2012-01-04 18:33:27 +01:00
|
|
|
#
|
|
|
|
# Define common prefixes for access vectors
|
|
|
|
#
|
|
|
|
# common common_name { permission_name ... }
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# Define a common prefix for file access vectors.
|
|
|
|
#
|
|
|
|
|
|
|
|
common file
|
|
|
|
{
|
|
|
|
ioctl
|
|
|
|
read
|
|
|
|
write
|
|
|
|
create
|
|
|
|
getattr
|
|
|
|
setattr
|
|
|
|
lock
|
|
|
|
relabelfrom
|
|
|
|
relabelto
|
|
|
|
append
|
2017-07-10 15:32:10 +02:00
|
|
|
map
|
2012-01-04 18:33:27 +01:00
|
|
|
unlink
|
|
|
|
link
|
|
|
|
rename
|
|
|
|
execute
|
|
|
|
quotaon
|
|
|
|
mounton
|
2020-01-14 20:27:45 +01:00
|
|
|
audit_access
|
|
|
|
open
|
|
|
|
execmod
|
|
|
|
watch
|
|
|
|
watch_mount
|
|
|
|
watch_sb
|
|
|
|
watch_with_perm
|
|
|
|
watch_reads
|
2012-01-04 18:33:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# Define a common prefix for socket access vectors.
