📄 Viewing: apol_perm_mapping_ver16
# This is a permission map file for use in policy analysis. This
# file maps object permissions (read, getattr, setattr, ..., etc.)
# for an object class, to exactly one of the following: read, write,
# both, or none. This file may be edited as long as the specific
# syntax rules are obeyed.
#
# For each object class, there is a set of object permissions that are
# individually mapped to read, write, both, or none. If a new object
# class is added, make sure that the current number of object classes
# is increased.
#
# The syntax for an object class definition is:
# class <class_name> <num_permissions>
#
# This is followed by each permission and its individual mapping to one
# of the following:
#
# r = Read
# w = Write
# n = None
# b = Both
#
# Additionally, you can choose to follow the mapping with an optional
# permission weight value from 1 (less importance) to 10 (higher importance).
# 10 is the default weight value if one is not provided.
#
# Look to the examples below for further clarification.
#
# Number of object classes.
30
class security 9
compute_av n 1
compute_create n 1
compute_member n 1
check_context n 1
load_policy n 1
compute_relabel n 1
compute_user n 1
setenforce n 1
setbool n 1
class process 23
fork n 1
transition w 1
sigchld w 1
sigkill w 1
sigstop w 1
signull n 1
signal w 5
ptrace b 10
getsched r 1
setsched w 1
getsession r 1
getpgid r 1
setpgid w 5
getcap r 3
setcap w 1
share b 1
getattr r 1
setexec w 1
setfscreate w 1
noatsecure n 1
siginh n 1
setrlimit n 1
rlimitinh n 1
class system 4
ipc_info n 1
syslog_read n 1
syslog_mod n 1
syslog_console n 1
class capability 29
net_bind_service n 1
sys_module n 1
sys_admin n 3
fowner n 1
net_raw n 1
setuid n 1
sys_chroot n 1
lease n 1
net_admin n 1
ipc_owner n 1
fsetid n 1
sys_resource n 1
sys_rawio n 1
sys_ptrace n 1
sys_nice n 1
setpcap n 3
kill n 1
sys_pacct n 1
sys_boot n 1
dac_override n 1
setgid n 3
net_broadcast n 1
chown n 3
sys_tty_config n 1
linux_immutable n 1
sys_time n 1
ipc_lock n 1
mknod n 1
dac_read_search n 1
class filesystem 10
remount w 1
relabelfrom r 10
getattr r 1
relabelto w 10
mount w 1
transition w 1
quotaget r 1
quotamod w 1
unmount w 1
associate n 1
class file 19
setattr w 7
swapon b 1
write w 10
lock n 1
create w 1
rename w 5
mounton b 1
quotaon b 1
relabelfrom r 10
link w 1
entrypoint r 1
getattr r 7
relabelto w 10
unlink w 1
execute_no_trans r 1
ioctl n 1
execute r 1
append w 1
read r 10
class dir 22
mounton b 1
search r 1
link w 1
quotaon b 1
append w 1
swapon b 1
rmdir b 1
create w 1
ioctl n 1
getattr r 7
remove_name w 1
rename w 5
read r 10
write w 10
relabelfrom r 10
execute r 1
relabelto w 10
lock n 1
setattr w 7
reparent w 1
add_name w 5
unlink w 1
class fd 1
use b 1
class lnk_file 17
relabelfrom r 10
append w 1
ioctl n 1
swapon b 1
create w 1
read r 10
write w 10
rename w 1
mounton b 1
quotaon b 1
lock n 1
relabelto w 10
getattr r 7
unlink w 1
execute r 1
link w 1
setattr w 7
class chr_file 17
append w 1
swapon b 1
mounton b 1
quotaon b 1
create w 1
rename w 5
ioctl n 1
getattr r 7
link w 1
write w 10
execute r 1
relabelto w 10
setattr w 7
relabelfrom r 10
read r 10
unlink w 1
lock n 1
class blk_file 17
getattr r 7
relabelto w 10
unlink w 1
ioctl n 1
execute r 1
append w 1
read r 10
setattr w 7
swapon b 1
write w 10
lock n 1
create w 1
rename w 5
mounton b 1
quotaon b 1
relabelfrom r 10
link w 1
class sock_file 17
setattr w 7
rename w 1
ioctl n 1
link w 1
write w 10
mounton b 1
relabelto w 10
quotaon b 1
read r 10
unlink w 1
append w 1
lock n 1
getattr r 7
swapon b 1
relabelfrom r 10
execute r 1
create w 1
class fifo_file 17
relabelto w 10
getattr r 7
lock n 1
execute r 1
unlink w 1
ioctl n 1
setattr w 7
append w 1
write w 10
swapon b 1
create w 1
link w 1
rename w 5
relabelfrom r 10
mounton b 1
quotaon b 1
read r 10
class socket 22
append w 1
relabelfrom r 10
create w 1
read r 10
sendto w 10
connect w 1
recvfrom r 10
send_msg w 10
bind w 1
lock n 1
ioctl n 1
getattr r 7
