selinux: generate flask headers during kernel build

Add a simple utility (scripts/selinux/genheaders) and invoke it to generate the kernel-private class and permission indices in flask.h and av_permissions.h automatically during the kernel build from the security class mapping definitions in classmap.h. Adding new kernel classes and permissions can then be done just by adding them to classmap.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>

selinux: generate flask headers during kernel build
Add a simple utility (scripts/selinux/genheaders) and invoke it to generate the kernel-private class and permission indices in flask.h and av_permissions.h automatically during the kernel build from the security class mapping definitions in classmap.h. Adding new kernel classes and permissions can then be done just by adding them to classmap.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Stephen Smalley · James Morris
1 parent c6d3aaa4e3
Showing 7 changed files with 135 additions and 965 deletions Side-by-side Diff
scripts/selinux/Makefile
scripts/selinux/genheaders/Makefile
scripts/selinux/genheaders/genheaders.c
security/selinux/Makefile
security/selinux/include/av_permissions.h
security/selinux/include/flask.h
security/selinux/ss/Makefile
-subdir-y := mdp
-subdir-	+= mdp
+subdir-y := mdp genheaders
+subdir-	+= mdp genheaders
+hostprogs-y	:= genheaders
+HOST_EXTRACFLAGS += -Isecurity/selinux/include
+
+always		:= $(hostprogs-y)
+clean-files	:= $(hostprogs-y)
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <ctype.h>
+
+struct security_class_mapping {
+	const char *name;
+	const char *perms[sizeof(unsigned) * 8 + 1];
+};
+
+#include "classmap.h"
+#include "initial_sid_to_string.h"
+
+#define max(x, y) ((x > y) ? x : y)
+
+const char *progname;
+
+void usage(void)
+{
+	printf("usage: %s flask.h av_permissions.h\n", progname);
+	exit(1);
+}
+
+char *stoupperx(const char *s)
+{
+	char *s2 = strdup(s);
+	char *p;
+
+	if (!s2) {
+		fprintf(stderr, "%s:  out of memory\n", progname);
+		exit(3);
+	}
+
+	for (p = s2; *p; p++)
+		*p = toupper(*p);
+	return s2;
+}
+
+int main(int argc, char *argv[])
+{
+	int i, j, k;
+	int isids_len;
+	FILE *fout;
+
+	progname = argv[0];
+
+	if (argc < 3)
+		usage();
+
+	fout = fopen(argv[1], "w");
+	if (!fout) {
+		fprintf(stderr, "Could not open %s for writing:  %s\n",
+			argv[1], strerror(errno));
+		exit(2);
+	}
+
+	for (i = 0; secclass_map[i].name; i++) {
+		struct security_class_mapping *map = &secclass_map[i];
+		map->name = stoupperx(map->name);
+		for (j = 0; map->perms[j]; j++)
+			map->perms[j] = stoupperx(map->perms[j]);
+	}
+
+	isids_len = sizeof(initial_sid_to_string) / sizeof (char *);
+	for (i = 1; i < isids_len; i++)
+		initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]);
+
+	fprintf(fout, "/* This file is automatically generated.  Do not edit. */\n");
+	fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");
+
+	for (i = 0; secclass_map[i].name; i++) {
+		struct security_class_mapping *map = &secclass_map[i];
+		fprintf(fout, "#define SECCLASS_%s", map->name);
+		for (j = 0; j < max(1, 40 - strlen(map->name)); j++)
+			fprintf(fout, " ");
+		fprintf(fout, "%2d\n", i+1);
+	}
+
+	fprintf(fout, "\n");
+
+	for (i = 1; i < isids_len; i++) {
+		char *s = initial_sid_to_string[i];
+		fprintf(fout, "#define SECINITSID_%s", s);
+		for (j = 0; j < max(1, 40 - strlen(s)); j++)
+			fprintf(fout, " ");
+		fprintf(fout, "%2d\n", i);
+	}
+	fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
+	fprintf(fout, "\n#endif\n");
+	fclose(fout);
+
+	fout = fopen(argv[2], "w");
+	if (!fout) {
+		fprintf(stderr, "Could not open %s for writing:  %s\n",
+			argv[2], strerror(errno));
+		exit(4);
+	}
+
+	fprintf(fout, "/* This file is automatically generated.  Do not edit. */\n");
+	fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n");
+
+	for (i = 0; secclass_map[i].name; i++) {
+		struct security_class_mapping *map = &secclass_map[i];
+		for (j = 0; map->perms[j]; j++) {
+			fprintf(fout, "#define %s__%s", map->name,
+				map->perms[j]);
+			for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++)
+				fprintf(fout, " ");
+			fprintf(fout, "0x%08xUL\n", (1<<j));
+		}
+	}
+
+	fprintf(fout, "\n#endif\n");
+	fclose(fout);
+	exit(0);
+}
@@ -18,5 +18,14 @@
  
 selinux-$(CONFIG_NETLABEL) += netlabel.o
  
-EXTRA_CFLAGS += -Isecurity/selinux/include
+EXTRA_CFLAGS += -Isecurity/selinux -Isecurity/selinux/include
+
+$(obj)/avc.o: $(obj)/flask.h
+
+quiet_cmd_flask = GEN     $(obj)/flask.h $(obj)/av_permissions.h
+      cmd_flask = scripts/selinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h
+
+targets += flask.h
+$(obj)/flask.h: $(src)/include/classmap.h FORCE
+	$(call if_changed,flask)
-/* This file is automatically generated.  Do not edit. */
-#define COMMON_FILE__IOCTL                               0x00000001UL
-#define COMMON_FILE__READ                                0x00000002UL
-#define COMMON_FILE__WRITE                               0x00000004UL
-#define COMMON_FILE__CREATE                              0x00000008UL
-#define COMMON_FILE__GETATTR                             0x00000010UL
-#define COMMON_FILE__SETATTR                             0x00000020UL
-#define COMMON_FILE__LOCK                                0x00000040UL
-#define COMMON_FILE__RELABELFROM                         0x00000080UL
-#define COMMON_FILE__RELABELTO                           0x00000100UL
-#define COMMON_FILE__APPEND                              0x00000200UL
-#define COMMON_FILE__UNLINK                              0x00000400UL
-#define COMMON_FILE__LINK                                0x00000800UL
-#define COMMON_FILE__RENAME                              0x00001000UL
-#define COMMON_FILE__EXECUTE                             0x00002000UL
-#define COMMON_FILE__SWAPON                              0x00004000UL
-#define COMMON_FILE__QUOTAON                             0x00008000UL
-#define COMMON_FILE__MOUNTON                             0x00010000UL
-#define COMMON_SOCKET__IOCTL                             0x00000001UL
-#define COMMON_SOCKET__READ                              0x00000002UL
-#define COMMON_SOCKET__WRITE                             0x00000004UL
-#define COMMON_SOCKET__CREATE                            0x00000008UL
-#define COMMON_SOCKET__GETATTR                           0x00000010UL
-#define COMMON_SOCKET__SETATTR                           0x00000020UL
-#define COMMON_SOCKET__LOCK                              0x00000040UL
-#define COMMON_SOCKET__RELABELFROM                       0x00000080UL
-#define COMMON_SOCKET__RELABELTO                         0x00000100UL
-#define COMMON_SOCKET__APPEND                            0x00000200UL
-#define COMMON_SOCKET__BIND                              0x00000400UL
-#define COMMON_SOCKET__CONNECT                           0x00000800UL
-#define COMMON_SOCKET__LISTEN                            0x00001000UL
-#define COMMON_SOCKET__ACCEPT                            0x00002000UL
-#define COMMON_SOCKET__GETOPT                            0x00004000UL
-#define COMMON_SOCKET__SETOPT                            0x00008000UL
-#define COMMON_SOCKET__SHUTDOWN                          0x00010000UL
-#define COMMON_SOCKET__RECVFROM                          0x00020000UL
-#define COMMON_SOCKET__SENDTO                            0x00040000UL
-#define COMMON_SOCKET__RECV_MSG                          0x00080000UL
-#define COMMON_SOCKET__SEND_MSG                          0x00100000UL
-#define COMMON_SOCKET__NAME_BIND                         0x00200000UL
-#define COMMON_IPC__CREATE                               0x00000001UL
-#define COMMON_IPC__DESTROY                              0x00000002UL
-#define COMMON_IPC__GETATTR                              0x00000004UL
-#define COMMON_IPC__SETATTR                              0x00000008UL
-#define COMMON_IPC__READ                                 0x00000010UL
-#define COMMON_IPC__WRITE                                0x00000020UL
-#define COMMON_IPC__ASSOCIATE                            0x00000040UL
-#define COMMON_IPC__UNIX_READ                            0x00000080UL
-#define COMMON_IPC__UNIX_WRITE                           0x00000100UL
-#define FILESYSTEM__MOUNT                         0x00000001UL
-#define FILESYSTEM__REMOUNT                       0x00000002UL
-#define FILESYSTEM__UNMOUNT                       0x00000004UL
-#define FILESYSTEM__GETATTR                       0x00000008UL
-#define FILESYSTEM__RELABELFROM                   0x00000010UL
-#define FILESYSTEM__RELABELTO                     0x00000020UL
-#define FILESYSTEM__TRANSITION                    0x00000040UL
-#define FILESYSTEM__ASSOCIATE                     0x00000080UL
-#define FILESYSTEM__QUOTAMOD                      0x00000100UL
-#define FILESYSTEM__QUOTAGET                      0x00000200UL
-#define DIR__IOCTL                                0x00000001UL
-#define DIR__READ                                 0x00000002UL
-#define DIR__WRITE                                0x00000004UL
-#define DIR__CREATE                               0x00000008UL
-#define DIR__GETATTR                              0x00000010UL
-#define DIR__SETATTR                              0x00000020UL
