_AUDITDENY_ENABLE 64
#define AVC_CALLBACK_AUDITDENY_DISABLE 128
/**
* avc_add_callback - Register a callback for security events.
* @callback: callback function
* @events: bitwise OR of desired security events
* @ssid: source security identifier or %SECSID_WILD
* @tsid: target security identifier or %SECSID_WILD
* @tclass: target security class
* @perms: permissions
*
* Register a callback function for events in the set @events
* related to the SID pair (@ssid, @tsid) and
* and the permissions @perms, interpreting
* @perms based on @tclass. Returns %0 on success or
* -%1 if insufficient memory exists to add the callback.
*/
int avc_add_callback(int (*callback)
(uint32_t event, security_id_t ssid,
security_id_t tsid, security_class_t tclass,
access_vector_t perms,
access_vector_t * out_retained),
uint32_t events, security_id_t ssid,
security_id_t tsid, security_class_t tclass,
access_vector_t perms);
/*
* AVC statistics
*/
/* If set, cache statistics are tracked. This may
* become a compile-time option in the future.
*/
#define AVC_CACHE_STATS 1
struct avc_cache_stats {
unsigned entry_lookups;
unsigned entry_hits;
unsigned entry_misses;
unsigned entry_discards;
unsigned cav_lookups;
unsigned cav_hits;
unsigned cav_probes;
unsigned cav_misses;
};
/**
* avc_cache_stats - get cache access statistics.
* @stats: reference to statistics structure
*
* Fill the supplied structure with information about AVC
* activity since the last call to avc_init() or
* avc_reset(). See the structure definition for
* details.
*/
void avc_cache_stats(struct avc_cache_stats *stats);
/**
* avc_av_stats - log av table statistics.
*
* Log a message with information about the size and
* distribution of the access vector table. The audit
* callback is used to print the message.
*/
void avc_av_stats(void);
/**
* avc_sid_stats - log SID table statistics.
*
* Log a message with information about the size and
* distribution of the SID table. The audit callback
* is used to print the message.
*/
void avc_sid_stats(void);
/**
* avc_netlink_open - Create a netlink socket and connect to the kernel.
*/
int avc_netlink_open(int blocking);
/**
* avc_netlink_loop - Wait for netlink messages from the kernel
*/
void avc_netlink_loop(void);
/**
* avc_netlink_close - Close the netlink socket
*/
void avc_netlink_close(void);
/**
* avc_netlink_acquire_fd - Acquire netlink socket fd.
*
* Allows the application to manage messages from the netlink socket in
* its own main loop.
*/
int avc_netlink_acquire_fd(void);
/**
* avc_netlink_release_fd - Release netlink socket fd.
*
* Returns ownership of the netlink socket to the library.
*/
void avc_netlink_release_fd(void);
/**
* avc_netlink_check_nb - Check netlink socket for new messages.
*
* Called by the application when using avc_netlink_acquire_fd() to
* process kernel netlink events.
*/
int avc_netlink_check_nb(void);
/**
* selinux_status_open - Open and map SELinux kernel status page
*
*/
int selinux_status_open(int fallback);
/**
* selinux_status_close - Unmap and close SELinux kernel status page
*
*/
void selinux_status_close(void);
/**
* selinux_status_updated - Inform us whether the kernel status has been updated
*
*/
int selinux_status_updated(void);
/**
* selinux_status_getenforce - Get the enforce flag value
*
*/
int selinux_status_getenforce(void);
/**
* selinux_status_policyload - Get the number of policy reloaded
*
*/
int selinux_status_policyload(void);
/**
* selinux_status_deny_unknown - Get the behavior for undefined classes/permissions
*
*/
int selinux_status_deny_unknown(void);
#ifdef __cplusplus
}
#endif
#endif /* _SELINUX_AVC_H_ */
PK���������vFZo�Q��������� ���context.hnu���[������������#ifndef _SELINUX_CONTEXT_H_
#define _SELINUX_CONTEXT_H_
#ifdef __cplusplus
extern "C" {
#endif
/*
* Functions to deal with security contexts in user space.
*/
typedef struct {
void *ptr;
} context_s_t;
typedef context_s_t *context_t;
/* Return a new context initialized to a context string */
extern context_t context_new(const char *);
/*
* Return a pointer to the string value of the context_t
* Valid until the next call to context_str or context_free
* for the same context_t*
*/
extern char *context_str(context_t);
/* Free the storage used by a context */
extern void context_free(context_t);
/* Get a pointer to the string value of a context component */
extern const char *context_type_get(context_t);
extern const char *context_range_get(context_t);
extern const char *context_role_get(context_t);
extern const char *context_user_get(context_t);
/* Set a context component. Returns nonzero if unsuccessful */
extern int context_type_set(context_t, const char *);
extern int context_range_set(context_t, const char *);
extern int context_role_set(context_t, const char *);
extern int context_user_set(context_t, const char *);
#ifdef __cplusplus
}
#endif
#endif
PK�����������vFZ�A���������������������������av_permissions.hnu���[������������PK�����������vFZ笶�h���h�����������������P���get_context_list.hnu���[������������PK�����������vFZ�;�������������������������
��flask.hnu���[������������PK�����������vFZڱg�Z���Z�����������������1$��label.hnu���[������������PK�����������vFZܼ"�k���k�� ��������������;��selinux.hnu���[������������PK�����������vFZ|B,�z���z���������������������restorecon.hnu���[������������PK�����������vFZA�Ɩu���u�����������������D���get_default_type.hnu���[������������PK�����������vFZ�咵>@��>@��������������������avc.hnu���[������������PK�����������vFZo�Q��������� �������������n���context.hnu���[������������PK������ � �����`�����