1# Copyright (c) 2021 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14define(`notdevfile_class_set',`{ fifo_file file lnk_file sock_file }') 15define(`devfile_class_set',`{ blk_file chr_file }') 16define(`file_class_set',`{ devfile_class_set notdevfile_class_set }') 17define(`dir_file_class_set',`{ dir file_class_set }') 18 19define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket 20appletalk_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket 21netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket 22netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket sctp_socket icmp_socket 23ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket bluetooth_socket 24iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket }') 25 26define(`dgram_socket_class_set',`{ udp_socket unix_dgram_socket }') 27define(`stream_socket_class_set',`{ tcp_socket unix_stream_socket sctp_socket }') 28define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket sctp_socket }') 29 30# permission for ipc 31define(`read_ipc_perms', `{ associate getattr read unix_read }') 32define(`rw_ipc_perms', `{ read_ipc_perms unix_write write }') 33define(`create_ipc_perms', `{ create destroy rw_ipc_perms setattr }') 34define(`rw_socket_perms', `{ ioctl read getattr write setattr append bind connect getopt setopt shutdown }') 35define(`create_socket_perms', `{ create rw_socket_perms }') 36 37# permission for dir 38define(`read_dir_perms', `{ getattr search open read lock ioctl watch watch_reads }') 39define(`rw_dir_perms', `{ open read getattr lock search ioctl add_name remove_name write }') 40define(`create_dir_perms',`{ create reparent rename rmdir setattr rw_dir_perms }') 41 42# permission for file 43define(`read_file_perms',`{ getattr open read lock ioctl map watch watch_reads }') 44define(`exec_file_perms',`{ getattr map execute execute_no_trans }') 45define(`write_file_perms',`{ open write append lock map }') 46define(`rw_file_perms',`{ write_file_perms read_file_perms }') 47define(`create_file_perms',`{ create rename setattr unlink rw_file_perms }') 48 49# permission without ioctl for dir 50define(`read_dir_perms_without_ioctl', `{ getattr search open read lock watch watch_reads }') 51define(`rw_dir_perms_without_ioctl', `{ open read getattr lock search add_name remove_name write }') 52define(`create_dir_perms_without_ioctl',`{ create reparent rename rmdir setattr rw_dir_perms_without_ioctl }') 53 54# permission without ioctl for file 55define(`read_file_perms_without_ioctl',`{ getattr open read lock map watch watch_reads }') 56define(`rw_file_perms_without_ioctl',`{ write_file_perms read_file_perms_without_ioctl }') 57define(`create_file_perms_without_ioctl',`{ create rename setattr unlink rw_file_perms_without_ioctl }') 58