|
|
|
|
#
|
|
|
|
|
|
|
|
common socket
|
|
|
|
{
|
|
|
|
# inherited from file
|
|
|
|
ioctl
|
|
|
|
read
|
|
|
|
write
|
|
|
|
create
|
|
|
|
getattr
|
|
|
|
setattr
|
|
|
|
lock
|
|
|
|
relabelfrom
|
|
|
|
relabelto
|
|
|
|
append
|
2017-07-10 15:32:10 +02:00
|
|
|
map
|
2012-01-04 18:33:27 +01:00
|
|
|
# socket-specific
|
|
|
|
bind
|
|
|
|
connect
|
|
|
|
listen
|
|
|
|
accept
|
|
|
|
getopt
|
|
|
|
setopt
|
|
|
|
shutdown
|
|
|
|
recvfrom
|
|
|
|
sendto
|
|
|
|
name_bind
|
|
|
|
}
|
|
|
|
|
|
|
|
#
|
|
|
|
# Define a common prefix for ipc access vectors.
|
|
|
|
#
|
|
|
|
|
|
|
|
common ipc
|
|
|
|
{
|
|
|
|
create
|
|
|
|
destroy
|
|
|
|
getattr
|
|
|
|
setattr
|
|
|
|
read
|
|
|
|
write
|
|
|
|
associate
|
|
|
|
unix_read
|
|
|
|
unix_write
|
|
|
|
}
|
|
|
|
|
2016-04-27 15:42:57 +02:00
|
|
|
#
|
|
|
|
# Define a common for capability access vectors.
|
|
|
|
#
|
|
|
|
common cap
|
|
|
|
{
|
|
|
|
# The capabilities are defined in include/linux/capability.h
|
|
|
|
# Capabilities >= 32 are defined in the cap2 common.
|
|
|
|
# Care should be taken to ensure that these are consistent with
|
|
|
|
# those definitions. (Order matters)
|
|
|
|
|
|
|
|
chown
|
|
|
|
dac_override
|
|
|
|
dac_read_search
|
|
|
|
fowner
|
|
|
|
fsetid
|
|
|
|
kill
|
|
|
|
setgid
|
|
|
|
setuid
|
|
|
|
setpcap
|
|
|
|
linux_immutable
|
|
|
|
net_bind_service
|
|
|
|
net_broadcast
|
|
|
|
net_admin
|
|
|
|
net_raw
|
|
|
|
ipc_lock
|
|
|
|
ipc_owner
|
|
|
|
sys_module
|
|
|
|
sys_rawio
|
|
|
|
sys_chroot
|
|
|
|
sys_ptrace
|
|
|
|
sys_pacct
|
|
|
|
sys_admin
|
|
|
|
sys_boot
|
|
|
|
sys_nice
|
|
|
|
sys_resource
|
|
|
|
sys_time
|
|
|
|
sys_tty_config
|
|
|
|
mknod
|
|
|
|
lease
|
|
|
|
audit_write
|
|
|
|
audit_control
|
|
|
|
setfcap
|
|
|
|
}
|
|
|
|
|
|
|
|
common cap2
|
|
|
|
{
|
|
|
|
mac_override # unused by SELinux
|
2020-01-16 16:29:15 +01:00
|
|
|
mac_admin
|
2016-04-27 15:42:57 +02:00
|
|
|
syslog
|
|
|
|
wake_alarm
|
|
|
|
block_suspend
|
|
|
|
audit_read
|
|
|
|
}
|
|
|
|
|
2012-01-04 18:33:27 +01:00
|
|
|
#
|
|
|
|
# Define the access vectors.
|
|
|
|
#
|
|
|
|
# class class_name [ inherits common_name ] { permission_name ... }
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# Define the access vector interpretation for file-related objects.
|
|
|
|
#
|
|
|
|
|
|
|
|
class filesystem
|
|
|
|
{
|
|
|
|
mount
|
|
|
|
remount
|
|
|
|
unmount
|
|
|
|
getattr
|
|
|
|
relabelfrom
|
|
|
|
relabelto
|
|
|
|
associate
|
|
|
|
quotamod
|
|
|
|
quotaget
|
2019-08-28 00:29:02 +02:00
|
|
|
watch
|
2012-01-04 18:33:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
class dir
|
|
|
|
inherits file
|
|
|
|
{
|
|
|
|
add_name
|
|
|
|
remove_name
|
|
|
|
reparent
|
|
|
|
search
|
|
|
|
rmdir
|
|
|
|
}
|
|
|
|
|
|
|
|
class file
|
|
|
|
inherits file
|
|
|
|
{
|
|
|
|
execute_no_trans
|
|
|
|
entrypoint
|
|
|
|
}
|
|
|
|
|
|
|
|
class lnk_file
|
|
|
|
inherits file
|
|
|
|
|
|
|
|
class chr_file
|
|
|
|
inherits file
|
|
|
|
{
|
|
|
|
execute_no_trans
|
|
|
|
entrypoint
|
|
|
|
}
|
|
|
|
|
|
|
|
class blk_file
|
|
|
|
inherits file
|
|
|
|
|
|
|
|
class sock_file
|
|
|
|
inherits file
|
|
|
|
|
|
|
|
class fifo_file
|
|
|
|
inherits file
|
|
|
|
|
|
|
|
class fd
|
|
|
|
{
|
|
|
|
use
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# Define the access vector interpretation for network-related objects.
|
|
|
|
#
|
|
|
|
|
|
|
|
class socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class tcp_socket
|
|
|
|
inherits socket
|
|
|
|
{
|
|
|
|
node_bind
|
|
|
|
name_connect
|
|
|
|
}
|
|
|
|
|
|
|
|
class udp_socket
|
|
|
|
inherits socket
|
|
|
|
{
|
|
|
|
node_bind
|
|
|
|
}
|
|
|
|
|
|
|
|
class rawip_socket
|
|
|
|
inherits socket
|
|
|
|
{
|
|
|
|
node_bind
|
|
|
|
}
|
|
|
|
|
|
|
|
class node
|
|
|
|
{
|
|
|
|
recvfrom
|
|
|
|
sendto
|
|
|
|
}
|
|
|
|
|
|
|
|
class netif
|
|
|
|
{
|
|
|
|
ingress
|
|
|
|
egress
