Blame - private/security_classes - android_system_sepolicy

blob: 2cfc768b5449e2740cfc3d037d080f0bc419b80e [file] [log] [blame]

Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	1	# FLASK
				2
				3	#
				4	# Define the security object classes
				5	#
				6
				7	# Classes marked as userspace are classes
				8	# for userspace object managers
				9
				10	class security
				11	class process
				12	class system
				13	class capability
				14
				15	# file-related classes
				16	class filesystem
				17	class file
				18	class dir
				19	class fd
				20	class lnk_file
				21	class chr_file
				22	class blk_file
				23	class sock_file
				24	class fifo_file
				25
				26	# network-related classes
				27	class socket
				28	class tcp_socket
				29	class udp_socket
				30	class rawip_socket
				31	class node
				32	class netif
				33	class netlink_socket
				34	class packet_socket
				35	class key_socket
				36	class unix_stream_socket
				37	class unix_dgram_socket
				38
				39	# sysv-ipc-related classes
				40	class sem
				41	class msg
				42	class msgq
				43	class shm
				44	class ipc
				45
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	46	# extended netlink sockets
				47	class netlink_route_socket
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	48	class netlink_tcpdiag_socket
				49	class netlink_nflog_socket
				50	class netlink_xfrm_socket
				51	class netlink_selinux_socket
				52	class netlink_audit_socket
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	53	class netlink_dnrt_socket
				54
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	55	# IPSec association
				56	class association
				57
				58	# Updated Netlink class for KOBJECT_UEVENT family.
				59	class netlink_kobject_uevent_socket
				60
				61	class appletalk_socket
				62
				63	class packet
				64
				65	# Kernel access key retention
				66	class key
				67
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	68	class dccp_socket
				69
				70	class memprotect
				71
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	72	# network peer labels
				73	class peer
				74
				75	# Capabilities >= 32
				76	class capability2
				77
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	78	# kernel services that need to override task security, e.g. cachefiles
				79	class kernel_service
				80
				81	class tun_socket
				82
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	83	class binder
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	84
Stephen Smalley	01d95c2	2015-05-21 16:17:26 -0400	[diff] [blame]	85	# Updated netlink classes for more recent netlink protocols.
				86	class netlink_iscsi_socket
				87	class netlink_fib_lookup_socket
				88	class netlink_connector_socket
				89	class netlink_netfilter_socket
				90	class netlink_generic_socket
				91	class netlink_scsitransport_socket
				92	class netlink_rdma_socket
				93	class netlink_crypto_socket
				94
Stephen Smalley	8a00360	2016-04-27 09:42:57 -0400	[diff] [blame]	95	# Capability checks when on a non-init user namespace
				96	class cap_userns
				97	class cap2_userns
				98
Stephen Smalley	431bdd9	2016-12-08 13:35:27 -0500	[diff] [blame]	99	# New socket classes introduced by extended_socket_class policy capability.
				100	# These two were previously mapped to rawip_socket.
				101	class sctp_socket
				102	class icmp_socket
				103	# These were previously mapped to socket.
				104	class ax25_socket
				105	class ipx_socket
				106	class netrom_socket
				107	class atmpvc_socket
				108	class x25_socket
				109	class rose_socket
				110	class decnet_socket
				111	class atmsvc_socket
				112	class rds_socket
				113	class irda_socket
				114	class pppox_socket
				115	class llc_socket
				116	class can_socket
				117	class tipc_socket
				118	class bluetooth_socket
				119	class iucv_socket
				120	class rxrpc_socket
				121	class isdn_socket
				122	class phonet_socket
				123	class ieee802154_socket
				124	class caif_socket
				125	class alg_socket
				126	class nfc_socket
				127	class vsock_socket
				128	class kcm_socket
				129	class qipcrtr_socket
Stephen Smalley	2be9799	2017-05-17 12:06:49 -0400	[diff] [blame]	130	class smc_socket
Stephen Smalley	431bdd9	2016-12-08 13:35:27 -0500	[diff] [blame]	131
Stephen Smalley	124720a	2012-04-04 10:11:16 -0400	[diff] [blame]	132	# Property service
				133	class property_service # userspace
				134
Riley Spahn	f90c41f	2014-06-05 15:52:02 -0700	[diff] [blame]	135	# Service manager
				136	class service_manager # userspace
				137
Martijn Coenen	bc6d88d	2017-04-06 09:24:41 -0700	[diff] [blame]	138	# hardware service manager # userspace
				139	class hwservice_manager
				140
Riley Spahn	1196d2a	2014-06-17 14:58:52 -0700	[diff] [blame]	141	# Keystore Key
				142	class keystore_key # userspace
				143
Riley Spahn	70f75ce	2014-07-02 12:42:59 -0700	[diff] [blame]	144	class drmservice # userspace
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	145	# FLASK