-#define DIR__LOCK                                 0x00000040UL
-#define DIR__RELABELFROM                          0x00000080UL
-#define DIR__RELABELTO                            0x00000100UL
-#define DIR__APPEND                               0x00000200UL
-#define DIR__UNLINK                               0x00000400UL
-#define DIR__LINK                                 0x00000800UL
-#define DIR__RENAME                               0x00001000UL
-#define DIR__EXECUTE                              0x00002000UL
-#define DIR__SWAPON                               0x00004000UL
-#define DIR__QUOTAON                              0x00008000UL
-#define DIR__MOUNTON                              0x00010000UL
-#define DIR__ADD_NAME                             0x00020000UL
-#define DIR__REMOVE_NAME                          0x00040000UL
-#define DIR__REPARENT                             0x00080000UL
-#define DIR__SEARCH                               0x00100000UL
-#define DIR__RMDIR                                0x00200000UL
-#define DIR__OPEN                                 0x00400000UL
-#define FILE__IOCTL                               0x00000001UL
-#define FILE__READ                                0x00000002UL
-#define FILE__WRITE                               0x00000004UL
-#define FILE__CREATE                              0x00000008UL
-#define FILE__GETATTR                             0x00000010UL
-#define FILE__SETATTR                             0x00000020UL
-#define FILE__LOCK                                0x00000040UL
-#define FILE__RELABELFROM                         0x00000080UL
-#define FILE__RELABELTO                           0x00000100UL
-#define FILE__APPEND                              0x00000200UL
-#define FILE__UNLINK                              0x00000400UL
-#define FILE__LINK                                0x00000800UL
-#define FILE__RENAME                              0x00001000UL
-#define FILE__EXECUTE                             0x00002000UL
-#define FILE__SWAPON                              0x00004000UL
-#define FILE__QUOTAON                             0x00008000UL
-#define FILE__MOUNTON                             0x00010000UL
-#define FILE__EXECUTE_NO_TRANS                    0x00020000UL
-#define FILE__ENTRYPOINT                          0x00040000UL
-#define FILE__EXECMOD                             0x00080000UL
-#define FILE__OPEN                                0x00100000UL
-#define LNK_FILE__IOCTL                           0x00000001UL
-#define LNK_FILE__READ                            0x00000002UL
-#define LNK_FILE__WRITE                           0x00000004UL
-#define LNK_FILE__CREATE                          0x00000008UL
-#define LNK_FILE__GETATTR                         0x00000010UL
-#define LNK_FILE__SETATTR                         0x00000020UL
-#define LNK_FILE__LOCK                            0x00000040UL
-#define LNK_FILE__RELABELFROM                     0x00000080UL
-#define LNK_FILE__RELABELTO                       0x00000100UL
-#define LNK_FILE__APPEND                          0x00000200UL
-#define LNK_FILE__UNLINK                          0x00000400UL
-#define LNK_FILE__LINK                            0x00000800UL
-#define LNK_FILE__RENAME                          0x00001000UL
-#define LNK_FILE__EXECUTE                         0x00002000UL
-#define LNK_FILE__SWAPON                          0x00004000UL
-#define LNK_FILE__QUOTAON                         0x00008000UL
-#define LNK_FILE__MOUNTON                         0x00010000UL
-#define CHR_FILE__IOCTL                           0x00000001UL
-#define CHR_FILE__READ                            0x00000002UL
-#define CHR_FILE__WRITE                           0x00000004UL
-#define CHR_FILE__CREATE                          0x00000008UL
-#define CHR_FILE__GETATTR                         0x00000010UL
-#define CHR_FILE__SETATTR                         0x00000020UL
-#define CHR_FILE__LOCK                            0x00000040UL
-#define CHR_FILE__RELABELFROM                     0x00000080UL
-#define CHR_FILE__RELABELTO                       0x00000100UL
-#define CHR_FILE__APPEND                          0x00000200UL
-#define CHR_FILE__UNLINK                          0x00000400UL
-#define CHR_FILE__LINK                            0x00000800UL
-#define CHR_FILE__RENAME                          0x00001000UL
-#define CHR_FILE__EXECUTE                         0x00002000UL
-#define CHR_FILE__SWAPON                          0x00004000UL
-#define CHR_FILE__QUOTAON                         0x00008000UL
-#define CHR_FILE__MOUNTON                         0x00010000UL
-#define CHR_FILE__EXECUTE_NO_TRANS                0x00020000UL
-#define CHR_FILE__ENTRYPOINT                      0x00040000UL
-#define CHR_FILE__EXECMOD                         0x00080000UL
-#define CHR_FILE__OPEN                            0x00100000UL
-#define BLK_FILE__IOCTL                           0x00000001UL
-#define BLK_FILE__READ                            0x00000002UL
-#define BLK_FILE__WRITE                           0x00000004UL
-#define BLK_FILE__CREATE                          0x00000008UL
-#define BLK_FILE__GETATTR                         0x00000010UL
-#define BLK_FILE__SETATTR                         0x00000020UL
-#define BLK_FILE__LOCK                            0x00000040UL
-#define BLK_FILE__RELABELFROM                     0x00000080UL
-#define BLK_FILE__RELABELTO                       0x00000100UL
-#define BLK_FILE__APPEND                          0x00000200UL
-#define BLK_FILE__UNLINK                          0x00000400UL
-#define BLK_FILE__LINK                            0x00000800UL
-#define BLK_FILE__RENAME                          0x00001000UL
-#define BLK_FILE__EXECUTE                         0x00002000UL
-#define BLK_FILE__SWAPON                          0x00004000UL
-#define BLK_FILE__QUOTAON                         0x00008000UL
-#define BLK_FILE__MOUNTON                         0x00010000UL
-#define BLK_FILE__OPEN                            0x00020000UL
-#define SOCK_FILE__IOCTL                          0x00000001UL
-#define SOCK_FILE__READ                           0x00000002UL
-#define SOCK_FILE__WRITE                          0x00000004UL
-#define SOCK_FILE__CREATE                         0x00000008UL
-#define SOCK_FILE__GETATTR                        0x00000010UL
-#define SOCK_FILE__SETATTR                        0x00000020UL
-#define SOCK_FILE__LOCK                           0x00000040UL
-#define SOCK_FILE__RELABELFROM                    0x00000080UL
-#define SOCK_FILE__RELABELTO                      0x00000100UL
-#define SOCK_FILE__APPEND                         0x00000200UL
-#define SOCK_FILE__UNLINK                         0x00000400UL
-#define SOCK_FILE__LINK                           0x00000800UL
-#define SOCK_FILE__RENAME                         0x00001000UL
-#define SOCK_FILE__EXECUTE                        0x00002000UL
-#define SOCK_FILE__SWAPON                         0x00004000UL
-#define SOCK_FILE__QUOTAON                        0x00008000UL
-#define SOCK_FILE__MOUNTON                        0x00010000UL
-#define SOCK_FILE__OPEN                           0x00020000UL
-#define FIFO_FILE__IOCTL                          0x00000001UL
-#define FIFO_FILE__READ                           0x00000002UL
-#define FIFO_FILE__WRITE                          0x00000004UL
-#define FIFO_FILE__CREATE                         0x00000008UL
-#define FIFO_FILE__GETATTR                        0x00000010UL
-#define FIFO_FILE__SETATTR                        0x00000020UL
-#define FIFO_FILE__LOCK                           0x00000040UL
-#define FIFO_FILE__RELABELFROM                    0x00000080UL
-#define FIFO_FILE__RELABELTO                      0x00000100UL
-#define FIFO_FILE__APPEND                         0x00000200UL
-#define FIFO_FILE__UNLINK                         0x00000400UL
-#define FIFO_FILE__LINK                           0x00000800UL
-#define FIFO_FILE__RENAME                         0x00001000UL
-#define FIFO_FILE__EXECUTE                        0x00002000UL
-#define FIFO_FILE__SWAPON                         0x00004000UL
-#define FIFO_FILE__QUOTAON                        0x00008000UL
-#define FIFO_FILE__MOUNTON                        0x00010000UL
-#define FIFO_FILE__OPEN                           0x00020000UL
-#define FD__USE                                   0x00000001UL
-#define SOCKET__IOCTL                             0x00000001UL
-#define SOCKET__READ                              0x00000002UL
-#define SOCKET__WRITE                             0x00000004UL
-#define SOCKET__CREATE                            0x00000008UL
-#define SOCKET__GETATTR                           0x00000010UL
-#define SOCKET__SETATTR                           0x00000020UL
-#define SOCKET__LOCK                              0x00000040UL
-#define SOCKET__RELABELFROM                       0x00000080UL
-#define SOCKET__RELABELTO                         0x00000100UL
-#define SOCKET__APPEND                            0x00000200UL
-#define SOCKET__BIND                              0x00000400UL
-#define SOCKET__CONNECT                           0x00000800UL
-#define SOCKET__LISTEN                            0x00001000UL