|
|
|
|
}
|
|
|
|
|
|
|
|
class netlink_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class packet_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class key_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class unix_stream_socket
|
|
|
|
inherits socket
|
|
|
|
{
|
|
|
|
connectto
|
|
|
|
}
|
|
|
|
|
|
|
|
class unix_dgram_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
#
|
|
|
|
# Define the access vector interpretation for process-related objects
|
|
|
|
#
|
|
|
|
|
|
|
|
class process
|
|
|
|
{
|
|
|
|
fork
|
|
|
|
transition
|
|
|
|
sigchld # commonly granted from child to parent
|
|
|
|
sigkill # cannot be caught or ignored
|
|
|
|
sigstop # cannot be caught or ignored
|
|
|
|
signull # for kill(pid, 0)
|
|
|
|
signal # all other signals
|
|
|
|
ptrace
|
|
|
|
getsched
|
|
|
|
setsched
|
|
|
|
getsession
|
|
|
|
getpgid
|
|
|
|
setpgid
|
|
|
|
getcap
|
|
|
|
setcap
|
|
|
|
share
|
|
|
|
getattr
|
|
|
|
setexec
|
|
|
|
setfscreate
|
|
|
|
noatsecure
|
|
|
|
siginh
|
|
|
|
setrlimit
|
|
|
|
rlimitinh
|
|
|
|
dyntransition
|
|
|
|
setcurrent
|
|
|
|
execmem
|
|
|
|
execstack
|
|
|
|
execheap
|
|
|
|
setkeycreate
|
|
|
|
setsockcreate
|
2017-05-17 18:12:12 +02:00
|
|
|
getrlimit
|
2012-01-04 18:33:27 +01:00
|
|
|
}
|
|
|
|
|
2018-09-07 19:48:55 +02:00
|
|
|
class process2
|
|
|
|
{
|
|
|
|
nnp_transition
|
|
|
|
nosuid_transition
|
|
|
|
}
|
2012-01-04 18:33:27 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# Define the access vector interpretation for ipc-related objects
|
|
|
|
#
|
|
|
|
|
|
|
|
class ipc
|
|
|
|
inherits ipc
|
|
|
|
|
|
|
|
class sem
|
|
|
|
inherits ipc
|
|
|
|
|
|
|
|
class msgq
|
|
|
|
inherits ipc
|
|
|
|
{
|
|
|
|
enqueue
|
|
|
|
}
|
|
|
|
|
|
|
|
class msg
|
|
|
|
{
|
|
|
|
send
|
|
|
|
receive
|
|
|
|
}
|
|
|
|
|
|
|
|
class shm
|
|
|
|
inherits ipc
|
|
|
|
{
|
|
|
|
lock
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# Define the access vector interpretation for the security server.
|
|
|
|
#
|
|
|
|
|
|
|
|
class security
|
|
|
|
{
|
|
|
|
compute_av
|
|
|
|
compute_create
|
|
|
|
compute_member
|
|
|
|
check_context
|
|
|
|
load_policy
|
|
|
|
compute_relabel
|
|
|
|
compute_user
|
|
|
|
setenforce # was avc_toggle in system class
|
|
|
|
setbool
|
|
|
|
setsecparam
|
|
|
|
setcheckreqprot
|
|
|
|
read_policy
|
2017-07-10 20:45:15 +02:00
|
|
|
validate_trans
|
2012-01-04 18:33:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# Define the access vector interpretation for system operations.
|
|
|
|
#
|
|
|
|
|
|
|
|
class system
|
|
|
|
{
|
|
|
|
ipc_info
|
|
|
|
syslog_read
|
|
|
|
syslog_mod
|
|
|
|
syslog_console
|
|
|
|
module_request
|
2016-04-07 20:06:05 +02:00
|
|
|
module_load
|
2012-01-04 18:33:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#
|
2016-04-27 15:42:57 +02:00
|
|
|
# Define the access vector interpretation for controlling capabilities
|
2012-01-04 18:33:27 +01:00
|
|
|
#
|
|
|
|
|
|
|
|
class capability
|
2016-04-27 15:42:57 +02:00
|
|
|
inherits cap
|
2012-01-04 18:33:27 +01:00
|
|
|
|
|
|
|
class capability2
|
2016-04-27 15:42:57 +02:00
|
|
|
inherits cap2
|
2012-01-04 18:33:27 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# Extended Netlink classes
|
|
|
|
#
|
|
|
|
class netlink_route_socket
|
|
|
|
inherits socket
|
|
|
|
{
|
|
|
|
nlmsg_read
|
|
|
|
nlmsg_write
|
2019-10-16 15:19:40 +02:00
|
|
|
nlmsg_readpriv
|
2012-01-04 18:33:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
class netlink_tcpdiag_socket
|
|
|
|
inherits socket
|
|
|
|
{
|
|
|
|
nlmsg_read
|
|
|
|
nlmsg_write
|
|
|
|
}
|
|
|
|
|
|
|
|
class netlink_nflog_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class netlink_xfrm_socket
|
|
|
|
inherits socket
|
|
|
|
{
|
|
|
|
nlmsg_read
|
|
|
|
nlmsg_write
|
|
|
|
}
|
|
|
|
|
|
|
|
class netlink_selinux_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class netlink_audit_socket
