classmap.h - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
classmap.h (8436B)
      1/* SPDX-License-Identifier: GPL-2.0 */
      2#include <linux/capability.h>
      3#include <linux/socket.h>
      4
      5#define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \
      6    "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append", "map"
      7
      8#define COMMON_FILE_PERMS COMMON_FILE_SOCK_PERMS, "unlink", "link", \
      9    "rename", "execute", "quotaon", "mounton", "audit_access", \
     10	"open", "execmod", "watch", "watch_mount", "watch_sb", \
     11	"watch_with_perm", "watch_reads"
     12
     13#define COMMON_SOCK_PERMS COMMON_FILE_SOCK_PERMS, "bind", "connect", \
     14    "listen", "accept", "getopt", "setopt", "shutdown", "recvfrom",  \
     15    "sendto", "name_bind"
     16
     17#define COMMON_IPC_PERMS "create", "destroy", "getattr", "setattr", "read", \
     18	    "write", "associate", "unix_read", "unix_write"
     19
     20#define COMMON_CAP_PERMS  "chown", "dac_override", "dac_read_search", \
     21	    "fowner", "fsetid", "kill", "setgid", "setuid", "setpcap", \
     22	    "linux_immutable", "net_bind_service", "net_broadcast", \
     23	    "net_admin", "net_raw", "ipc_lock", "ipc_owner", "sys_module", \
     24	    "sys_rawio", "sys_chroot", "sys_ptrace", "sys_pacct", "sys_admin", \
     25	    "sys_boot", "sys_nice", "sys_resource", "sys_time", \
     26	    "sys_tty_config", "mknod", "lease", "audit_write", \
     27	    "audit_control", "setfcap"
     28
     29#define COMMON_CAP2_PERMS  "mac_override", "mac_admin", "syslog", \
     30		"wake_alarm", "block_suspend", "audit_read", "perfmon", "bpf", \
     31		"checkpoint_restore"
     32
     33#if CAP_LAST_CAP > CAP_CHECKPOINT_RESTORE
     34#error New capability defined, please update COMMON_CAP2_PERMS.
     35#endif
     36
     37/*
     38 * Note: The name for any socket class should be suffixed by "socket",
     39 *	 and doesn't contain more than one substr of "socket".
     40 */
     41const struct security_class_mapping secclass_map[] = {
     42	{ "security",
     43	  { "compute_av", "compute_create", "compute_member",
     44	    "check_context", "load_policy", "compute_relabel",
     45	    "compute_user", "setenforce", "setbool", "setsecparam",
     46	    "setcheckreqprot", "read_policy", "validate_trans", NULL } },
     47	{ "process",
     48	  { "fork", "transition", "sigchld", "sigkill",
     49	    "sigstop", "signull", "signal", "ptrace", "getsched", "setsched",
     50	    "getsession", "getpgid", "setpgid", "getcap", "setcap", "share",
     51	    "getattr", "setexec", "setfscreate", "noatsecure", "siginh",
     52	    "setrlimit", "rlimitinh", "dyntransition", "setcurrent",
     53	    "execmem", "execstack", "execheap", "setkeycreate",
     54	    "setsockcreate", "getrlimit", NULL } },
     55	{ "process2",
     56	  { "nnp_transition", "nosuid_transition", NULL } },
     57	{ "system",
     58	  { "ipc_info", "syslog_read", "syslog_mod",
     59	    "syslog_console", "module_request", "module_load", NULL } },
     60	{ "capability",
     61	  { COMMON_CAP_PERMS, NULL } },
     62	{ "filesystem",
     63	  { "mount", "remount", "unmount", "getattr",
     64	    "relabelfrom", "relabelto", "associate", "quotamod",
     65	    "quotaget", "watch", NULL } },
     66	{ "file",
     67	  { COMMON_FILE_PERMS,
     68	    "execute_no_trans", "entrypoint", NULL } },