-#define SOCKET__ACCEPT                            0x00002000UL
-#define SOCKET__GETOPT                            0x00004000UL
-#define SOCKET__SETOPT                            0x00008000UL
-#define SOCKET__SHUTDOWN                          0x00010000UL
-#define SOCKET__RECVFROM                          0x00020000UL
-#define SOCKET__SENDTO                            0x00040000UL
-#define SOCKET__RECV_MSG                          0x00080000UL
-#define SOCKET__SEND_MSG                          0x00100000UL
-#define SOCKET__NAME_BIND                         0x00200000UL
-#define TCP_SOCKET__IOCTL                         0x00000001UL
-#define TCP_SOCKET__READ                          0x00000002UL
-#define TCP_SOCKET__WRITE                         0x00000004UL
-#define TCP_SOCKET__CREATE                        0x00000008UL
-#define TCP_SOCKET__GETATTR                       0x00000010UL
-#define TCP_SOCKET__SETATTR                       0x00000020UL
-#define TCP_SOCKET__LOCK                          0x00000040UL
-#define TCP_SOCKET__RELABELFROM                   0x00000080UL
-#define TCP_SOCKET__RELABELTO                     0x00000100UL
-#define TCP_SOCKET__APPEND                        0x00000200UL
-#define TCP_SOCKET__BIND                          0x00000400UL
-#define TCP_SOCKET__CONNECT                       0x00000800UL
-#define TCP_SOCKET__LISTEN                        0x00001000UL
-#define TCP_SOCKET__ACCEPT                        0x00002000UL
-#define TCP_SOCKET__GETOPT                        0x00004000UL
-#define TCP_SOCKET__SETOPT                        0x00008000UL
-#define TCP_SOCKET__SHUTDOWN                      0x00010000UL
-#define TCP_SOCKET__RECVFROM                      0x00020000UL
-#define TCP_SOCKET__SENDTO                        0x00040000UL
-#define TCP_SOCKET__RECV_MSG                      0x00080000UL
-#define TCP_SOCKET__SEND_MSG                      0x00100000UL
-#define TCP_SOCKET__NAME_BIND                     0x00200000UL
-#define TCP_SOCKET__CONNECTTO                     0x00400000UL
-#define TCP_SOCKET__NEWCONN                       0x00800000UL
-#define TCP_SOCKET__ACCEPTFROM                    0x01000000UL
-#define TCP_SOCKET__NODE_BIND                     0x02000000UL
-#define TCP_SOCKET__NAME_CONNECT                  0x04000000UL
-#define UDP_SOCKET__IOCTL                         0x00000001UL
-#define UDP_SOCKET__READ                          0x00000002UL
-#define UDP_SOCKET__WRITE                         0x00000004UL
-#define UDP_SOCKET__CREATE                        0x00000008UL
-#define UDP_SOCKET__GETATTR                       0x00000010UL
-#define UDP_SOCKET__SETATTR                       0x00000020UL
-#define UDP_SOCKET__LOCK                          0x00000040UL
-#define UDP_SOCKET__RELABELFROM                   0x00000080UL
-#define UDP_SOCKET__RELABELTO                     0x00000100UL
-#define UDP_SOCKET__APPEND                        0x00000200UL
-#define UDP_SOCKET__BIND                          0x00000400UL
-#define UDP_SOCKET__CONNECT                       0x00000800UL
-#define UDP_SOCKET__LISTEN                        0x00001000UL
-#define UDP_SOCKET__ACCEPT                        0x00002000UL
-#define UDP_SOCKET__GETOPT                        0x00004000UL
-#define UDP_SOCKET__SETOPT                        0x00008000UL
-#define UDP_SOCKET__SHUTDOWN                      0x00010000UL
-#define UDP_SOCKET__RECVFROM                      0x00020000UL
-#define UDP_SOCKET__SENDTO                        0x00040000UL
-#define UDP_SOCKET__RECV_MSG                      0x00080000UL
-#define UDP_SOCKET__SEND_MSG                      0x00100000UL
-#define UDP_SOCKET__NAME_BIND                     0x00200000UL
-#define UDP_SOCKET__NODE_BIND                     0x00400000UL
-#define RAWIP_SOCKET__IOCTL                       0x00000001UL
-#define RAWIP_SOCKET__READ                        0x00000002UL
-#define RAWIP_SOCKET__WRITE                       0x00000004UL
-#define RAWIP_SOCKET__CREATE                      0x00000008UL
-#define RAWIP_SOCKET__GETATTR                     0x00000010UL
-#define RAWIP_SOCKET__SETATTR                     0x00000020UL
-#define RAWIP_SOCKET__LOCK                        0x00000040UL
-#define RAWIP_SOCKET__RELABELFROM                 0x00000080UL
-#define RAWIP_SOCKET__RELABELTO                   0x00000100UL
-#define RAWIP_SOCKET__APPEND                      0x00000200UL
-#define RAWIP_SOCKET__BIND                        0x00000400UL
-#define RAWIP_SOCKET__CONNECT                     0x00000800UL
-#define RAWIP_SOCKET__LISTEN                      0x00001000UL
-#define RAWIP_SOCKET__ACCEPT                      0x00002000UL
-#define RAWIP_SOCKET__GETOPT                      0x00004000UL
-#define RAWIP_SOCKET__SETOPT                      0x00008000UL
-#define RAWIP_SOCKET__SHUTDOWN                    0x00010000UL
-#define RAWIP_SOCKET__RECVFROM                    0x00020000UL
-#define RAWIP_SOCKET__SENDTO                      0x00040000UL
-#define RAWIP_SOCKET__RECV_MSG                    0x00080000UL
-#define RAWIP_SOCKET__SEND_MSG                    0x00100000UL
-#define RAWIP_SOCKET__NAME_BIND                   0x00200000UL
-#define RAWIP_SOCKET__NODE_BIND                   0x00400000UL
-#define NODE__TCP_RECV                            0x00000001UL
-#define NODE__TCP_SEND                            0x00000002UL
-#define NODE__UDP_RECV                            0x00000004UL
-#define NODE__UDP_SEND                            0x00000008UL
-#define NODE__RAWIP_RECV                          0x00000010UL
-#define NODE__RAWIP_SEND                          0x00000020UL
-#define NODE__ENFORCE_DEST                        0x00000040UL
-#define NODE__DCCP_RECV                           0x00000080UL
-#define NODE__DCCP_SEND                           0x00000100UL
-#define NODE__RECVFROM                            0x00000200UL
-#define NODE__SENDTO                              0x00000400UL
-#define NETIF__TCP_RECV                           0x00000001UL
-#define NETIF__TCP_SEND                           0x00000002UL
-#define NETIF__UDP_RECV                           0x00000004UL
-#define NETIF__UDP_SEND                           0x00000008UL
-#define NETIF__RAWIP_RECV                         0x00000010UL
-#define NETIF__RAWIP_SEND                         0x00000020UL
-#define NETIF__DCCP_RECV                          0x00000040UL
-#define NETIF__DCCP_SEND                          0x00000080UL
-#define NETIF__INGRESS                            0x00000100UL
-#define NETIF__EGRESS                             0x00000200UL
-#define NETLINK_SOCKET__IOCTL                     0x00000001UL
-#define NETLINK_SOCKET__READ                      0x00000002UL
-#define NETLINK_SOCKET__WRITE                     0x00000004UL
-#define NETLINK_SOCKET__CREATE                    0x00000008UL
-#define NETLINK_SOCKET__GETATTR                   0x00000010UL
-#define NETLINK_SOCKET__SETATTR                   0x00000020UL
-#define NETLINK_SOCKET__LOCK                      0x00000040UL
-#define NETLINK_SOCKET__RELABELFROM               0x00000080UL
-#define NETLINK_SOCKET__RELABELTO                 0x00000100UL
-#define NETLINK_SOCKET__APPEND                    0x00000200UL
-#define NETLINK_SOCKET__BIND                      0x00000400UL
-#define NETLINK_SOCKET__CONNECT                   0x00000800UL
-#define NETLINK_SOCKET__LISTEN                    0x00001000UL
-#define NETLINK_SOCKET__ACCEPT                    0x00002000UL
-#define NETLINK_SOCKET__GETOPT                    0x00004000UL
-#define NETLINK_SOCKET__SETOPT                    0x00008000UL
-#define NETLINK_SOCKET__SHUTDOWN                  0x00010000UL
-#define NETLINK_SOCKET__RECVFROM                  0x00020000UL
-#define NETLINK_SOCKET__SENDTO                    0x00040000UL
-#define NETLINK_SOCKET__RECV_MSG                  0x00080000UL
-#define NETLINK_SOCKET__SEND_MSG                  0x00100000UL
-#define NETLINK_SOCKET__NAME_BIND                 0x00200000UL
-#define PACKET_SOCKET__IOCTL                      0x00000001UL
-#define PACKET_SOCKET__READ                       0x00000002UL
-#define PACKET_SOCKET__WRITE                      0x00000004UL
-#define PACKET_SOCKET__CREATE                     0x00000008UL
-#define PACKET_SOCKET__GETATTR                    0x00000010UL
-#define PACKET_SOCKET__SETATTR                    0x00000020UL
-#define PACKET_SOCKET__LOCK                       0x00000040UL
-#define PACKET_SOCKET__RELABELFROM                0x00000080UL
-#define PACKET_SOCKET__RELABELTO                  0x00000100UL
-#define PACKET_SOCKET__APPEND                     0x00000200UL
-#define PACKET_SOCKET__BIND                       0x00000400UL
-#define PACKET_SOCKET__CONNECT                    0x00000800UL
-#define PACKET_SOCKET__LISTEN                     0x00001000UL
-#define PACKET_SOCKET__ACCEPT                     0x00002000UL
-#define PACKET_SOCKET__GETOPT                     0x00004000UL
-#define PACKET_SOCKET__SETOPT                     0x00008000UL
-#define PACKET_SOCKET__SHUTDOWN                   0x00010000UL
-#define PACKET_SOCKET__RECVFROM                   0x00020000UL
-#define PACKET_SOCKET__SENDTO                     0x00040000UL
-#define PACKET_SOCKET__RECV_MSG                   0x00080000UL