|
|
|
|
inherits socket
|
|
|
|
{
|
|
|
|
nlmsg_read
|
|
|
|
nlmsg_write
|
|
|
|
nlmsg_relay
|
|
|
|
nlmsg_readpriv
|
|
|
|
nlmsg_tty_audit
|
|
|
|
}
|
|
|
|
|
|
|
|
class netlink_dnrt_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
# Define the access vector interpretation for controlling
|
|
|
|
# access to IPSec network data by association
|
|
|
|
#
|
|
|
|
class association
|
|
|
|
{
|
|
|
|
sendto
|
|
|
|
recvfrom
|
|
|
|
setcontext
|
|
|
|
polmatch
|
|
|
|
}
|
|
|
|
|
|
|
|
# Updated Netlink class for KOBJECT_UEVENT family.
|
|
|
|
class netlink_kobject_uevent_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class appletalk_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class packet
|
|
|
|
{
|
|
|
|
send
|
|
|
|
recv
|
|
|
|
relabelto
|
|
|
|
forward_in
|
|
|
|
forward_out
|
|
|
|
}
|
|
|
|
|
|
|
|
class key
|
|
|
|
{
|
|
|
|
view
|
|
|
|
read
|
|
|
|
write
|
|
|
|
search
|
|
|
|
link
|
|
|
|
setattr
|
|
|
|
create
|
|
|
|
}
|
|
|
|
|
|
|
|
class dccp_socket
|
|
|
|
inherits socket
|
|
|
|
{
|
|
|
|
node_bind
|
|
|
|
name_connect
|
|
|
|
}
|
|
|
|
|
|
|
|
class memprotect
|
|
|
|
{
|
|
|
|
mmap_zero
|
|
|
|
}
|
|
|
|
|
|
|
|
# network peer labels
|
|
|
|
class peer
|
|
|
|
{
|
|
|
|
recv
|
|
|
|
}
|
|
|
|
|
|
|
|
class kernel_service
|
|
|
|
{
|
|
|
|
use_as_override
|
|
|
|
create_files_as
|
|
|
|
}
|
|
|
|
|
|
|
|
class tun_socket
|
|
|
|
inherits socket
|
2014-06-07 01:51:11 +02:00
|
|
|
{
|
|
|
|
attach_queue
|
|
|
|
}
|
2012-01-04 18:33:27 +01:00
|
|
|
|
|
|
|
class binder
|
|
|
|
{
|
|
|
|
impersonate
|
|
|
|
call
|
|
|
|
set_context_mgr
|
|
|
|
transfer
|
|
|
|
}
|
|
|
|
|
2015-05-21 22:17:26 +02:00
|
|
|
class netlink_iscsi_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class netlink_fib_lookup_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class netlink_connector_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class netlink_netfilter_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class netlink_generic_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class netlink_scsitransport_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class netlink_rdma_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class netlink_crypto_socket
|
|
|
|
inherits socket
|
|
|
|
|
2018-11-02 03:39:44 +01:00
|
|
|
class infiniband_pkey
|
|
|
|
{
|
|
|
|
access
|
|
|
|
}
|
|
|
|
|
|
|
|
class infiniband_endport
|
|
|
|
{
|
|
|
|
manage_subnet
|
|
|
|
}
|
|
|
|
|
2016-04-27 15:42:57 +02:00
|
|
|
#
|
|
|
|
# Define the access vector interpretation for controlling capabilities
|
|
|
|
# in user namespaces
|
|
|
|
#
|
|
|
|
|
|
|
|
class cap_userns
|
|
|
|
inherits cap
|
|
|
|
|
|
|
|
class cap2_userns
|
|
|
|
inherits cap2
|
|
|
|
|
2016-12-08 19:35:27 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# Define the access vector interpretation for the new socket classes
