Home | History | Annotate | Download | only in share
      1 # This is a permission map file for use in policy analysis.  This
      2 # file maps object permissions (read, getattr, setattr, ..., etc.) 
      3 # for an object class, to exactly one of the following: read, write, 
      4 # both, or none.  This file may be edited as long as the specific 
      5 # syntax rules are obeyed.
      6 #
      7 # For each object class, there is a set of object permissions that are 
      8 # individually mapped to read, write, both, or none.  If a new object
      9 # class is added, make sure that the current number of object classes
     10 # is increased.
     11 #
     12 # The syntax for an object class definition is:
     13 # class <class_name> <num_permissions>
     14 # 
     15 # This is followed by each permission and its individual mapping to one 
     16 # of the following:
     17 #
     18 # 	r   =	Read
     19 #	w   =	Write
     20 #	n   =	None
     21 #	b   =	Both
     22 #
     23 # Additionally, you can choose to follow the mapping with an optional  
     24 # permission weight value from 1 (less importance) to 10 (higher importance). 
     25 # 10 is the default weight value if one is not provided.
     26 #
     27 # Look to the examples below for further clarification.
     28 #
     29 # Number of object classes.
     30 58
     31 
     32 class security 11
     33         compute_av     n           1
     34     compute_create     n           1
     35     compute_member     n           1
     36      check_context     n           1
     37        load_policy     n           1
     38    compute_relabel     n           1
     39       compute_user     n           1
     40         setenforce     n           1
     41            setbool     n           1
     42        setsecparam     n           1
     43    setcheckreqprot     n           1
     44 
     45 class process 29
     46               fork     n           1
     47         transition     w           5
     48            sigchld     w           1
     49            sigkill     w           1
     50            sigstop     w           1
     51            signull     n           1
     52             signal     w           5
     53             ptrace     b          10
     54           getsched     r           1
     55           setsched     w           1
     56         getsession     r           1
     57            getpgid     r           1
     58            setpgid     w           5
     59             getcap     r           3
     60             setcap     w           1
     61              share     b           1
     62            getattr     r           1
     63            setexec     w           1
     64        setfscreate     w           1
     65         noatsecure     n           1
     66             siginh     n           1
     67          setrlimit     n           1
     68          rlimitinh     n           1
     69      dyntransition     w          10
     70         setcurrent     w           1
     71            execmem     n           1
     72          execstack     n           1
     73           execheap     n           1
     74       setkeycreate     w           1
     75 
     76 class system 4
     77           ipc_info     n           1
     78        syslog_read     n           1
     79         syslog_mod     n           1
     80     syslog_console     n           1
     81 
     82 class capability 31
     83              chown     n           3
     84       dac_override     n           1
     85    dac_read_search     n           1
     86             fowner     n           1
     87             fsetid     n           1
     88               kill     n           1
     89             setgid     n           3
     90             setuid     n           1
     91            setpcap     n           3
     92    linux_immutable     n           1
     93   net_bind_service     n           1
     94      net_broadcast     n           1
     95          net_admin     n           1
     96            net_raw     n           1
     97           ipc_lock     n           1
     98          ipc_owner     n           1
     99         sys_module     n           1
    100          sys_rawio     n           1
    101         sys_chroot     n           1
    102         sys_ptrace     n           1
    103          sys_pacct     n           1
    104          sys_admin     n           3
    105           sys_boot     n           1
    106           sys_nice     n           1
    107       sys_resource     n           1
    108           sys_time     n           1
    109     sys_tty_config     n           1
    110              mknod     n           1
    111              lease     n           1
    112        audit_write     n           3
    113      audit_control     n           1
    114 
    115 class filesystem 10
    116              mount     w           1
    117            remount     w           1
    118            unmount     w           1
    119            getattr     r           1
    120        relabelfrom     r           10
    121          relabelto     w           10
    122         transition     w           1
    123          associate     n           1
    124           quotamod     w           1
    125           quotaget     r           1
    126 
    127 class file 21
    128   execute_no_trans     r           1
    129         entrypoint     r           1
    130            execmod     n           1
    131              ioctl     n           1
    132               read     r          10
    133              write     w          10
    134             create     w           1
    135            getattr     r           7
    136            setattr     w           7
    137               lock     n           1
    138        relabelfrom     r           10
    139          relabelto     w           10
    140             append     w           10
    141             unlink     w           1
    142               link     w           1
    143             rename     w           5
    144            execute     r           10
    145             swapon     b           1
    146            quotaon     b           1
    147            mounton     b           1
    148 	      open     r	   1
    149 
    150 class dir 23
    151           add_name     w           1
    152        remove_name     w           1
    153           reparent     w           1
    154             search     r           1
    155              rmdir     b           1
    156              ioctl     n           1
    157               read     r           1
    158              write     w           1
    159             create     w           1
    160            getattr     r           1
    161            setattr     w           1
    162               lock     n           1