-#define PACKET_SOCKET__SEND_MSG                   0x00100000UL
-#define PACKET_SOCKET__NAME_BIND                  0x00200000UL
-#define KEY_SOCKET__IOCTL                         0x00000001UL
-#define KEY_SOCKET__READ                          0x00000002UL
-#define KEY_SOCKET__WRITE                         0x00000004UL
-#define KEY_SOCKET__CREATE                        0x00000008UL
-#define KEY_SOCKET__GETATTR                       0x00000010UL
-#define KEY_SOCKET__SETATTR                       0x00000020UL
-#define KEY_SOCKET__LOCK                          0x00000040UL
-#define KEY_SOCKET__RELABELFROM                   0x00000080UL
-#define KEY_SOCKET__RELABELTO                     0x00000100UL
-#define KEY_SOCKET__APPEND                        0x00000200UL
-#define KEY_SOCKET__BIND                          0x00000400UL
-#define KEY_SOCKET__CONNECT                       0x00000800UL
-#define KEY_SOCKET__LISTEN                        0x00001000UL
-#define KEY_SOCKET__ACCEPT                        0x00002000UL
-#define KEY_SOCKET__GETOPT                        0x00004000UL
-#define KEY_SOCKET__SETOPT                        0x00008000UL
-#define KEY_SOCKET__SHUTDOWN                      0x00010000UL
-#define KEY_SOCKET__RECVFROM                      0x00020000UL
-#define KEY_SOCKET__SENDTO                        0x00040000UL
-#define KEY_SOCKET__RECV_MSG                      0x00080000UL
-#define KEY_SOCKET__SEND_MSG                      0x00100000UL
-#define KEY_SOCKET__NAME_BIND                     0x00200000UL
-#define UNIX_STREAM_SOCKET__IOCTL                 0x00000001UL
-#define UNIX_STREAM_SOCKET__READ                  0x00000002UL
-#define UNIX_STREAM_SOCKET__WRITE                 0x00000004UL
-#define UNIX_STREAM_SOCKET__CREATE                0x00000008UL
-#define UNIX_STREAM_SOCKET__GETATTR               0x00000010UL
-#define UNIX_STREAM_SOCKET__SETATTR               0x00000020UL
-#define UNIX_STREAM_SOCKET__LOCK                  0x00000040UL
-#define UNIX_STREAM_SOCKET__RELABELFROM           0x00000080UL
-#define UNIX_STREAM_SOCKET__RELABELTO             0x00000100UL
-#define UNIX_STREAM_SOCKET__APPEND                0x00000200UL
-#define UNIX_STREAM_SOCKET__BIND                  0x00000400UL
-#define UNIX_STREAM_SOCKET__CONNECT               0x00000800UL
-#define UNIX_STREAM_SOCKET__LISTEN                0x00001000UL
-#define UNIX_STREAM_SOCKET__ACCEPT                0x00002000UL
-#define UNIX_STREAM_SOCKET__GETOPT                0x00004000UL
-#define UNIX_STREAM_SOCKET__SETOPT                0x00008000UL
-#define UNIX_STREAM_SOCKET__SHUTDOWN              0x00010000UL
-#define UNIX_STREAM_SOCKET__RECVFROM              0x00020000UL
-#define UNIX_STREAM_SOCKET__SENDTO                0x00040000UL
-#define UNIX_STREAM_SOCKET__RECV_MSG              0x00080000UL
-#define UNIX_STREAM_SOCKET__SEND_MSG              0x00100000UL
-#define UNIX_STREAM_SOCKET__NAME_BIND             0x00200000UL
-#define UNIX_STREAM_SOCKET__CONNECTTO             0x00400000UL
-#define UNIX_STREAM_SOCKET__NEWCONN               0x00800000UL
-#define UNIX_STREAM_SOCKET__ACCEPTFROM            0x01000000UL
-#define UNIX_DGRAM_SOCKET__IOCTL                  0x00000001UL
-#define UNIX_DGRAM_SOCKET__READ                   0x00000002UL
-#define UNIX_DGRAM_SOCKET__WRITE                  0x00000004UL
-#define UNIX_DGRAM_SOCKET__CREATE                 0x00000008UL
-#define UNIX_DGRAM_SOCKET__GETATTR                0x00000010UL
-#define UNIX_DGRAM_SOCKET__SETATTR                0x00000020UL
-#define UNIX_DGRAM_SOCKET__LOCK                   0x00000040UL
-#define UNIX_DGRAM_SOCKET__RELABELFROM            0x00000080UL
-#define UNIX_DGRAM_SOCKET__RELABELTO              0x00000100UL
-#define UNIX_DGRAM_SOCKET__APPEND                 0x00000200UL
-#define UNIX_DGRAM_SOCKET__BIND                   0x00000400UL
-#define UNIX_DGRAM_SOCKET__CONNECT                0x00000800UL
-#define UNIX_DGRAM_SOCKET__LISTEN                 0x00001000UL
-#define UNIX_DGRAM_SOCKET__ACCEPT                 0x00002000UL
-#define UNIX_DGRAM_SOCKET__GETOPT                 0x00004000UL
-#define UNIX_DGRAM_SOCKET__SETOPT                 0x00008000UL
-#define UNIX_DGRAM_SOCKET__SHUTDOWN               0x00010000UL
-#define UNIX_DGRAM_SOCKET__RECVFROM               0x00020000UL
-#define UNIX_DGRAM_SOCKET__SENDTO                 0x00040000UL
-#define UNIX_DGRAM_SOCKET__RECV_MSG               0x00080000UL
-#define UNIX_DGRAM_SOCKET__SEND_MSG               0x00100000UL
-#define UNIX_DGRAM_SOCKET__NAME_BIND              0x00200000UL
-#define PROCESS__FORK                             0x00000001UL
-#define PROCESS__TRANSITION                       0x00000002UL
-#define PROCESS__SIGCHLD                          0x00000004UL
-#define PROCESS__SIGKILL                          0x00000008UL
-#define PROCESS__SIGSTOP                          0x00000010UL
-#define PROCESS__SIGNULL                          0x00000020UL
-#define PROCESS__SIGNAL                           0x00000040UL
-#define PROCESS__PTRACE                           0x00000080UL
-#define PROCESS__GETSCHED                         0x00000100UL
-#define PROCESS__SETSCHED                         0x00000200UL
-#define PROCESS__GETSESSION                       0x00000400UL
-#define PROCESS__GETPGID                          0x00000800UL
-#define PROCESS__SETPGID                          0x00001000UL
-#define PROCESS__GETCAP                           0x00002000UL
-#define PROCESS__SETCAP                           0x00004000UL
-#define PROCESS__SHARE                            0x00008000UL
-#define PROCESS__GETATTR                          0x00010000UL
-#define PROCESS__SETEXEC                          0x00020000UL
-#define PROCESS__SETFSCREATE                      0x00040000UL
-#define PROCESS__NOATSECURE                       0x00080000UL
-#define PROCESS__SIGINH                           0x00100000UL
-#define PROCESS__SETRLIMIT                        0x00200000UL
-#define PROCESS__RLIMITINH                        0x00400000UL
-#define PROCESS__DYNTRANSITION                    0x00800000UL
-#define PROCESS__SETCURRENT                       0x01000000UL
-#define PROCESS__EXECMEM                          0x02000000UL
-#define PROCESS__EXECSTACK                        0x04000000UL
-#define PROCESS__EXECHEAP                         0x08000000UL
-#define PROCESS__SETKEYCREATE                     0x10000000UL
-#define PROCESS__SETSOCKCREATE                    0x20000000UL
-#define IPC__CREATE                               0x00000001UL
-#define IPC__DESTROY                              0x00000002UL
-#define IPC__GETATTR                              0x00000004UL
-#define IPC__SETATTR                              0x00000008UL
-#define IPC__READ                                 0x00000010UL
-#define IPC__WRITE                                0x00000020UL
-#define IPC__ASSOCIATE                            0x00000040UL
-#define IPC__UNIX_READ                            0x00000080UL
-#define IPC__UNIX_WRITE                           0x00000100UL
-#define SEM__CREATE                               0x00000001UL
-#define SEM__DESTROY                              0x00000002UL
-#define SEM__GETATTR                              0x00000004UL
-#define SEM__SETATTR                              0x00000008UL
-#define SEM__READ                                 0x00000010UL
-#define SEM__WRITE                                0x00000020UL
-#define SEM__ASSOCIATE                            0x00000040UL
-#define SEM__UNIX_READ                            0x00000080UL
-#define SEM__UNIX_WRITE                           0x00000100UL
-#define MSGQ__CREATE                              0x00000001UL
-#define MSGQ__DESTROY                             0x00000002UL
-#define MSGQ__GETATTR                             0x00000004UL
-#define MSGQ__SETATTR                             0x00000008UL
-#define MSGQ__READ                                0x00000010UL
-#define MSGQ__WRITE                               0x00000020UL
-#define MSGQ__ASSOCIATE                           0x00000040UL
-#define MSGQ__UNIX_READ                           0x00000080UL
-#define MSGQ__UNIX_WRITE                          0x00000100UL
-#define MSGQ__ENQUEUE                             0x00000200UL
-#define MSG__SEND                                 0x00000001UL
-#define MSG__RECEIVE                              0x00000002UL
-#define SHM__CREATE                               0x00000001UL
-#define SHM__DESTROY                              0x00000002UL
-#define SHM__GETATTR                              0x00000004UL
-#define SHM__SETATTR                              0x00000008UL
-#define SHM__READ                                 0x00000010UL
-#define SHM__WRITE                                0x00000020UL
-#define SHM__ASSOCIATE                            0x00000040UL
-#define SHM__UNIX_READ                            0x00000080UL
-#define SHM__UNIX_WRITE                           0x00000100UL
-#define SHM__LOCK                                 0x00000200UL
-#define SECURITY__COMPUTE_AV                      0x00000001UL
-#define SECURITY__COMPUTE_CREATE                  0x00000002UL
-#define SECURITY__COMPUTE_MEMBER                  0x00000004UL