|
|
|
|
# enabled by the extended_socket_class policy capability.
|
|
|
|
#
|
|
|
|
|
|
|
|
#
|
|
|
|
# The next two classes were previously mapped to rawip_socket and therefore
|
|
|
|
# have the same definition as rawip_socket (until further permissions
|
|
|
|
# are defined).
|
|
|
|
#
|
|
|
|
class sctp_socket
|
|
|
|
inherits socket
|
|
|
|
{
|
|
|
|
node_bind
|
2018-11-02 03:39:44 +01:00
|
|
|
name_connect
|
|
|
|
association
|
2016-12-08 19:35:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
class icmp_socket
|
|
|
|
inherits socket
|
|
|
|
{
|
|
|
|
node_bind
|
|
|
|
}
|
|
|
|
|
|
|
|
#
|
|
|
|
# The remaining network socket classes were previously
|
|
|
|
# mapped to the socket class and therefore have the
|
|
|
|
# same definition as socket.
|
|
|
|
#
|
|
|
|
|
|
|
|
class ax25_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class ipx_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class netrom_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class atmpvc_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class x25_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class rose_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class decnet_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class atmsvc_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class rds_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class irda_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class pppox_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class llc_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class can_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class tipc_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class bluetooth_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class iucv_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class rxrpc_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class isdn_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class phonet_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class ieee802154_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class caif_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class alg_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class nfc_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class vsock_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class kcm_socket
|
|
|
|
inherits socket
|
|
|
|
|
|
|
|
class qipcrtr_socket
|
|
|
|
inherits socket
|
|
|
|
|
2017-05-17 18:06:49 +02:00
|
|
|
class smc_socket
|
|
|
|
inherits socket
|
|
|
|
|
2018-10-18 18:08:26 +02:00
|
|
|
class bpf
|
|
|
|
{
|
|
|
|
map_create
|
|
|
|
map_read
|
|
|
|
map_write
|
|
|
|
prog_load
|
|
|
|
prog_run
|
|
|
|
}
|
|
|
|
|
2012-04-04 16:11:16 +02:00
|
|
|
class property_service
|
|
|
|
{
|
|
|
|
set
|
|
|
|
}
|
2014-06-06 00:52:02 +02:00
|
|
|
|
|
|
|
class service_manager
|
|
|
|
{
|
|
|
|
add
|
2014-07-07 22:56:27 +02:00
|
|
|
find
|
|
|
|
list
|
2014-06-06 00:52:02 +02:00
|
|
|
}
|
2014-06-17 23:58:52 +02:00
|
|
|
|
2017-04-06 18:24:41 +02:00
|
|
|
class hwservice_manager
|
|
|
|
{
|
|
|
|
add
|
|
|
|
find
|
|
|
|
list
|
|
|
|
}
|
|
|
|
|
2014-06-17 23:58:52 +02:00
|
|
|
class keystore_key
|
|
|
|
{
|
2015-05-13 23:39:48 +02:00
|
|
|
get_state
|
2014-06-17 23:58:52 +02:00
|
|
|
get
|
|
|
|
insert
|
|
|
|
delete
|
|
|
|
exist
|
2015-05-13 23:39:48 +02:00
|
|
|
list
|
2014-06-17 23:58:52 +02:00
|
|
|
reset
|
|
|
|
password
|
|
|
|
lock
|
|
|
|
unlock
|
2015-05-13 23:39:48 +02:00
|
|
|
is_empty
|
2014-06-17 23:58:52 +02:00
|
|
|
sign
|
|
|
|
verify
|
|
|
|
grant
|
|
|
|
duplicate
|
|
|
|
clear_uid
|
2015-03-31 22:03:06 +02:00
|
|
|
add_auth
|
2015-05-12 21:33:40 +02:00
|
|
|
user_changed
|
2017-04-11 17:41:25 +02:00
|
|
|
gen_unique_id
|
2014-06-17 23:58:52 +02:00
|
|
|
}
|
2014-07-24 21:25:43 +02:00
|
|
|
|
2014-07-02 21:42:59 +02:00
|
|
|
class drmservice {
|
|
|
|
consumeRights
|
|
|
|
setPlaybackStatus
|
|
|
|
openDecryptSession
|
|
|
|
closeDecryptSession
|
|
|
|
initializeDecryptUnit
|
|
|
|
decrypt
|
|
|
|
finalizeDecryptUnit
|
|
|
|
pread
|
|
|
|
}
|
2018-11-02 03:39:44 +01:00
|
|
|
|
|
|
|
class xdp_socket
|
|
|
|
inherits socket
|
2020-01-08 18:30:26 +01:00
|
|
|
|
|
|
|
class perf_event
|
|
|
|
{
|
|
|
|
open
|
|
|
|
cpu
|
|
|
|
kernel
|
|
|
|
tracepoint
|
|
|
|
read
|
|
|
|
write
|
|
|
|
}
|
2020-02-13 21:57:27 +01:00
|
|
|
|
|
|
|
class lockdown
|
|
|
|
{
|
|
|
|
integrity
|
|
|
|
confidentiality
|
|
|
|
}
|