write w 10
setopt w 1
getopt r 1
listen r 1
setattr w 7
shutdown w 1
relabelto w 10
recv_msg r 10
accept r 1
name_bind n 1
class tcp_socket 26
connectto w 1
newconn w 1
acceptfrom r 1
node_bind n 1
ioctl n 1
read r 10
write w 10
create w 1
getattr r 7
setattr w 7
lock n 1
relabelfrom r 10
relabelto w 10
append w 1
bind w 1
connect w 1
listen r 1
accept r 1
getopt r 1
setopt w 1
shutdown w 1
recvfrom r 10
sendto w 10
recv_msg r 10
send_msg w 10
name_bind n 1
class udp_socket 23
node_bind n 1
ioctl n 1
read r 10
write w 10
create w 1
getattr r 7
setattr w 7
lock n 1
relabelfrom r 10
relabelto w 10
append w 1
bind w 1
connect w 1
listen r 1
accept r 1
getopt r 1
setopt w 1
shutdown w 1
recvfrom r 10
sendto w 10
recv_msg r 10
send_msg w 10
name_bind n 1
class rawip_socket 23
node_bind n 1
ioctl n 1
read r 10
write w 10
create w 1
getattr r 1
setattr w 1
lock n 1
relabelfrom r 10
relabelto w 10
append w 1
bind w 1
connect w 1
listen r 1
accept r 1
getopt r 1
setopt w 1
shutdown w 1
recvfrom r 10
sendto w 10
recv_msg r 10
send_msg w 10
name_bind n 1
class node 7
rawip_recv r 10
rawip_send w 10
tcp_recv r 10
tcp_send w 10
enforce_dest n 1
udp_recv r 10
udp_send w 10
class netif 6
rawip_recv r 10
rawip_send w 10
tcp_recv r 10
tcp_send w 10
udp_recv r 10
udp_send w 10
class netlink_socket 22
listen r 1
accept r 1
read r 10
setattr w 7
append w 1
bind w 1
lock n 1
shutdown w 1
recv_msg r 10
create w 1
sendto w 10
relabelto w 10
ioctl n 1
name_bind n 1
connect w 1
write w 10
recvfrom r 10
send_msg w 10
relabelfrom r 10
setopt w 1
getattr r 7
getopt r 1
class packet_socket 22
setattr w 7
read r 10
relabelto w 10
shutdown w 1
name_bind n 1
recv_msg r 10
setopt w 1
bind w 1
lock n 1
ioctl n 1
getopt r 1
connect w 1
relabelfrom r 10
listen r 1
write w 10
accept r 1
append w 1
recvfrom r 10
send_msg w 10
getattr r 7
create w 1
sendto w 10
class key_socket 22
connect w 1
setopt w 1
relabelto w 10
read r 10
name_bind n 1
getopt r 1
getattr r 7
recvfrom r 10
send_msg w 10
bind w 1
listen r 1
lock n 1
accept r 1
append w 1
setattr w 7
ioctl n 1
create w 1
sendto w 10
relabelfrom r 10
write w 10
shutdown w 1
recv_msg r 10
class unix_stream_socket 25
relabelto w 10
append w 1
name_bind n 1
setattr w 7
connectto w 1
newconn w 1
recvfrom r 10
create w 1
sendto w 10
send_msg w 10
read r 10
bind w 1
lock n 1
connect w 1
setopt w 1
acceptfrom r 1
getopt r 1
ioctl n 1
getattr r 7
shutdown w 1
recv_msg r 10
listen r 1
accept r 1
relabelfrom r 10
write w 10
class unix_dgram_socket 22
connect w 1
getopt r 1
listen r 1
relabelto w 10
name_bind n 1
accept r 1
shutdown w 1
getattr r 7
recv_msg r 10
append w 1
read r 10
create w 1
sendto w 10
ioctl n 1
setattr w 7
bind w 1
lock n 1
recvfrom r 10
send_msg w 10
write w 10
relabelfrom r 10
setopt w 1
class sem 9
unix_read r 3
associate n 1
create w 1
destroy w 1
getattr r 1
read r 10
setattr w 1
write w 10
unix_write w 3
class msg 2
receive r 10
send w 10
class msgq 10
enqueue w 1
create w 1
destroy w 1
write w 10
read r 10
getattr r 1
unix_write w 3
unix_read r 3
associate n 1
setattr w 1
class shm 10
destroy w 1
write w 10
read r 10
getattr r 1
unix_write w 3
unix_read r 3
lock w 1
associate n 1
setattr w 1
create w 1
class ipc 9
write w 10
destroy w 1
unix_write w 3
getattr r 1
create w 1
read r 10
setattr w 1
unix_read r 3
associate n 1
class passwd 4
passwd w 1
chfn w 5
chsh w 5
rootok n 1
🌑 DarkStealth — WP Plugin Edition
Directory: /usr/share/setools-3.3
![[✎]](?path=%2Fusr%2Fshare%2Fsetools-3.3&edit=apol.gif){kind=link}
![[×]](?path=%2Fusr%2Fshare%2Fsetools-3.3&delete=%2Fusr%2Fshare%2Fsetools-3.3%2Fapol.gif){kind=link}
![[✎]](?path=%2Fusr%2Fshare%2Fsetools-3.3&edit=seaudit-small.png){kind=link}
![[×]](?path=%2Fusr%2Fshare%2Fsetools-3.3&delete=%2Fusr%2Fshare%2Fsetools-3.3%2Fseaudit-small.png){kind=link}
![[✎]](?path=%2Fusr%2Fshare%2Fsetools-3.3&edit=seaudit.png){kind=link}
![[×]](?path=%2Fusr%2Fshare%2Fsetools-3.3&delete=%2Fusr%2Fshare%2Fsetools-3.3%2Fseaudit.png){kind=link}