-#define SECURITY__CHECK_CONTEXT                   0x00000008UL
-#define SECURITY__LOAD_POLICY                     0x00000010UL
-#define SECURITY__COMPUTE_RELABEL                 0x00000020UL
-#define SECURITY__COMPUTE_USER                    0x00000040UL
-#define SECURITY__SETENFORCE                      0x00000080UL
-#define SECURITY__SETBOOL                         0x00000100UL
-#define SECURITY__SETSECPARAM                     0x00000200UL
-#define SECURITY__SETCHECKREQPROT                 0x00000400UL
-#define SYSTEM__IPC_INFO                          0x00000001UL
-#define SYSTEM__SYSLOG_READ                       0x00000002UL
-#define SYSTEM__SYSLOG_MOD                        0x00000004UL
-#define SYSTEM__SYSLOG_CONSOLE                    0x00000008UL
-#define SYSTEM__MODULE_REQUEST                    0x00000010UL
-#define CAPABILITY__CHOWN                         0x00000001UL
-#define CAPABILITY__DAC_OVERRIDE                  0x00000002UL
-#define CAPABILITY__DAC_READ_SEARCH               0x00000004UL
-#define CAPABILITY__FOWNER                        0x00000008UL
-#define CAPABILITY__FSETID                        0x00000010UL
-#define CAPABILITY__KILL                          0x00000020UL
-#define CAPABILITY__SETGID                        0x00000040UL
-#define CAPABILITY__SETUID                        0x00000080UL
-#define CAPABILITY__SETPCAP                       0x00000100UL
-#define CAPABILITY__LINUX_IMMUTABLE               0x00000200UL
-#define CAPABILITY__NET_BIND_SERVICE              0x00000400UL
-#define CAPABILITY__NET_BROADCAST                 0x00000800UL
-#define CAPABILITY__NET_ADMIN                     0x00001000UL
-#define CAPABILITY__NET_RAW                       0x00002000UL
-#define CAPABILITY__IPC_LOCK                      0x00004000UL
-#define CAPABILITY__IPC_OWNER                     0x00008000UL
-#define CAPABILITY__SYS_MODULE                    0x00010000UL
-#define CAPABILITY__SYS_RAWIO                     0x00020000UL
-#define CAPABILITY__SYS_CHROOT                    0x00040000UL
-#define CAPABILITY__SYS_PTRACE                    0x00080000UL
-#define CAPABILITY__SYS_PACCT                     0x00100000UL
-#define CAPABILITY__SYS_ADMIN                     0x00200000UL
-#define CAPABILITY__SYS_BOOT                      0x00400000UL
-#define CAPABILITY__SYS_NICE                      0x00800000UL
-#define CAPABILITY__SYS_RESOURCE                  0x01000000UL
-#define CAPABILITY__SYS_TIME                      0x02000000UL
-#define CAPABILITY__SYS_TTY_CONFIG                0x04000000UL
-#define CAPABILITY__MKNOD                         0x08000000UL
-#define CAPABILITY__LEASE                         0x10000000UL
-#define CAPABILITY__AUDIT_WRITE                   0x20000000UL
-#define CAPABILITY__AUDIT_CONTROL                 0x40000000UL
-#define CAPABILITY__SETFCAP                       0x80000000UL
-#define CAPABILITY2__MAC_OVERRIDE                 0x00000001UL
-#define CAPABILITY2__MAC_ADMIN                    0x00000002UL
-#define NETLINK_ROUTE_SOCKET__IOCTL               0x00000001UL
-#define NETLINK_ROUTE_SOCKET__READ                0x00000002UL
-#define NETLINK_ROUTE_SOCKET__WRITE               0x00000004UL
-#define NETLINK_ROUTE_SOCKET__CREATE              0x00000008UL
-#define NETLINK_ROUTE_SOCKET__GETATTR             0x00000010UL
-#define NETLINK_ROUTE_SOCKET__SETATTR             0x00000020UL
-#define NETLINK_ROUTE_SOCKET__LOCK                0x00000040UL
-#define NETLINK_ROUTE_SOCKET__RELABELFROM         0x00000080UL
-#define NETLINK_ROUTE_SOCKET__RELABELTO           0x00000100UL
-#define NETLINK_ROUTE_SOCKET__APPEND              0x00000200UL
-#define NETLINK_ROUTE_SOCKET__BIND                0x00000400UL
-#define NETLINK_ROUTE_SOCKET__CONNECT             0x00000800UL
-#define NETLINK_ROUTE_SOCKET__LISTEN              0x00001000UL
-#define NETLINK_ROUTE_SOCKET__ACCEPT              0x00002000UL
-#define NETLINK_ROUTE_SOCKET__GETOPT              0x00004000UL
-#define NETLINK_ROUTE_SOCKET__SETOPT              0x00008000UL
-#define NETLINK_ROUTE_SOCKET__SHUTDOWN            0x00010000UL
-#define NETLINK_ROUTE_SOCKET__RECVFROM            0x00020000UL
-#define NETLINK_ROUTE_SOCKET__SENDTO              0x00040000UL
-#define NETLINK_ROUTE_SOCKET__RECV_MSG            0x00080000UL
-#define NETLINK_ROUTE_SOCKET__SEND_MSG            0x00100000UL
-#define NETLINK_ROUTE_SOCKET__NAME_BIND           0x00200000UL
-#define NETLINK_ROUTE_SOCKET__NLMSG_READ          0x00400000UL
-#define NETLINK_ROUTE_SOCKET__NLMSG_WRITE         0x00800000UL
-#define NETLINK_FIREWALL_SOCKET__IOCTL            0x00000001UL
-#define NETLINK_FIREWALL_SOCKET__READ             0x00000002UL
-#define NETLINK_FIREWALL_SOCKET__WRITE            0x00000004UL
-#define NETLINK_FIREWALL_SOCKET__CREATE           0x00000008UL
-#define NETLINK_FIREWALL_SOCKET__GETATTR          0x00000010UL
-#define NETLINK_FIREWALL_SOCKET__SETATTR          0x00000020UL
-#define NETLINK_FIREWALL_SOCKET__LOCK             0x00000040UL
-#define NETLINK_FIREWALL_SOCKET__RELABELFROM      0x00000080UL
-#define NETLINK_FIREWALL_SOCKET__RELABELTO        0x00000100UL
-#define NETLINK_FIREWALL_SOCKET__APPEND           0x00000200UL
-#define NETLINK_FIREWALL_SOCKET__BIND             0x00000400UL
-#define NETLINK_FIREWALL_SOCKET__CONNECT          0x00000800UL
-#define NETLINK_FIREWALL_SOCKET__LISTEN           0x00001000UL
-#define NETLINK_FIREWALL_SOCKET__ACCEPT           0x00002000UL
-#define NETLINK_FIREWALL_SOCKET__GETOPT           0x00004000UL
-#define NETLINK_FIREWALL_SOCKET__SETOPT           0x00008000UL
-#define NETLINK_FIREWALL_SOCKET__SHUTDOWN         0x00010000UL
-#define NETLINK_FIREWALL_SOCKET__RECVFROM         0x00020000UL
-#define NETLINK_FIREWALL_SOCKET__SENDTO           0x00040000UL
-#define NETLINK_FIREWALL_SOCKET__RECV_MSG         0x00080000UL
-#define NETLINK_FIREWALL_SOCKET__SEND_MSG         0x00100000UL
-#define NETLINK_FIREWALL_SOCKET__NAME_BIND        0x00200000UL
-#define NETLINK_FIREWALL_SOCKET__NLMSG_READ       0x00400000UL
-#define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE      0x00800000UL
-#define NETLINK_TCPDIAG_SOCKET__IOCTL             0x00000001UL
-#define NETLINK_TCPDIAG_SOCKET__READ              0x00000002UL
-#define NETLINK_TCPDIAG_SOCKET__WRITE             0x00000004UL
-#define NETLINK_TCPDIAG_SOCKET__CREATE            0x00000008UL
-#define NETLINK_TCPDIAG_SOCKET__GETATTR           0x00000010UL
-#define NETLINK_TCPDIAG_SOCKET__SETATTR           0x00000020UL
-#define NETLINK_TCPDIAG_SOCKET__LOCK              0x00000040UL
-#define NETLINK_TCPDIAG_SOCKET__RELABELFROM       0x00000080UL
-#define NETLINK_TCPDIAG_SOCKET__RELABELTO         0x00000100UL
-#define NETLINK_TCPDIAG_SOCKET__APPEND            0x00000200UL
-#define NETLINK_TCPDIAG_SOCKET__BIND              0x00000400UL
-#define NETLINK_TCPDIAG_SOCKET__CONNECT           0x00000800UL
-#define NETLINK_TCPDIAG_SOCKET__LISTEN            0x00001000UL
-#define NETLINK_TCPDIAG_SOCKET__ACCEPT            0x00002000UL
-#define NETLINK_TCPDIAG_SOCKET__GETOPT            0x00004000UL
-#define NETLINK_TCPDIAG_SOCKET__SETOPT            0x00008000UL
-#define NETLINK_TCPDIAG_SOCKET__SHUTDOWN          0x00010000UL
-#define NETLINK_TCPDIAG_SOCKET__RECVFROM          0x00020000UL
-#define NETLINK_TCPDIAG_SOCKET__SENDTO            0x00040000UL
-#define NETLINK_TCPDIAG_SOCKET__RECV_MSG          0x00080000UL
-#define NETLINK_TCPDIAG_SOCKET__SEND_MSG          0x00100000UL
-#define NETLINK_TCPDIAG_SOCKET__NAME_BIND         0x00200000UL
-#define NETLINK_TCPDIAG_SOCKET__NLMSG_READ        0x00400000UL
-#define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE       0x00800000UL
-#define NETLINK_NFLOG_SOCKET__IOCTL               0x00000001UL
-#define NETLINK_NFLOG_SOCKET__READ                0x00000002UL
-#define NETLINK_NFLOG_SOCKET__WRITE               0x00000004UL
-#define NETLINK_NFLOG_SOCKET__CREATE              0x00000008UL
-#define NETLINK_NFLOG_SOCKET__GETATTR             0x00000010UL
-#define NETLINK_NFLOG_SOCKET__SETATTR             0x00000020UL
-#define NETLINK_NFLOG_SOCKET__LOCK                0x00000040UL
-#define NETLINK_NFLOG_SOCKET__RELABELFROM         0x00000080UL
-#define NETLINK_NFLOG_SOCKET__RELABELTO           0x00000100UL
-#define NETLINK_NFLOG_SOCKET__APPEND              0x00000200UL
-#define NETLINK_NFLOG_SOCKET__BIND                0x00000400UL
-#define NETLINK_NFLOG_SOCKET__CONNECT             0x00000800UL
-#define NETLINK_NFLOG_SOCKET__LISTEN              0x00001000UL
-#define NETLINK_NFLOG_SOCKET__ACCEPT              0x00002000UL
-#define NETLINK_NFLOG_SOCKET__GETOPT              0x00004000UL
-#define NETLINK_NFLOG_SOCKET__SETOPT              0x00008000UL
-#define NETLINK_NFLOG_SOCKET__SHUTDOWN            0x00010000UL
-#define NETLINK_NFLOG_SOCKET__RECVFROM            0x00020000UL
-#define NETLINK_NFLOG_SOCKET__SENDTO              0x00040000UL
-#define NETLINK_NFLOG_SOCKET__RECV_MSG            0x00080000UL
-#define NETLINK_NFLOG_SOCKET__SEND_MSG            0x00100000UL
-#define NETLINK_NFLOG_SOCKET__NAME_BIND           0x00200000UL
-#define NETLINK_XFRM_SOCKET__IOCTL                0x00000001UL
-#define NETLINK_XFRM_SOCKET__READ                 0x00000002UL