     69	{ "dir",
     70	  { COMMON_FILE_PERMS, "add_name", "remove_name",
     71	    "reparent", "search", "rmdir", NULL } },
     72	{ "fd", { "use", NULL } },
     73	{ "lnk_file",
     74	  { COMMON_FILE_PERMS, NULL } },
     75	{ "chr_file",
     76	  { COMMON_FILE_PERMS, NULL } },
     77	{ "blk_file",
     78	  { COMMON_FILE_PERMS, NULL } },
     79	{ "sock_file",
     80	  { COMMON_FILE_PERMS, NULL } },
     81	{ "fifo_file",
     82	  { COMMON_FILE_PERMS, NULL } },
     83	{ "socket",
     84	  { COMMON_SOCK_PERMS, NULL } },
     85	{ "tcp_socket",
     86	  { COMMON_SOCK_PERMS,
     87	    "node_bind", "name_connect",
     88	    NULL } },
     89	{ "udp_socket",
     90	  { COMMON_SOCK_PERMS,
     91	    "node_bind", NULL } },
     92	{ "rawip_socket",
     93	  { COMMON_SOCK_PERMS,
     94	    "node_bind", NULL } },
     95	{ "node",
     96	  { "recvfrom", "sendto", NULL } },
     97	{ "netif",
     98	  { "ingress", "egress", NULL } },
     99	{ "netlink_socket",
    100	  { COMMON_SOCK_PERMS, NULL } },
    101	{ "packet_socket",
    102	  { COMMON_SOCK_PERMS, NULL } },
    103	{ "key_socket",
    104	  { COMMON_SOCK_PERMS, NULL } },
    105	{ "unix_stream_socket",
    106	  { COMMON_SOCK_PERMS, "connectto", NULL } },
    107	{ "unix_dgram_socket",
    108	  { COMMON_SOCK_PERMS, NULL } },
    109	{ "sem",
    110	  { COMMON_IPC_PERMS, NULL } },
    111	{ "msg", { "send", "receive", NULL } },
    112	{ "msgq",
    113	  { COMMON_IPC_PERMS, "enqueue", NULL } },
    114	{ "shm",
    115	  { COMMON_IPC_PERMS, "lock", NULL } },
    116	{ "ipc",
    117	  { COMMON_IPC_PERMS, NULL } },
    118	{ "netlink_route_socket",
    119	  { COMMON_SOCK_PERMS,
    120	    "nlmsg_read", "nlmsg_write", NULL } },
    121	{ "netlink_tcpdiag_socket",
    122	  { COMMON_SOCK_PERMS,
    123	    "nlmsg_read", "nlmsg_write", NULL } },
    124	{ "netlink_nflog_socket",
    125	  { COMMON_SOCK_PERMS, NULL } },
    126	{ "netlink_xfrm_socket",
    127	  { COMMON_SOCK_PERMS,
    128	    "nlmsg_read", "nlmsg_write", NULL } },
    129	{ "netlink_selinux_socket",
    130	  { COMMON_SOCK_PERMS, NULL } },
    131	{ "netlink_iscsi_socket",
    132	  { COMMON_SOCK_PERMS, NULL } },
    133	{ "netlink_audit_socket",
    134	  { COMMON_SOCK_PERMS,
    135	    "nlmsg_read", "nlmsg_write", "nlmsg_relay", "nlmsg_readpriv",
    136	    "nlmsg_tty_audit", NULL } },
    137	{ "netlink_fib_lookup_socket",
    138	  { COMMON_SOCK_PERMS, NULL } },
    139	{ "netlink_connector_socket",
    140	  { COMMON_SOCK_PERMS, NULL } },
    141	{ "netlink_netfilter_socket",
    142	  { COMMON_SOCK_PERMS, NULL } },
    143	{ "netlink_dnrt_socket",
    144	  { COMMON_SOCK_PERMS, NULL } },
    145	{ "association",
    146	  { "sendto", "recvfrom", "setcontext", "polmatch", NULL } },
    147	{ "netlink_kobject_uevent_socket",
    148	  { COMMON_SOCK_PERMS, NULL } },
    149	{ "netlink_generic_socket",
    150	  { COMMON_SOCK_PERMS, NULL } },
    151	{ "netlink_scsitransport_socket",
    152	  { COMMON_SOCK_PERMS, NULL } },
    153	{ "netlink_rdma_socket",
    154	  { COMMON_SOCK_PERMS, NULL } },
    155	{ "netlink_crypto_socket",
    156	  { COMMON_SOCK_PERMS, NULL } },
    157	{ "appletalk_socket",
    158	  { COMMON_SOCK_PERMS, NULL } },
    159	{ "packet",
    160	  { "send", "recv", "relabelto", "forward_in", "forward_out", NULL } },
    161	{ "key",
    162	  { "view", "read", "write", "search", "link", "setattr", "create",
