1# FLASK 2 3# 4# Define the security object classes 5# 6 7# Classes marked as userspace are classes 8# for userspace object managers 9 10class security 11class process 12class system 13class capability 14 15# file-related classes 16class filesystem 17class file 18class anon_inode 19class dir 20class fd 21class lnk_file 22class chr_file 23class blk_file 24class sock_file 25class fifo_file 26 27# network-related classes 28class socket 29class tcp_socket 30class udp_socket 31class rawip_socket 32class node 33class netif 34class netlink_socket 35class packet_socket 36class key_socket 37class unix_stream_socket 38class unix_dgram_socket 39 40# sysv-ipc-related classes 41class sem 42class msg 43class msgq 44class shm 45class ipc 46 47# extended netlink sockets 48class netlink_route_socket 49class netlink_tcpdiag_socket 50class netlink_nflog_socket 51class netlink_xfrm_socket 52class netlink_selinux_socket 53class netlink_audit_socket 54class netlink_dnrt_socket 55 56# IPSec association 57class association 58 59# Updated Netlink class for KOBJECT_UEVENT family. 60class netlink_kobject_uevent_socket 61 62class appletalk_socket 63 64class packet 65 66# Kernel access key retention 67class key 68 69class dccp_socket 70 71class memprotect 72 73# network peer labels 74class peer 75 76# Capabilities >= 32 77class capability2 78 79# kernel services that need to override task security, e.g. cachefiles 80class kernel_service 81 82class tun_socket 83 84class binder 85 86# Updated netlink classes for more recent netlink protocols. 87class netlink_iscsi_socket 88class netlink_fib_lookup_socket 89class netlink_connector_socket 90class netlink_netfilter_socket 91class netlink_generic_socket 92class netlink_scsitransport_socket 93class netlink_rdma_socket 94class netlink_crypto_socket 95 96# Infiniband 97class infiniband_pkey 98class infiniband_endport 99 100# Capability checks when on a non-init user namespace 101class cap_userns 102class cap2_userns 103 104# New socket classes introduced by extended_socket_class policy capability. 105# These two were previously mapped to rawip_socket. 106class sctp_socket 107class icmp_socket 108# These were previously mapped to socket. 109class ax25_socket 110class ipx_socket 111class netrom_socket 112class atmpvc_socket 113class x25_socket 114class rose_socket 115class decnet_socket 116class atmsvc_socket 117class rds_socket 118class irda_socket 119class pppox_socket 120class llc_socket 121class can_socket 122class tipc_socket 123class bluetooth_socket 124class iucv_socket 125class rxrpc_socket 126class isdn_socket 127class phonet_socket 128class ieee802154_socket 129class caif_socket 130class alg_socket 131class nfc_socket 132class vsock_socket 133class kcm_socket 134class qipcrtr_socket 135class smc_socket 136class xdp_socket 137class mctp_socket 138 139class process2 140 141class bpf 142 143class perf_event 144 145class io_uring 146 147# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331 148class lockdown 149 150class user_namespace 151 152# Property service 153class property_service # userspace 154 155# Service manager 156class service_manager # userspace 157 158# hardware service manager # userspace 159class hwservice_manager 160 161# Legacy Keystore key permissions 162class keystore_key # userspace 163 164# Keystore 2.0 permissions 165class keystore2 # userspace 166 167# Keystore 2.0 key permissions 168class keystore2_key # userspace 169 170# Diced permissions 171class diced # userspace 172 173class drmservice # userspace 174# FLASK 175 176# Permissions for VMs to access SMC services 177class tee_service # userspace 178