-#define NETLINK_XFRM_SOCKET__WRITE                0x00000004UL
-#define NETLINK_XFRM_SOCKET__CREATE               0x00000008UL
-#define NETLINK_XFRM_SOCKET__GETATTR              0x00000010UL
-#define NETLINK_XFRM_SOCKET__SETATTR              0x00000020UL
-#define NETLINK_XFRM_SOCKET__LOCK                 0x00000040UL
-#define NETLINK_XFRM_SOCKET__RELABELFROM          0x00000080UL
-#define NETLINK_XFRM_SOCKET__RELABELTO            0x00000100UL
-#define NETLINK_XFRM_SOCKET__APPEND               0x00000200UL
-#define NETLINK_XFRM_SOCKET__BIND                 0x00000400UL
-#define NETLINK_XFRM_SOCKET__CONNECT              0x00000800UL
-#define NETLINK_XFRM_SOCKET__LISTEN               0x00001000UL
-#define NETLINK_XFRM_SOCKET__ACCEPT               0x00002000UL
-#define NETLINK_XFRM_SOCKET__GETOPT               0x00004000UL
-#define NETLINK_XFRM_SOCKET__SETOPT               0x00008000UL
-#define NETLINK_XFRM_SOCKET__SHUTDOWN             0x00010000UL
-#define NETLINK_XFRM_SOCKET__RECVFROM             0x00020000UL
-#define NETLINK_XFRM_SOCKET__SENDTO               0x00040000UL
-#define NETLINK_XFRM_SOCKET__RECV_MSG             0x00080000UL
-#define NETLINK_XFRM_SOCKET__SEND_MSG             0x00100000UL
-#define NETLINK_XFRM_SOCKET__NAME_BIND            0x00200000UL
-#define NETLINK_XFRM_SOCKET__NLMSG_READ           0x00400000UL
-#define NETLINK_XFRM_SOCKET__NLMSG_WRITE          0x00800000UL
-#define NETLINK_SELINUX_SOCKET__IOCTL             0x00000001UL
-#define NETLINK_SELINUX_SOCKET__READ              0x00000002UL
-#define NETLINK_SELINUX_SOCKET__WRITE             0x00000004UL
-#define NETLINK_SELINUX_SOCKET__CREATE            0x00000008UL
-#define NETLINK_SELINUX_SOCKET__GETATTR           0x00000010UL
-#define NETLINK_SELINUX_SOCKET__SETATTR           0x00000020UL
-#define NETLINK_SELINUX_SOCKET__LOCK              0x00000040UL
-#define NETLINK_SELINUX_SOCKET__RELABELFROM       0x00000080UL
-#define NETLINK_SELINUX_SOCKET__RELABELTO         0x00000100UL
-#define NETLINK_SELINUX_SOCKET__APPEND            0x00000200UL
-#define NETLINK_SELINUX_SOCKET__BIND              0x00000400UL
-#define NETLINK_SELINUX_SOCKET__CONNECT           0x00000800UL
-#define NETLINK_SELINUX_SOCKET__LISTEN            0x00001000UL
-#define NETLINK_SELINUX_SOCKET__ACCEPT            0x00002000UL
-#define NETLINK_SELINUX_SOCKET__GETOPT            0x00004000UL
-#define NETLINK_SELINUX_SOCKET__SETOPT            0x00008000UL
-#define NETLINK_SELINUX_SOCKET__SHUTDOWN          0x00010000UL
-#define NETLINK_SELINUX_SOCKET__RECVFROM          0x00020000UL
-#define NETLINK_SELINUX_SOCKET__SENDTO            0x00040000UL
-#define NETLINK_SELINUX_SOCKET__RECV_MSG          0x00080000UL
-#define NETLINK_SELINUX_SOCKET__SEND_MSG          0x00100000UL
-#define NETLINK_SELINUX_SOCKET__NAME_BIND         0x00200000UL
-#define NETLINK_AUDIT_SOCKET__IOCTL               0x00000001UL
-#define NETLINK_AUDIT_SOCKET__READ                0x00000002UL
-#define NETLINK_AUDIT_SOCKET__WRITE               0x00000004UL
-#define NETLINK_AUDIT_SOCKET__CREATE              0x00000008UL
-#define NETLINK_AUDIT_SOCKET__GETATTR             0x00000010UL
-#define NETLINK_AUDIT_SOCKET__SETATTR             0x00000020UL
-#define NETLINK_AUDIT_SOCKET__LOCK                0x00000040UL
-#define NETLINK_AUDIT_SOCKET__RELABELFROM         0x00000080UL
-#define NETLINK_AUDIT_SOCKET__RELABELTO           0x00000100UL
-#define NETLINK_AUDIT_SOCKET__APPEND              0x00000200UL
-#define NETLINK_AUDIT_SOCKET__BIND                0x00000400UL
-#define NETLINK_AUDIT_SOCKET__CONNECT             0x00000800UL
-#define NETLINK_AUDIT_SOCKET__LISTEN              0x00001000UL
-#define NETLINK_AUDIT_SOCKET__ACCEPT              0x00002000UL
-#define NETLINK_AUDIT_SOCKET__GETOPT              0x00004000UL
-#define NETLINK_AUDIT_SOCKET__SETOPT              0x00008000UL
-#define NETLINK_AUDIT_SOCKET__SHUTDOWN            0x00010000UL
-#define NETLINK_AUDIT_SOCKET__RECVFROM            0x00020000UL
-#define NETLINK_AUDIT_SOCKET__SENDTO              0x00040000UL
-#define NETLINK_AUDIT_SOCKET__RECV_MSG            0x00080000UL
-#define NETLINK_AUDIT_SOCKET__SEND_MSG            0x00100000UL
-#define NETLINK_AUDIT_SOCKET__NAME_BIND           0x00200000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_READ          0x00400000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE         0x00800000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY         0x01000000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV      0x02000000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT     0x04000000UL
-#define NETLINK_IP6FW_SOCKET__IOCTL               0x00000001UL
-#define NETLINK_IP6FW_SOCKET__READ                0x00000002UL
-#define NETLINK_IP6FW_SOCKET__WRITE               0x00000004UL
-#define NETLINK_IP6FW_SOCKET__CREATE              0x00000008UL
-#define NETLINK_IP6FW_SOCKET__GETATTR             0x00000010UL
-#define NETLINK_IP6FW_SOCKET__SETATTR             0x00000020UL
-#define NETLINK_IP6FW_SOCKET__LOCK                0x00000040UL
-#define NETLINK_IP6FW_SOCKET__RELABELFROM         0x00000080UL
-#define NETLINK_IP6FW_SOCKET__RELABELTO           0x00000100UL
-#define NETLINK_IP6FW_SOCKET__APPEND              0x00000200UL
-#define NETLINK_IP6FW_SOCKET__BIND                0x00000400UL
-#define NETLINK_IP6FW_SOCKET__CONNECT             0x00000800UL
-#define NETLINK_IP6FW_SOCKET__LISTEN              0x00001000UL
-#define NETLINK_IP6FW_SOCKET__ACCEPT              0x00002000UL
-#define NETLINK_IP6FW_SOCKET__GETOPT              0x00004000UL
-#define NETLINK_IP6FW_SOCKET__SETOPT              0x00008000UL
-#define NETLINK_IP6FW_SOCKET__SHUTDOWN            0x00010000UL
-#define NETLINK_IP6FW_SOCKET__RECVFROM            0x00020000UL
-#define NETLINK_IP6FW_SOCKET__SENDTO              0x00040000UL
-#define NETLINK_IP6FW_SOCKET__RECV_MSG            0x00080000UL
-#define NETLINK_IP6FW_SOCKET__SEND_MSG            0x00100000UL
-#define NETLINK_IP6FW_SOCKET__NAME_BIND           0x00200000UL
-#define NETLINK_IP6FW_SOCKET__NLMSG_READ          0x00400000UL
-#define NETLINK_IP6FW_SOCKET__NLMSG_WRITE         0x00800000UL
-#define NETLINK_DNRT_SOCKET__IOCTL                0x00000001UL
-#define NETLINK_DNRT_SOCKET__READ                 0x00000002UL
-#define NETLINK_DNRT_SOCKET__WRITE                0x00000004UL
-#define NETLINK_DNRT_SOCKET__CREATE               0x00000008UL
-#define NETLINK_DNRT_SOCKET__GETATTR              0x00000010UL
-#define NETLINK_DNRT_SOCKET__SETATTR              0x00000020UL
-#define NETLINK_DNRT_SOCKET__LOCK                 0x00000040UL
-#define NETLINK_DNRT_SOCKET__RELABELFROM          0x00000080UL
-#define NETLINK_DNRT_SOCKET__RELABELTO            0x00000100UL
-#define NETLINK_DNRT_SOCKET__APPEND               0x00000200UL
-#define NETLINK_DNRT_SOCKET__BIND                 0x00000400UL
-#define NETLINK_DNRT_SOCKET__CONNECT              0x00000800UL
-#define NETLINK_DNRT_SOCKET__LISTEN               0x00001000UL
-#define NETLINK_DNRT_SOCKET__ACCEPT               0x00002000UL
-#define NETLINK_DNRT_SOCKET__GETOPT               0x00004000UL
-#define NETLINK_DNRT_SOCKET__SETOPT               0x00008000UL
-#define NETLINK_DNRT_SOCKET__SHUTDOWN             0x00010000UL
-#define NETLINK_DNRT_SOCKET__RECVFROM             0x00020000UL
-#define NETLINK_DNRT_SOCKET__SENDTO               0x00040000UL
-#define NETLINK_DNRT_SOCKET__RECV_MSG             0x00080000UL
-#define NETLINK_DNRT_SOCKET__SEND_MSG             0x00100000UL
-#define NETLINK_DNRT_SOCKET__NAME_BIND            0x00200000UL
-#define ASSOCIATION__SENDTO                       0x00000001UL
-#define ASSOCIATION__RECVFROM                     0x00000002UL
-#define ASSOCIATION__SETCONTEXT                   0x00000004UL
-#define ASSOCIATION__POLMATCH                     0x00000008UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL      0x00000001UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__READ       0x00000002UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE      0x00000004UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE     0x00000008UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR    0x00000010UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR    0x00000020UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK       0x00000040UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO  0x00000100UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND     0x00000200UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND       0x00000400UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT    0x00000800UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN     0x00001000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT     0x00002000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT     0x00004000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT     0x00008000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN   0x00010000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM   0x00020000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO     0x00040000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG   0x00080000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG   0x00100000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND  0x00200000UL
-#define APPLETALK_SOCKET__IOCTL                   0x00000001UL
-#define APPLETALK_SOCKET__READ                    0x00000002UL
-#define APPLETALK_SOCKET__WRITE                   0x00000004UL
-#define APPLETALK_SOCKET__CREATE                  0x00000008UL
-#define APPLETALK_SOCKET__GETATTR                 0x00000010UL
-#define APPLETALK_SOCKET__SETATTR                 0x00000020UL
-#define APPLETALK_SOCKET__LOCK                    0x00000040UL
-#define APPLETALK_SOCKET__RELABELFROM             0x00000080UL
-#define APPLETALK_SOCKET__RELABELTO               0x00000100UL
-#define APPLETALK_SOCKET__APPEND                  0x00000200UL
-#define APPLETALK_SOCKET__BIND                    0x00000400UL
-#define APPLETALK_SOCKET__CONNECT                 0x00000800UL
-#define APPLETALK_SOCKET__LISTEN                  0x00001000UL
-#define APPLETALK_SOCKET__ACCEPT                  0x00002000UL
-#define APPLETALK_SOCKET__GETOPT                  0x00004000UL
-#define APPLETALK_SOCKET__SETOPT                  0x00008000UL
-#define APPLETALK_SOCKET__SHUTDOWN                0x00010000UL
-#define APPLETALK_SOCKET__RECVFROM                0x00020000UL
-#define APPLETALK_SOCKET__SENDTO                  0x00040000UL
-#define APPLETALK_SOCKET__RECV_MSG                0x00080000UL
-#define APPLETALK_SOCKET__SEND_MSG                0x00100000UL
-#define APPLETALK_SOCKET__NAME_BIND               0x00200000UL
-#define PACKET__SEND                              0x00000001UL
-#define PACKET__RECV                              0x00000002UL
-#define PACKET__RELABELTO                         0x00000004UL
-#define PACKET__FLOW_IN                           0x00000008UL
-#define PACKET__FLOW_OUT                          0x00000010UL
-#define PACKET__FORWARD_IN                        0x00000020UL
-#define PACKET__FORWARD_OUT                       0x00000040UL
-#define KEY__VIEW                                 0x00000001UL
-#define KEY__READ                                 0x00000002UL
-#define KEY__WRITE                                0x00000004UL
-#define KEY__SEARCH                               0x00000008UL
-#define KEY__LINK                                 0x00000010UL
-#define KEY__SETATTR                              0x00000020UL
-#define KEY__CREATE                               0x00000040UL
-#define DCCP_SOCKET__IOCTL                        0x00000001UL
-#define DCCP_SOCKET__READ                         0x00000002UL
-#define DCCP_SOCKET__WRITE                        0x00000004UL
-#define DCCP_SOCKET__CREATE                       0x00000008UL
-#define DCCP_SOCKET__GETATTR                      0x00000010UL
-#define DCCP_SOCKET__SETATTR                      0x00000020UL
-#define DCCP_SOCKET__LOCK                         0x00000040UL
-#define DCCP_SOCKET__RELABELFROM                  0x00000080UL
-#define DCCP_SOCKET__RELABELTO                    0x00000100UL
-#define DCCP_SOCKET__APPEND                       0x00000200UL
-#define DCCP_SOCKET__BIND                         0x00000400UL
-#define DCCP_SOCKET__CONNECT                      0x00000800UL
-#define DCCP_SOCKET__LISTEN                       0x00001000UL
-#define DCCP_SOCKET__ACCEPT                       0x00002000UL
-#define DCCP_SOCKET__GETOPT                       0x00004000UL
-#define DCCP_SOCKET__SETOPT                       0x00008000UL
-#define DCCP_SOCKET__SHUTDOWN                     0x00010000UL
-#define DCCP_SOCKET__RECVFROM                     0x00020000UL
-#define DCCP_SOCKET__SENDTO                       0x00040000UL
-#define DCCP_SOCKET__RECV_MSG                     0x00080000UL
-#define DCCP_SOCKET__SEND_MSG                     0x00100000UL
-#define DCCP_SOCKET__NAME_BIND                    0x00200000UL
-#define DCCP_SOCKET__NODE_BIND                    0x00400000UL
-#define DCCP_SOCKET__NAME_CONNECT                 0x00800000UL
-#define MEMPROTECT__MMAP_ZERO                     0x00000001UL
-#define PEER__RECV                                0x00000001UL
-#define KERNEL_SERVICE__USE_AS_OVERRIDE           0x00000001UL
-#define KERNEL_SERVICE__CREATE_FILES_AS           0x00000002UL
-#define TUN_SOCKET__IOCTL                         0x00000001UL
-#define TUN_SOCKET__READ                          0x00000002UL
-#define TUN_SOCKET__WRITE                         0x00000004UL
-#define TUN_SOCKET__CREATE                        0x00000008UL
-#define TUN_SOCKET__GETATTR                       0x00000010UL
-#define TUN_SOCKET__SETATTR                       0x00000020UL
-#define TUN_SOCKET__LOCK                          0x00000040UL
-#define TUN_SOCKET__RELABELFROM                   0x00000080UL
-#define TUN_SOCKET__RELABELTO                     0x00000100UL
-#define TUN_SOCKET__APPEND                        0x00000200UL
-#define TUN_SOCKET__BIND                          0x00000400UL
-#define TUN_SOCKET__CONNECT                       0x00000800UL
-#define TUN_SOCKET__LISTEN                        0x00001000UL
-#define TUN_SOCKET__ACCEPT                        0x00002000UL
-#define TUN_SOCKET__GETOPT                        0x00004000UL
-#define TUN_SOCKET__SETOPT                        0x00008000UL
-#define TUN_SOCKET__SHUTDOWN                      0x00010000UL
-#define TUN_SOCKET__RECVFROM                      0x00020000UL
-#define TUN_SOCKET__SENDTO                        0x00040000UL
-#define TUN_SOCKET__RECV_MSG                      0x00080000UL
-#define TUN_SOCKET__SEND_MSG                      0x00100000UL
-#define TUN_SOCKET__NAME_BIND                     0x00200000UL
-/* This file is automatically generated.  Do not edit. */
-#ifndef _SELINUX_FLASK_H_
-#define _SELINUX_FLASK_H_
-
-/*
- * Security object class definitions
- */
-#define SECCLASS_SECURITY                                1
-#define SECCLASS_PROCESS                                 2
-#define SECCLASS_SYSTEM                                  3
-#define SECCLASS_CAPABILITY                              4
-#define SECCLASS_FILESYSTEM                              5
-#define SECCLASS_FILE                                    6
-#define SECCLASS_DIR                                     7
-#define SECCLASS_FD                                      8
-#define SECCLASS_LNK_FILE                                9
-#define SECCLASS_CHR_FILE                                10
-#define SECCLASS_BLK_FILE                                11
-#define SECCLASS_SOCK_FILE                               12
-#define SECCLASS_FIFO_FILE                               13
-#define SECCLASS_SOCKET                                  14
-#define SECCLASS_TCP_SOCKET                              15
-#define SECCLASS_UDP_SOCKET                              16
-#define SECCLASS_RAWIP_SOCKET                            17
-#define SECCLASS_NODE                                    18
-#define SECCLASS_NETIF                                   19
-#define SECCLASS_NETLINK_SOCKET                          20
-#define SECCLASS_PACKET_SOCKET                           21
-#define SECCLASS_KEY_SOCKET                              22
-#define SECCLASS_UNIX_STREAM_SOCKET                      23
-#define SECCLASS_UNIX_DGRAM_SOCKET                       24
-#define SECCLASS_SEM                                     25
-#define SECCLASS_MSG                                     26
-#define SECCLASS_MSGQ                                    27
-#define SECCLASS_SHM                                     28
-#define SECCLASS_IPC                                     29
-#define SECCLASS_NETLINK_ROUTE_SOCKET                    30
-#define SECCLASS_NETLINK_FIREWALL_SOCKET                 31
-#define SECCLASS_NETLINK_TCPDIAG_SOCKET                  32
-#define SECCLASS_NETLINK_NFLOG_SOCKET                    33
-#define SECCLASS_NETLINK_XFRM_SOCKET                     34
-#define SECCLASS_NETLINK_SELINUX_SOCKET                  35
-#define SECCLASS_NETLINK_AUDIT_SOCKET                    36
-#define SECCLASS_NETLINK_IP6FW_SOCKET                    37
-#define SECCLASS_NETLINK_DNRT_SOCKET                     38
-#define SECCLASS_ASSOCIATION                             39
-#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET           40
-#define SECCLASS_APPLETALK_SOCKET                        41
-#define SECCLASS_PACKET                                  42
-#define SECCLASS_KEY                                     43
-#define SECCLASS_DCCP_SOCKET                             44
-#define SECCLASS_MEMPROTECT                              45
-#define SECCLASS_PEER                                    46
-#define SECCLASS_CAPABILITY2                             47
-#define SECCLASS_KERNEL_SERVICE                          48
-#define SECCLASS_TUN_SOCKET                              49
-
-/*
- * Security identifier indices for initial entities
- */
-#define SECINITSID_KERNEL                               1
-#define SECINITSID_SECURITY                             2
-#define SECINITSID_UNLABELED                            3
-#define SECINITSID_FS                                   4
-#define SECINITSID_FILE                                 5
-#define SECINITSID_FILE_LABELS                          6
-#define SECINITSID_INIT                                 7
-#define SECINITSID_ANY_SOCKET                           8
-#define SECINITSID_PORT                                 9
-#define SECINITSID_NETIF                                10
-#define SECINITSID_NETMSG                               11
-#define SECINITSID_NODE                                 12
-#define SECINITSID_IGMP_PACKET                          13
-#define SECINITSID_ICMP_SOCKET                          14
-#define SECINITSID_TCP_SOCKET                           15
-#define SECINITSID_SYSCTL_MODPROBE                      16
-#define SECINITSID_SYSCTL                               17
-#define SECINITSID_SYSCTL_FS                            18
-#define SECINITSID_SYSCTL_KERNEL                        19
-#define SECINITSID_SYSCTL_NET                           20
-#define SECINITSID_SYSCTL_NET_UNIX                      21
-#define SECINITSID_SYSCTL_VM                            22
-#define SECINITSID_SYSCTL_DEV                           23
-#define SECINITSID_KMOD                                 24
-#define SECINITSID_POLICY                               25
-#define SECINITSID_SCMP_PACKET                          26
-#define SECINITSID_DEVNULL                              27
-
-#define SECINITSID_NUM                                  27
-
-#endif
@@ -2,7 +2,7 @@
 # Makefile for building the SELinux security server as part of the kernel tree.
 #
  
-EXTRA_CFLAGS += -Isecurity/selinux/include
+EXTRA_CFLAGS += -Isecurity/selinux -Isecurity/selinux/include
 obj-y := ss.o
  
 ss-y := ebitmap.o hashtab.o symtab.o sidtab.o avtab.o policydb.o services.o conditional.o mls.o
1		-subdir-y := mdp
2		-subdir- += mdp
	1	+subdir-y := mdp genheaders
	2	+subdir- += mdp genheaders
	1	+hostprogs-y := genheaders
	2	+HOST_EXTRACFLAGS += -Isecurity/selinux/include
	3	+
	4	+always := $(hostprogs-y)
	5	+clean-files := $(hostprogs-y)
	1	+#include <stdio.h>
	2	+#include <stdlib.h>
	3	+#include <unistd.h>
	4	+#include <string.h>
	5	+#include <errno.h>
	6	+#include <ctype.h>
	7	+
	8	+struct security_class_mapping {
	9	+ const char *name;
	10	+ const char perms[sizeof(unsigned) 8 + 1];
	11	+};
	12	+
	13	+#include "classmap.h"
	14	+#include "initial_sid_to_string.h"
	15	+
	16	+#define max(x, y) ((x > y) ? x : y)
	17	+
	18	+const char *progname;
	19	+
	20	+void usage(void)
	21	+{
	22	+ printf("usage: %s flask.h av_permissions.h\n", progname);
	23	+ exit(1);
	24	+}
	25	+
	26	+char stoupperx(const char s)
	27	+{
	28	+ char *s2 = strdup(s);
	29	+ char *p;
	30	+
	31	+ if (!s2) {
	32	+ fprintf(stderr, "%s: out of memory\n", progname);
	33	+ exit(3);
	34	+ }
	35	+
	36	+ for (p = s2; *p; p++)
	37	+ p = toupper(p);
	38	+ return s2;
	39	+}
	40	+
	41	+int main(int argc, char *argv[])
	42	+{
	43	+ int i, j, k;
	44	+ int isids_len;
	45	+ FILE *fout;
	46	+
	47	+ progname = argv[0];
	48	+
	49	+ if (argc < 3)
	50	+ usage();
	51	+
	52	+ fout = fopen(argv[1], "w");
	53	+ if (!fout) {
	54	+ fprintf(stderr, "Could not open %s for writing: %s\n",
	55	+ argv[1], strerror(errno));
	56	+ exit(2);
	57	+ }
	58	+
	59	+ for (i = 0; secclass_map[i].name; i++) {
	60	+ struct security_class_mapping *map = &secclass_map[i];
	61	+ map->name = stoupperx(map->name);
	62	+ for (j = 0; map->perms[j]; j++)
	63	+ map->perms[j] = stoupperx(map->perms[j]);
	64	+ }
	65	+
	66	+ isids_len = sizeof(initial_sid_to_string) / sizeof (char *);
	67	+ for (i = 1; i < isids_len; i++)
	68	+ initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]);
	69	+
	70	+ fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
	71	+ fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");
	72	+
	73	+ for (i = 0; secclass_map[i].name; i++) {
	74	+ struct security_class_mapping *map = &secclass_map[i];
	75	+ fprintf(fout, "#define SECCLASS_%s", map->name);
	76	+ for (j = 0; j < max(1, 40 - strlen(map->name)); j++)
	77	+ fprintf(fout, " ");
	78	+ fprintf(fout, "%2d\n", i+1);
	79	+ }
	80	+
	81	+ fprintf(fout, "\n");
	82	+
	83	+ for (i = 1; i < isids_len; i++) {
	84	+ char *s = initial_sid_to_string[i];
	85	+ fprintf(fout, "#define SECINITSID_%s", s);
	86	+ for (j = 0; j < max(1, 40 - strlen(s)); j++)
	87	+ fprintf(fout, " ");
	88	+ fprintf(fout, "%2d\n", i);
	89	+ }
	90	+ fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
	91	+ fprintf(fout, "\n#endif\n");
	92	+ fclose(fout);
	93	+
	94	+ fout = fopen(argv[2], "w");
	95	+ if (!fout) {
	96	+ fprintf(stderr, "Could not open %s for writing: %s\n",
	97	+ argv[2], strerror(errno));
	98	+ exit(4);
	99	+ }
	100	+
	101	+ fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
	102	+ fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n");
	103	+
	104	+ for (i = 0; secclass_map[i].name; i++) {
	105	+ struct security_class_mapping *map = &secclass_map[i];
	106	+ for (j = 0; map->perms[j]; j++) {
	107	+ fprintf(fout, "#define %s__%s", map->name,
	108	+ map->perms[j]);
	109	+ for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++)
	110	+ fprintf(fout, " ");
	111	+ fprintf(fout, "0x%08xUL\n", (1<<j));
	112	+ }
	113	+ }
	114	+
	115	+ fprintf(fout, "\n#endif\n");
	116	+ fclose(fout);
	117	+ exit(0);
	118	+}
...	...	@@ -18,5 +18,14 @@
18	18
19	19	selinux-$(CONFIG_NETLABEL) += netlabel.o
20	20
21		-EXTRA_CFLAGS += -Isecurity/selinux/include
	21	+EXTRA_CFLAGS += -Isecurity/selinux -Isecurity/selinux/include
	22	+
	23	+$(obj)/avc.o: $(obj)/flask.h
	24	+
	25	+quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h
	26	+ cmd_flask = scripts/selinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h
	27	+
	28	+targets += flask.h
	29	+$(obj)/flask.h: $(src)/include/classmap.h FORCE
	30	+ $(call if_changed,flask)
1		-/* This file is automatically generated. Do not edit. */
2		-#ifndef _SELINUX_FLASK_H_
3		-#define _SELINUX_FLASK_H_
4		-
5		-/*
6		- * Security object class definitions
7		- */
8		-#define SECCLASS_SECURITY 1
9		-#define SECCLASS_PROCESS 2
10		-#define SECCLASS_SYSTEM 3
11		-#define SECCLASS_CAPABILITY 4
12		-#define SECCLASS_FILESYSTEM 5
13		-#define SECCLASS_FILE 6
14		-#define SECCLASS_DIR 7
15		-#define SECCLASS_FD 8
16		-#define SECCLASS_LNK_FILE 9
17		-#define SECCLASS_CHR_FILE 10
18		-#define SECCLASS_BLK_FILE 11
19		-#define SECCLASS_SOCK_FILE 12
20		-#define SECCLASS_FIFO_FILE 13
21		-#define SECCLASS_SOCKET 14
22		-#define SECCLASS_TCP_SOCKET 15
23		-#define SECCLASS_UDP_SOCKET 16
24		-#define SECCLASS_RAWIP_SOCKET 17
25		-#define SECCLASS_NODE 18
26		-#define SECCLASS_NETIF 19
27		-#define SECCLASS_NETLINK_SOCKET 20
28		-#define SECCLASS_PACKET_SOCKET 21
29		-#define SECCLASS_KEY_SOCKET 22
30		-#define SECCLASS_UNIX_STREAM_SOCKET 23
31		-#define SECCLASS_UNIX_DGRAM_SOCKET 24
32		-#define SECCLASS_SEM 25
33		-#define SECCLASS_MSG 26
34		-#define SECCLASS_MSGQ 27
35		-#define SECCLASS_SHM 28
36		-#define SECCLASS_IPC 29
37		-#define SECCLASS_NETLINK_ROUTE_SOCKET 30
38		-#define SECCLASS_NETLINK_FIREWALL_SOCKET 31
39		-#define SECCLASS_NETLINK_TCPDIAG_SOCKET 32
40		-#define SECCLASS_NETLINK_NFLOG_SOCKET 33
41		-#define SECCLASS_NETLINK_XFRM_SOCKET 34
42		-#define SECCLASS_NETLINK_SELINUX_SOCKET 35
43		-#define SECCLASS_NETLINK_AUDIT_SOCKET 36
44		-#define SECCLASS_NETLINK_IP6FW_SOCKET 37
45		-#define SECCLASS_NETLINK_DNRT_SOCKET 38
46		-#define SECCLASS_ASSOCIATION 39
47		-#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 40
48		-#define SECCLASS_APPLETALK_SOCKET 41
49		-#define SECCLASS_PACKET 42
50		-#define SECCLASS_KEY 43
51		-#define SECCLASS_DCCP_SOCKET 44
52		-#define SECCLASS_MEMPROTECT 45
53		-#define SECCLASS_PEER 46
54		-#define SECCLASS_CAPABILITY2 47
55		-#define SECCLASS_KERNEL_SERVICE 48
56		-#define SECCLASS_TUN_SOCKET 49
57		-
58		-/*
59		- * Security identifier indices for initial entities
60		- */
61		-#define SECINITSID_KERNEL 1
62		-#define SECINITSID_SECURITY 2
63		-#define SECINITSID_UNLABELED 3
64		-#define SECINITSID_FS 4
65		-#define SECINITSID_FILE 5
66		-#define SECINITSID_FILE_LABELS 6
67		-#define SECINITSID_INIT 7
68		-#define SECINITSID_ANY_SOCKET 8
69		-#define SECINITSID_PORT 9
70		-#define SECINITSID_NETIF 10
71		-#define SECINITSID_NETMSG 11
72		-#define SECINITSID_NODE 12
73		-#define SECINITSID_IGMP_PACKET 13
74		-#define SECINITSID_ICMP_SOCKET 14
75		-#define SECINITSID_TCP_SOCKET 15
76		-#define SECINITSID_SYSCTL_MODPROBE 16
77		-#define SECINITSID_SYSCTL 17
78		-#define SECINITSID_SYSCTL_FS 18
79		-#define SECINITSID_SYSCTL_KERNEL 19
80		-#define SECINITSID_SYSCTL_NET 20
81		-#define SECINITSID_SYSCTL_NET_UNIX 21
82		-#define SECINITSID_SYSCTL_VM 22
83		-#define SECINITSID_SYSCTL_DEV 23
84		-#define SECINITSID_KMOD 24
85		-#define SECINITSID_POLICY 25
86		-#define SECINITSID_SCMP_PACKET 26
87		-#define SECINITSID_DEVNULL 27
88		-
89		-#define SECINITSID_NUM 27
90		-
91		-#endif
...	...	@@ -2,7 +2,7 @@
2	2	# Makefile for building the SELinux security server as part of the kernel tree.
3	3	#
4	4
5		-EXTRA_CFLAGS += -Isecurity/selinux/include
	5	+EXTRA_CFLAGS += -Isecurity/selinux -Isecurity/selinux/include
6	6	obj-y := ss.o
7	7
8	8	ss-y := ebitmap.o hashtab.o symtab.o sidtab.o avtab.o policydb.o services.o conditional.o mls.o