    163        relabelfrom     r           1
    164          relabelto     w           1
    165             append     w           1
    166             unlink     w           1
    167               link     w           1
    168             rename     w           1
    169            execute     r           1
    170             swapon     b           1
    171            quotaon     b           1
    172            mounton     b           1
    173 	      open     r	   1
    174 
    175 class fd 1
    176                use     b           1
    177 
    178 class lnk_file 18
    179              ioctl     n           1
    180               read     r           1
    181              write     w           1
    182             create     w           1
    183            getattr     r           1
    184            setattr     w           1
    185               lock     n           1
    186        relabelfrom     r           1
    187          relabelto     w           1
    188             append     w           1
    189             unlink     w           1
    190               link     w           1
    191             rename     w           1
    192            execute     r           1
    193             swapon     b           1
    194            quotaon     b           1
    195            mounton     b           1
    196 	      open     r	   1
    197 
    198 class chr_file 21
    199   execute_no_trans     r           1
    200         entrypoint     r           1
    201            execmod     n           1
    202              ioctl     n           1
    203               read     r          10
    204              write     w          10
    205             create     w           1
    206            getattr     r           7
    207            setattr     w           7
    208               lock     n           1
    209        relabelfrom     r           10
    210          relabelto     w           10
    211             append     w           1
    212             unlink     w           1
    213               link     w           1
    214             rename     w           5
    215            execute     r           1
    216             swapon     b           1
    217            quotaon     b           1
    218            mounton     b           1
    219 	      open     r	   1
    220 
    221 class blk_file 18
    222              ioctl     n           1
    223               read     r          10
    224              write     w          10
    225             create     w           1
    226            getattr     r           7
    227            setattr     w           7
    228               lock     n           1
    229        relabelfrom     r           10
    230          relabelto     w           10
    231             append     w           1
    232             unlink     w           1
    233               link     w           1
    234             rename     w           5
    235            execute     r           1
    236             swapon     b           1
    237            quotaon     b           1
    238            mounton     b           1
    239 	      open     r	   1
    240 
    241 class sock_file 18
    242              ioctl     n           1
    243               read     r          10
    244              write     w          10
    245             create     w           1
    246            getattr     r           7
    247            setattr     w           7
    248               lock     n           1
    249        relabelfrom     r           10
    250          relabelto     w           10
    251             append     w           1
    252             unlink     w           1
    253               link     w           1
    254             rename     w           1
    255            execute     r           1
    256             swapon     b           1
    257            quotaon     b           1
    258            mounton     b           1
    259 	      open     r	   1
    260 
    261 class fifo_file 18
    262              ioctl     n           1
    263               read     r          10
    264              write     w          10
    265             create     w           1
    266            getattr     r           7
    267            setattr     w           7
    268               lock     n           1
    269        relabelfrom     r           10
    270          relabelto     w           10
    271             append     w           1
    272             unlink     w           1
    273               link     w           1
    274             rename     w           5
    275            execute     r           1
    276             swapon     b           1
    277            quotaon     b           1
    278            mounton     b           1
    279 	      open     r	   1
    280 
    281 class socket 22
    282              ioctl     n           1
    283               read     r          10
    284              write     w          10
    285             create     w           1
    286            getattr     r           7
    287            setattr     w           7
    288               lock     n           1
    289        relabelfrom     r           10
    290          relabelto     w           10
    291             append     w           1
    292               bind     w           1
    293            connect     w           1
    294             listen     r           1
    295             accept     r           1
    296             getopt     r           1
    297             setopt     w           1
    298           shutdown     w           1
    299           recvfrom     r          10
    300             sendto     w          10
    301           recv_msg     r          10
    302           send_msg     w          10
    303          name_bind     n           1
    304 
    305 class tcp_socket 27
    306          connectto     w           1
    307            newconn     w           1
    308         acceptfrom     r           1
    309          node_bind     n           1
    310              ioctl     n           1
    311               read     r          10
    312              write     w          10
    313             create     w           1
    314            getattr     r           7
    315            setattr     w           7
    316               lock     n           1
    317        relabelfrom     r           10
    318          relabelto     w           10
    319             append     w           1
    320               bind     w           1
    321            connect     w           1
    322             listen     r           1
    323             accept     r           1
    324             getopt     r           1
    325             setopt     w           1
    326           shutdown     w           1
    327           recvfrom     r          10
