Skip to content
Snippets Groups Projects
Commit e8178b31 authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Remove unused userspace security classes. 


These are all userspace security class definitions that are
unused in Android; they are only meaningful in Linux distributions.

Change-Id: I99738752da996d9a1c7793eea049d937ffe4255b
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent a0c9d207
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
access_vectors
+ 0
333
View file @ e8178b31
...@@ -79,47 +79,6 @@ common ipc ...@@ -79,47 +79,6 @@ common ipc
unix_write unix_write
} }
#
# Define a common prefix for userspace database object access vectors.
#
common database
{
create
drop
getattr
setattr
relabelfrom
relabelto
}
#
# Define a common prefix for pointer and keyboard access vectors.
#
common x_device
{
getattr
setattr
use
read
write
getfocus
setfocus
bell
force_cursor
freeze
grab
manage
list_property
get_property
set_property
add
remove
create
destroy
}
# #
# Define the access vectors. # Define the access vectors.
# #
...@@ -449,165 +408,6 @@ class capability2 ...@@ -449,165 +408,6 @@ class capability2
block_suspend block_suspend
} }
#
# Define the access vector interpretation for controlling
# changes to passwd information.
#
class passwd
{
passwd # change another user passwd
chfn # change another user finger info
chsh # change another user shell
rootok # pam_rootok check (skip auth)
crontab # crontab on another user
}
#
# SE-X Windows stuff
#
class x_drawable
{
create
destroy
read
write
blend
getattr
setattr
list_child
add_child
remove_child
list_property
get_property
set_property
manage
override
show
hide
send
receive
}
class x_screen
{
getattr
setattr
hide_cursor
show_cursor
saver_getattr
saver_setattr
saver_hide
saver_show
}
class x_gc
{
create
destroy
getattr
setattr
use
}
class x_font
{
create
destroy
getattr
add_glyph
remove_glyph
use
}
class x_colormap
{
create
destroy
read
write
getattr
add_color
remove_color
install
uninstall
use
}
class x_property
{
create
destroy
read
write
append
getattr
setattr
}
class x_selection
{
read
write
getattr
setattr
}
class x_cursor
{
create
destroy
read
write
getattr
setattr
use
}
class x_client
{
destroy
getattr
setattr
manage
}
class x_device
inherits x_device
class x_server
{
getattr
setattr
record
debug
grab
manage
}
class x_extension
{
query
use
}
class x_resource
{
read
write
}
class x_event
{
send
receive
}
class x_synthetic_event
{
send
receive
}
# #
# Extended Netlink classes # Extended Netlink classes
# #
...@@ -665,33 +465,6 @@ inherits socket ...@@ -665,33 +465,6 @@ inherits socket
class netlink_dnrt_socket class netlink_dnrt_socket
inherits socket inherits socket
# Define the access vector interpretation for controlling
# access and communication through the D-BUS messaging
# system.
#
class dbus
{
acquire_svc
send_msg
}
# Define the access vector interpretation for controlling
# access through the name service cache daemon (nscd).
#
class nscd
{
getpwd
getgrp
gethost
getstat
admin
shmempwd
shmemgrp
shmemhost
getserv
shmemserv
}
# Define the access vector interpretation for controlling # Define the access vector interpretation for controlling
# access to IPSec network data by association # access to IPSec network data by association
# #
...@@ -732,12 +505,6 @@ class key ...@@ -732,12 +505,6 @@ class key
create create
} }
class context
{
translate
contains
}
class dccp_socket class dccp_socket
inherits socket inherits socket
{ {
...@@ -750,77 +517,12 @@ class memprotect ...@@ -750,77 +517,12 @@ class memprotect
mmap_zero mmap_zero
} }
class db_database
inherits database
{
access
install_module
load_module
get_param # deprecated
set_param # deprecated
}
class db_table
inherits database
{
use # deprecated
select
update
insert
delete
lock
}
class db_procedure
inherits database
{
execute
entrypoint
install
}
class db_column
inherits database
{
use # deprecated
select
update
insert
}
class db_tuple
{
relabelfrom
relabelto
use # deprecated
select
update
insert
delete
}
class db_blob
inherits database
{
read
write
import
export
}
# network peer labels # network peer labels
class peer class peer
{ {
recv recv
} }
class x_application_data
{
paste
paste_after_confirm
copy
}
class kernel_service class kernel_service
{ {
use_as_override use_as_override
...@@ -833,41 +535,6 @@ inherits socket ...@@ -833,41 +535,6 @@ inherits socket
attach_queue attach_queue
} }
class x_pointer
inherits x_device
class x_keyboard
inherits x_device
class db_schema
inherits database
{
search
add_name
remove_name
}
class db_view
inherits database
{
expand
}
class db_sequence
inherits database
{
get_value
next_value
set_value
}
class db_language
inherits database
{
implement
execute
}
class binder class binder
{ {
impersonate impersonate
......
security_classes
+ 0
49
View file @ e8178b31
...@@ -43,27 +43,6 @@ class msgq ...@@ -43,27 +43,6 @@ class msgq
class shm class shm
class ipc class ipc
#
# userspace object manager classes
#
# passwd/chfn/chsh
class passwd # userspace
# SE-X Windows stuff (more classes below)
class x_drawable # userspace
class x_screen # userspace
class x_gc # userspace
class x_font # userspace
class x_colormap # userspace
class x_property # userspace
class x_selection # userspace
class x_cursor # userspace
class x_client # userspace
class x_device # userspace
class x_server # userspace
class x_extension # userspace
# extended netlink sockets # extended netlink sockets
class netlink_route_socket class netlink_route_socket
class netlink_firewall_socket class netlink_firewall_socket
...@@ -75,9 +54,6 @@ class netlink_audit_socket ...@@ -75,9 +54,6 @@ class netlink_audit_socket
class netlink_ip6fw_socket class netlink_ip6fw_socket
class netlink_dnrt_socket class netlink_dnrt_socket
class dbus # userspace
class nscd # userspace
# IPSec association # IPSec association
class association class association
...@@ -91,46 +67,21 @@ class packet ...@@ -91,46 +67,21 @@ class packet
# Kernel access key retention # Kernel access key retention
class key class key
class context # userspace
class dccp_socket class dccp_socket
class memprotect class memprotect
class db_database # userspace
class db_table # userspace
class db_procedure # userspace
class db_column # userspace
class db_tuple # userspace
class db_blob # userspace
# network peer labels # network peer labels
class peer class peer
# Capabilities >= 32 # Capabilities >= 32
class capability2 class capability2
# More SE-X Windows stuff
class x_resource # userspace
class x_event # userspace
class x_synthetic_event # userspace
class x_application_data # userspace
# kernel services that need to override task security, e.g. cachefiles # kernel services that need to override task security, e.g. cachefiles
class kernel_service class kernel_service
class tun_socket class tun_socket
# Still More SE-X Windows stuff
class x_pointer # userspace
class x_keyboard # userspace
# More Database stuff
class db_schema # userspace
class db_view # userspace
class db_sequence # userspace
class db_language # userspace
class binder class binder
# Property service # Property service
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment