File: access_vectors

package info (click to toggle)
oskit 0.97.20000202-1
  • links: PTS
  • area: main
  • in suites: potato
  • size: 58,008 kB
  • ctags: 172,612
  • sloc: ansic: 832,827; asm: 7,640; sh: 3,920; yacc: 3,664; perl: 1,457; lex: 427; makefile: 337; csh: 141; awk: 78
file content (311 lines) | stat: -rw-r--r-- 4,339 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
 
# Copyright (c) 1999 The University of Utah and the Flux Group.
# All rights reserved.
# 
# Contributed by the Computer Security Research division,
# INFOSEC Research and Technology Office, NSA.
# 
# This file is part of the Flux OSKit.  The OSKit is free software, also known
# as "open source;" you can redistribute it and/or modify it under the terms
# of the GNU General Public License (GPL), version 2, as published by the Free
# Software Foundation (FSF).  To explore alternate licensing terms, contact
# the University of Utah at csl-dist@cs.utah.edu or +1-801-585-3271.
# 
# The OSKit is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE.  See the GPL for more details.  You should have
# received a copy of the GPL along with the OSKit; see the file COPYING.  If
# not, write to the FSF, 59 Temple Place #330, Boston, MA 02111-1307, USA.

#
# Define common prefixes for access vectors
#
# common common_name { permission_name ... }


#
# Define a common prefix for file access vectors.
#

common file
{
	read
	write
	create
	append
	execute
	access
	getattr
	setattr
	unlink
	link
	rename
	lock
	sync
	pathconf
	relabelfrom
	relabelto
	transition
}


#
# Define a common prefix for socket access vectors.
#

common socket
{
	receive
	send
	create
	getlocal
	setlocal
	getremote
	setremote
	getopt
	setopt
	tcp_setopt
	udp_setopt
	ip_setopt
	disable_send
	disable_receive
	send_associate
	recvfrom_associate
	recv_associate
	port_associate
}	


#
# Define the access vectors.
#
# class class_name [ inherits common_name ] { permission_name ... }

#
# Define the access vector interpretation for file-related objects.
#

class filesystem
{
	mount
	remount
	unmount
	getattr
	sync
	lookupi
	relabelfrom
	relabelto
	transition
	associate
}

class dir
inherits file
{
	add_name
	remove_name
	reparent
	search
	rmdir
	mounton
	mountassociate
}

class file
inherits file

class lnk_file
inherits file

class chr_file
inherits file

class blk_file
inherits file

class sock_file
inherits file

class fifo_file
inherits file

class pipe
inherits file


class fd
{
	create
	getattr
	setattr
	inherit
}


#
# Define the access vector interpretation for network-related objects.
#

class node 
{
	tcp_receive_node
	tcp_send_node
	udp_receive_node
	udp_send_node
	receive_node
	send_node
}

class netif
{
	getattr
	setattr
	tcp_receive_netif 
	tcp_send_netif
	udp_receive_netif 
	udp_send_netif
	receive_netif 
	send_netif
}

class rttab
{
	observe 
	modify
}

class rtsock
inherits socket

class in_stream_sock
inherits socket
{
	listen
	accept
	accept_associate
	client_associate
        server_associate
}


class in_dgram_sock
inherits socket


class in_raw_sock
inherits socket

class in_icmp_sock
inherits socket

class in_igmp_sock
inherits socket

class in_rsvp_sock
inherits socket

class in_ipip_sock
inherits socket


#
# Define the access vector interpretation for process-related objects
#

class process
{
	execute
	fork
	wait
	transition
	sigstop
	sigkill
	signal
}


#
# Define the access vector interpretation for the security server. 
#

class security
{
	compute_av
	notify_perm
	transition_sid
	member_sid
	sid_to_context
	context_to_sid
	load_extension
	load_policy
	register_avc
}


#
# Define the access vector interpretation for system operations.
#

class system
{
	reboot
}


#
# Define the access vector interpretation for subjects.
#
 
class subject
{ 
        read
        write
        execute
        create_object
        specify_client
        specify_server
        connect
        call
        send
        thread_scheduler
        task_keeper
        map
}
 

#
# Define the access vector interpretation for the AVC.
# 

class avc
{
        grant 
        try_revoke
        revoke 
        reset  
        set_auditallow
        set_auditdeny
}


# 
# Define the access vector interpretation for mempools and segments.
#

class memory
{
        segment_create
        segment_destroy
        segment_map
        segment_getsize
        segment_setsize
        segment_createcopy
        mempool_create
        mempool_destroy
        mempool_addsubpool
        mempool_addsegment
        mempool_gettickets
        mempool_settickets
        segment_associate
        subpool_associate
}