    328             sendto     w          10
    329           recv_msg     r          10
    330           send_msg     w          10
    331          name_bind     n           1
    332       name_connect     w           1
    333 
    334 class udp_socket 23
    335          node_bind     n           1
    336              ioctl     n           1
    337               read     r          10
    338              write     w          10
    339             create     w           1
    340            getattr     r           7
    341            setattr     w           7
    342               lock     n           1
    343        relabelfrom     r           10
    344          relabelto     w           10
    345             append     w           1
    346               bind     w           1
    347            connect     w           1
    348             listen     r           1
    349             accept     r           1
    350             getopt     r           1
    351             setopt     w           1
    352           shutdown     w           1
    353           recvfrom     r          10
    354             sendto     w          10
    355           recv_msg     r          10
    356           send_msg     w          10
    357          name_bind     n           1
    358 
    359 class rawip_socket 23
    360          node_bind     n           1
    361              ioctl     n           1
    362               read     r          10
    363              write     w          10
    364             create     w           1
    365            getattr     r           1
    366            setattr     w           1
    367               lock     n           1
    368        relabelfrom     r           10
    369          relabelto     w           10
    370             append     w           1
    371               bind     w           1
    372            connect     w           1
    373             listen     r           1
    374             accept     r           1
    375             getopt     r           1
    376             setopt     w           1
    377           shutdown     w           1
    378           recvfrom     r          10
    379             sendto     w          10
    380           recv_msg     r          10
    381           send_msg     w          10
    382          name_bind     n           1
    383 
    384 class node 7
    385           tcp_recv     r          10
    386           tcp_send     w          10
    387           udp_recv     r          10
    388           udp_send     w          10
    389         rawip_recv     r          10
    390         rawip_send     w          10
    391       enforce_dest     n           1
    392 
    393 class netif 6
    394           tcp_recv     r          10
    395           tcp_send     w          10
    396           udp_recv     r          10
    397           udp_send     w          10
    398         rawip_recv     r          10
    399         rawip_send     w          10
    400 
    401 class netlink_socket 22
    402              ioctl     n           1
    403               read     r          10
    404              write     w          10
    405             create     w           1
    406            getattr     r           7
    407            setattr     w           7
    408               lock     n           1
    409        relabelfrom     r           10
    410          relabelto     w           10
    411             append     w           1
    412               bind     w           1
    413            connect     w           1
    414             listen     r           1
    415             accept     r           1
    416             getopt     r           1
    417             setopt     w           1
    418           shutdown     w           1
    419           recvfrom     r          10
    420             sendto     w          10
    421           recv_msg     r          10
    422           send_msg     w          10
    423          name_bind     n           1
    424 
    425 class packet_socket 22
    426              ioctl     n           1
    427               read     r          10
    428              write     w          10
    429             create     w           1
    430            getattr     r           7
    431            setattr     w           7
    432               lock     n           1
    433        relabelfrom     r           10
    434          relabelto     w           10
    435             append     w           1
    436               bind     w           1
    437            connect     w           1
    438             listen     r           1
    439             accept     r           1
    440             getopt     r           1
    441             setopt     w           1
    442           shutdown     w           1
    443           recvfrom     r          10
    444             sendto     w          10
    445           recv_msg     r          10
    446           send_msg     w          10
    447          name_bind     n           1
    448 
    449 class key_socket 22
    450              ioctl     n           1
    451               read     r          10
    452              write     w          10
    453             create     w           1
    454            getattr     r           7
    455            setattr     w           7
    456               lock     n           1
    457        relabelfrom     r           10
    458          relabelto     w           10
    459             append     w           1
    460               bind     w           1
    461            connect     w           1
    462             listen     r           1
    463             accept     r           1
    464             getopt     r           1
    465             setopt     w           1
    466           shutdown     w           1
    467           recvfrom     r          10
    468             sendto     w          10
    469           recv_msg     r          10
    470           send_msg     w          10
    471          name_bind     n           1
    472 
    473 class unix_stream_socket 25
    474          connectto     w           1
    475            newconn     w           1
    476         acceptfrom     r           1
    477              ioctl     n           1
    478               read     r          10
    479              write     w          10
    480             create     w           1
    481            getattr     r           7
    482            setattr     w           7
    483               lock     n           1
    484        relabelfrom     r           10
    485          relabelto     w           10
    486             append     w           1
    487               bind     w           1
    488            connect     w           1
    489             listen     r           1
    490             accept     r           1
