-/* FLASK */
-
-struct av_perm_to_string
-{
- u16 tclass;
- u32 value;
- char *name;
-};
-
-static struct av_perm_to_string av_perm_to_string[] = {
- { SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount" },
- { SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount" },
- { SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount" },
- { SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr" },
- { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom" },
- { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto" },
- { SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition" },
- { SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate" },
- { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod" },
- { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget" },
- { SECCLASS_DIR, DIR__ADD_NAME, "add_name" },
- { SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name" },
- { SECCLASS_DIR, DIR__REPARENT, "reparent" },
- { SECCLASS_DIR, DIR__SEARCH, "search" },
- { SECCLASS_DIR, DIR__RMDIR, "rmdir" },
- { SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans" },
- { SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint" },
- { SECCLASS_FD, FD__USE, "use" },
- { SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto" },
- { SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn" },
- { SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom" },
- { SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind" },
- { SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind" },
- { SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind" },
- { SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv" },
- { SECCLASS_NODE, NODE__TCP_SEND, "tcp_send" },
- { SECCLASS_NODE, NODE__UDP_RECV, "udp_recv" },
- { SECCLASS_NODE, NODE__UDP_SEND, "udp_send" },
- { SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv" },
- { SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send" },
- { SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest" },
- { SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv" },
- { SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send" },
- { SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv" },
- { SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send" },
- { SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv" },
- { SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send" },
- { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto" },
- { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn" },
- { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom" },
- { SECCLASS_PROCESS, PROCESS__FORK, "fork" },
- { SECCLASS_PROCESS, PROCESS__TRANSITION, "transition" },
- { SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld" },
- { SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill" },
- { SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop" },
- { SECCLASS_PROCESS, PROCESS__SIGNULL, "signull" },
- { SECCLASS_PROCESS, PROCESS__SIGNAL, "signal" },
- { SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace" },
- { SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched" },
- { SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched" },
- { SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession" },
- { SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid" },
- { SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid" },
- { SECCLASS_PROCESS, PROCESS__GETCAP, "getcap" },
- { SECCLASS_PROCESS, PROCESS__SETCAP, "setcap" },
- { SECCLASS_PROCESS, PROCESS__SHARE, "share" },
- { SECCLASS_PROCESS, PROCESS__GETATTR, "getattr" },
- { SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec" },
- { SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate" },
- { SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure" },
- { SECCLASS_PROCESS, PROCESS__SIGINH, "siginh" },
- { SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit" },
- { SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh" },
- { SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue" },
- { SECCLASS_MSG, MSG__SEND, "send" },
- { SECCLASS_MSG, MSG__RECEIVE, "receive" },
- { SECCLASS_SHM, SHM__LOCK, "lock" },
- { SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av" },
- { SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create" },
- { SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member" },
- { SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context" },
- { SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy" },
- { SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel" },
- { SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user" },
- { SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce" },
- { SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool" },
- { SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info" },
- { SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read" },
- { SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod" },
- { SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console" },
- { SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown" },
- { SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override" },
- { SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search" },
- { SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner" },
- { SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid" },
- { SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill" },
- { SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid" },
- { SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid" },
- { SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap" },
- { SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable" },
- { SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service" },
- { SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast" },
- { SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin" },
- { SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw" },
- { SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock" },
- { SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner" },
- { SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module" },
- { SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio" },
- { SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot" },
- { SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace" },
- { SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct" },
- { SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin" },
- { SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot" },
- { SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice" },
- { SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource" },
- { SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time" },
- { SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config" },
- { SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod" },
- { SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease" },
- { SECCLASS_PASSWD, PASSWD__PASSWD, "passwd" },
- { SECCLASS_PASSWD, PASSWD__CHFN, "chfn" },
- { SECCLASS_PASSWD, PASSWD__CHSH, "chsh" },
- { SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok" },
- { SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create" },
- { SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy" },
- { SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw" },
- { SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy" },
- { SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr" },
- { SECCLASS_GC, GC__CREATE, "create" },
- { SECCLASS_GC, GC__FREE, "free" },
- { SECCLASS_GC, GC__GETATTR, "getattr" },
- { SECCLASS_GC, GC__SETATTR, "setattr" },
- { SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild" },
- { SECCLASS_WINDOW, WINDOW__CREATE, "create" },
- { SECCLASS_WINDOW, WINDOW__DESTROY, "destroy" },
- { SECCLASS_WINDOW, WINDOW__MAP, "map" },
- { SECCLASS_WINDOW, WINDOW__UNMAP, "unmap" },
- { SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack" },
- { SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist" },
- { SECCLASS_WINDOW, WINDOW__CHPROP, "chprop" },
- { SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop" },
- { SECCLASS_WINDOW, WINDOW__GETATTR, "getattr" },
- { SECCLASS_WINDOW, WINDOW__SETATTR, "setattr" },
- { SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus" },
- { SECCLASS_WINDOW, WINDOW__MOVE, "move" },
- { SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection" },
- { SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent" },
- { SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife" },
- { SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate" },
- { SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent" },
- { SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion" },
- { SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent" },
- { SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent" },
- { SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent" },
- { SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent" },
- { SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest" },
- { SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent" },
- { SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent" },
- { SECCLASS_FONT, FONT__LOAD, "load" },
- { SECCLASS_FONT, FONT__FREE, "free" },
- { SECCLASS_FONT, FONT__GETATTR, "getattr" },
- { SECCLASS_FONT, FONT__USE, "use" },
- { SECCLASS_COLORMAP, COLORMAP__CREATE, "create" },
- { SECCLASS_COLORMAP, COLORMAP__FREE, "free" },
- { SECCLASS_COLORMAP, COLORMAP__INSTALL, "install" },
- { SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall" },
- { SECCLASS_COLORMAP, COLORMAP__LIST, "list" },
- { SECCLASS_COLORMAP, COLORMAP__READ, "read" },
- { SECCLASS_COLORMAP, COLORMAP__STORE, "store" },
- { SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr" },
- { SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr" },
- { SECCLASS_PROPERTY, PROPERTY__CREATE, "create" },
- { SECCLASS_PROPERTY, PROPERTY__FREE, "free" },
- { SECCLASS_PROPERTY, PROPERTY__READ, "read" },
- { SECCLASS_PROPERTY, PROPERTY__WRITE, "write" },
- { SECCLASS_CURSOR, CURSOR__CREATE, "create" },
- { SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph" },
- { SECCLASS_CURSOR, CURSOR__FREE, "free" },
- { SECCLASS_CURSOR, CURSOR__ASSIGN, "assign" },
- { SECCLASS_CURSOR, CURSOR__SETATTR, "setattr" },
- { SECCLASS_XCLIENT, XCLIENT__KILL, "kill" },
- { SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup" },
- { SECCLASS_XINPUT, XINPUT__GETATTR, "getattr" },
- { SECCLASS_XINPUT, XINPUT__SETATTR, "setattr" },
- { SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus" },
- { SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer" },
- { SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab" },
- { SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab" },
- { SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab" },
- { SECCLASS_XINPUT, XINPUT__BELL, "bell" },
- { SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion" },
- { SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput" },
- { SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver" },
- { SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist" },
- { SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist" },
- { SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath" },
- { SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath" },
- { SECCLASS_XSERVER, XSERVER__GETATTR, "getattr" },
- { SECCLASS_XSERVER, XSERVER__GRAB, "grab" },
- { SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab" },
- { SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query" },
- { SECCLASS_XEXTENSION, XEXTENSION__USE, "use" },
- { SECCLASS_PAX, PAX__PAGEEXEC, "pageexec" },
- { SECCLASS_PAX, PAX__EMUTRAMP, "emutramp" },
- { SECCLASS_PAX, PAX__MPROTECT, "mprotect" },
- { SECCLASS_PAX, PAX__RANDMMAP, "randmmap" },
- { SECCLASS_PAX, PAX__RANDEXEC, "randexec" },
- { SECCLASS_PAX, PAX__SEGMEXEC, "segmexec" },
- { SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read" },
- { SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write" },
- { SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read" },
- { SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write" },
- { SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read" },
- { SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write" },
- { SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read" },
- { SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write" },
- { SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read" },
- { SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write" },
- { SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read" },
- { SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write" },
-};
-
-
-/* FLASK */
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget")
+ S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name")
+ S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name")
+ S_(SECCLASS_DIR, DIR__REPARENT, "reparent")
+ S_(SECCLASS_DIR, DIR__SEARCH, "search")
+ S_(SECCLASS_DIR, DIR__RMDIR, "rmdir")
+ S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans")
+ S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint")
+ S_(SECCLASS_FILE, FILE__EXECMOD, "execmod")
+ S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans")
+ S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint")
+ S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod")
+ S_(SECCLASS_FD, FD__USE, "use")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect")
+ S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind")
+ S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind")
+ S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv")
+ S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send")
+ S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv")
+ S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send")
+ S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv")
+ S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send")
+ S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest")
+ S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv")
+ S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send")
+ S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv")
+ S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send")
+ S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv")
+ S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send")
+ S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv")
+ S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send")
+ S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv")
+ S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send")
+ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto")
+ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn")
+ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom")
+ S_(SECCLASS_PROCESS, PROCESS__FORK, "fork")
+ S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition")
+ S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld")
+ S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill")
+ S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop")
+ S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull")
+ S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal")
+ S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace")
+ S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched")
+ S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched")
+ S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession")
+ S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid")
+ S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid")
+ S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap")
+ S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap")
+ S_(SECCLASS_PROCESS, PROCESS__SHARE, "share")
+ S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr")