    163	    NULL } },
    164	{ "dccp_socket",
    165	  { COMMON_SOCK_PERMS,
    166	    "node_bind", "name_connect", NULL } },
    167	{ "memprotect", { "mmap_zero", NULL } },
    168	{ "peer", { "recv", NULL } },
    169	{ "capability2",
    170	  { COMMON_CAP2_PERMS, NULL } },
    171	{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
    172	{ "tun_socket",
    173	  { COMMON_SOCK_PERMS, "attach_queue", NULL } },
    174	{ "binder", { "impersonate", "call", "set_context_mgr", "transfer",
    175		      NULL } },
    176	{ "cap_userns",
    177	  { COMMON_CAP_PERMS, NULL } },
    178	{ "cap2_userns",
    179	  { COMMON_CAP2_PERMS, NULL } },
    180	{ "sctp_socket",
    181	  { COMMON_SOCK_PERMS,
    182	    "node_bind", "name_connect", "association", NULL } },
    183	{ "icmp_socket",
    184	  { COMMON_SOCK_PERMS,
    185	    "node_bind", NULL } },
    186	{ "ax25_socket",
    187	  { COMMON_SOCK_PERMS, NULL } },
    188	{ "ipx_socket",
    189	  { COMMON_SOCK_PERMS, NULL } },
    190	{ "netrom_socket",
    191	  { COMMON_SOCK_PERMS, NULL } },
    192	{ "atmpvc_socket",
    193	  { COMMON_SOCK_PERMS, NULL } },
    194	{ "x25_socket",
    195	  { COMMON_SOCK_PERMS, NULL } },
    196	{ "rose_socket",
    197	  { COMMON_SOCK_PERMS, NULL } },
    198	{ "decnet_socket",
    199	  { COMMON_SOCK_PERMS, NULL } },
    200	{ "atmsvc_socket",
    201	  { COMMON_SOCK_PERMS, NULL } },
    202	{ "rds_socket",
    203	  { COMMON_SOCK_PERMS, NULL } },
    204	{ "irda_socket",
    205	  { COMMON_SOCK_PERMS, NULL } },
    206	{ "pppox_socket",
    207	  { COMMON_SOCK_PERMS, NULL } },
    208	{ "llc_socket",
    209	  { COMMON_SOCK_PERMS, NULL } },
    210	{ "can_socket",
    211	  { COMMON_SOCK_PERMS, NULL } },
    212	{ "tipc_socket",
    213	  { COMMON_SOCK_PERMS, NULL } },
    214	{ "bluetooth_socket",
    215	  { COMMON_SOCK_PERMS, NULL } },
    216	{ "iucv_socket",
    217	  { COMMON_SOCK_PERMS, NULL } },
    218	{ "rxrpc_socket",
    219	  { COMMON_SOCK_PERMS, NULL } },
    220	{ "isdn_socket",
    221	  { COMMON_SOCK_PERMS, NULL } },
    222	{ "phonet_socket",
    223	  { COMMON_SOCK_PERMS, NULL } },
    224	{ "ieee802154_socket",
    225	  { COMMON_SOCK_PERMS, NULL } },
    226	{ "caif_socket",
    227	  { COMMON_SOCK_PERMS, NULL } },
    228	{ "alg_socket",
    229	  { COMMON_SOCK_PERMS, NULL } },
    230	{ "nfc_socket",
    231	  { COMMON_SOCK_PERMS, NULL } },
    232	{ "vsock_socket",
    233	  { COMMON_SOCK_PERMS, NULL } },
    234	{ "kcm_socket",
    235	  { COMMON_SOCK_PERMS, NULL } },
    236	{ "qipcrtr_socket",
    237	  { COMMON_SOCK_PERMS, NULL } },
    238	{ "smc_socket",
    239	  { COMMON_SOCK_PERMS, NULL } },
    240	{ "infiniband_pkey",
    241	  { "access", NULL } },
    242	{ "infiniband_endport",
    243	  { "manage_subnet", NULL } },
    244	{ "bpf",
    245	  { "map_create", "map_read", "map_write", "prog_load", "prog_run",
    246	    NULL } },
    247	{ "xdp_socket",
    248	  { COMMON_SOCK_PERMS, NULL } },
    249	{ "mctp_socket",
    250	  { COMMON_SOCK_PERMS, NULL } },
    251	{ "perf_event",
    252	  { "open", "cpu", "kernel", "tracepoint", "read", "write", NULL } },
    253	{ "anon_inode",
    254	  { COMMON_FILE_PERMS, NULL } },
    255	{ "io_uring",
    256	  { "override_creds", "sqpoll", NULL } },
    257	{ NULL }
    258  };
    259
    260#if PF_MAX > 46
    261#error New address family defined, please update secclass_map.
    262#endif