+ S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec")
+ S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate")
+ S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure")
+ S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh")
+ S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit")
+ S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh")
+ S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition")
+ S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
+ S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
+ S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
+ S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
+ S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate")
+ S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate")
+ S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
+ S_(SECCLASS_MSG, MSG__SEND, "send")
+ S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
+ S_(SECCLASS_SHM, SHM__LOCK, "lock")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
+ S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context")
+ S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user")
+ S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce")
+ S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool")
+ S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam")
+ S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot")
+ S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info")
+ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read")
+ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod")
+ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
+ S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
+ S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
+ S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
+ S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok")
+ S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr")
+ S_(SECCLASS_GC, GC__CREATE, "create")
+ S_(SECCLASS_GC, GC__FREE, "free")
+ S_(SECCLASS_GC, GC__GETATTR, "getattr")
+ S_(SECCLASS_GC, GC__SETATTR, "setattr")
+ S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild")
+ S_(SECCLASS_WINDOW, WINDOW__CREATE, "create")
+ S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy")
+ S_(SECCLASS_WINDOW, WINDOW__MAP, "map")
+ S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap")
+ S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack")
+ S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist")
+ S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop")
+ S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop")
+ S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr")
+ S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr")
+ S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus")
+ S_(SECCLASS_WINDOW, WINDOW__MOVE, "move")
+ S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection")
+ S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent")
+ S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife")
+ S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate")
+ S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent")
+ S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion")
+ S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent")
+ S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent")
+ S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent")
+ S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent")
+ S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest")
+ S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent")
+ S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent")
+ S_(SECCLASS_FONT, FONT__LOAD, "load")
+ S_(SECCLASS_FONT, FONT__FREE, "free")
+ S_(SECCLASS_FONT, FONT__GETATTR, "getattr")
+ S_(SECCLASS_FONT, FONT__USE, "use")
+ S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create")
+ S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free")
+ S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install")
+ S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall")
+ S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list")
+ S_(SECCLASS_COLORMAP, COLORMAP__READ, "read")
+ S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store")
+ S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr")
+ S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr")
+ S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create")
+ S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free")
+ S_(SECCLASS_PROPERTY, PROPERTY__READ, "read")
+ S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write")
+ S_(SECCLASS_CURSOR, CURSOR__CREATE, "create")
+ S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph")
+ S_(SECCLASS_CURSOR, CURSOR__FREE, "free")
+ S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign")
+ S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr")
+ S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill")
+ S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup")
+ S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr")
+ S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr")
+ S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus")
+ S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer")
+ S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab")
+ S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab")
+ S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab")
+ S_(SECCLASS_XINPUT, XINPUT__BELL, "bell")
+ S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion")
+ S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput")
+ S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver")
+ S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist")
+ S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist")
+ S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath")
+ S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath")
+ S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr")
+ S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab")
+ S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab")
+ S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query")
+ S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use")
+ S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec")
+ S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp")
+ S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect")
+ S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap")
+ S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec")
+ S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec")
+ S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay")
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")
+ S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")
+ S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg")
+ S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd")
+ S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp")
+ S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost")
+ S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat")
+ S_(SECCLASS_NSCD, NSCD__ADMIN, "admin")
+ S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")
+ S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")
+ S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, "polmatch")
+ S_(SECCLASS_PACKET, PACKET__SEND, "send")
+ S_(SECCLASS_PACKET, PACKET__RECV, "recv")
+ S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto")
+ S_(SECCLASS_KEY, KEY__VIEW, "view")
+ S_(SECCLASS_KEY, KEY__READ, "read")
+ S_(SECCLASS_KEY, KEY__WRITE, "write")
+ S_(SECCLASS_KEY, KEY__SEARCH, "search")
+ S_(SECCLASS_KEY, KEY__LINK, "link")
+ S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
+ S_(SECCLASS_KEY, KEY__CREATE, "create")
+ S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
+ S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")
+ S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind")
+ S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")