    491             getopt     r           1
    492             setopt     w           1
    493           shutdown     w           1
    494           recvfrom     r          10
    495             sendto     w          10
    496           recv_msg     r          10
    497           send_msg     w          10
    498          name_bind     n           1
    499 
    500 class unix_dgram_socket 22
    501              ioctl     n           1
    502               read     r          10
    503              write     w          10
    504             create     w           1
    505            getattr     r           7
    506            setattr     w           7
    507               lock     n           1
    508        relabelfrom     r           10
    509          relabelto     w           10
    510             append     w           1
    511               bind     w           1
    512            connect     w           1
    513             listen     r           1
    514             accept     r           1
    515             getopt     r           1
    516             setopt     w           1
    517           shutdown     w           1
    518           recvfrom     r          10
    519             sendto     w          10
    520           recv_msg     r          10
    521           send_msg     w          10
    522          name_bind     n           1
    523 
    524 class sem 9
    525             create     w           1
    526            destroy     w           1
    527            getattr     r           1
    528            setattr     w           1
    529               read     r          10
    530              write     w          10
    531          associate     n           1
    532          unix_read     r           3
    533         unix_write     w           3
    534 
    535 class msg 2
    536               send     w          10
    537            receive     r          10
    538 
    539 class msgq 10
    540            enqueue     w           1
    541             create     w           1
    542            destroy     w           1
    543            getattr     r           1
    544            setattr     w           1
    545               read     r          10
    546              write     w          10
    547          associate     n           1
    548          unix_read     r           3
    549         unix_write     w           3
    550 
    551 class shm 10
    552               lock     w           1
    553             create     w           1
    554            destroy     w           1
    555            getattr     r           1
    556            setattr     w           1
    557               read     r          10
    558              write     w          10
    559          associate     n           1
    560          unix_read     r           3
    561         unix_write     w           3
    562 
    563 class ipc 9
    564             create     w           1
    565            destroy     w           1
    566            getattr     r           1
    567            setattr     w           1
    568               read     r          10
    569              write     w          10
    570          associate     n           1
    571          unix_read     r           3
    572         unix_write     w           3
    573 
    574 class passwd 5
    575             passwd     w           1
    576               chfn     w           5
    577               chsh     w           5
    578             rootok     n           1
    579            crontab     w           5
    580 
    581 class drawable 5
    582             create     w           1
    583            destroy     w           1
    584               draw     w          10
    585               copy     r          10
    586            getattr     r           7
    587 
    588 class window 26
    589           addchild     w           1
    590             create     w           1
    591            destroy     w           1
    592                map     w           1
    593              unmap     w           1
    594            chstack     w          10
    595         chproplist     w           7
    596             chprop     w          10
    597           listprop     r           5
    598            getattr     r           5
    599            setattr     w           5
    600           setfocus     w           1
    601               move     w          10
    602        chselection     w          10
    603           chparent     w           5
    604           ctrllife     w           5
    605          enumerate     w           1
    606        transparent     w           1
    607        mousemotion     w          10
    608     clientcomevent     w           5
    609         inputevent     w           5
    610          drawevent     w           5
    611  windowchangeevent     w           5
    612 windowchangerequest    w           5
    613  serverchangeevent     w           5
    614     extensionevent     w           5
    615 
    616 class gc 4
    617             create     w           1
    618               free     w           1
    619            getattr     r           5
    620            setattr     w           5
    621 
    622 class font 4
    623               load     r           1
    624               free     w           1
    625            getattr     r           5
    626                use     r           1
    627 
    628 class colormap 9
    629             create     w           1
    630               free     w           1
    631            install     w          10
    632          uninstall     w           1
    633               list     r           5
    634               read     r          10
    635              store     w          10
    636            getattr     r           5
    637            setattr     w           5
    638 
    639 class property 4
    640             create     w           1
    641               free     w           1
    642               read     r          10
    643              write     w          10
    644 
    645 class cursor 5
    646             create     w           1
    647        createglyph     w          10
    648               free     w           1
    649             assign     w          10
    650            setattr     w           5
    651 
    652 class xclient 1
    653               kill     w           1
    654 
    655 class xinput 11
    656             lookup     r          10
    657            getattr     r           5
    658            setattr     w           5
    659           setfocus     w          10
    660        warppointer     w          10
    661         activegrab     w           1
    662        passivegrab     w           1
    663             ungrab     w           1
    664               bell     w           3
    665        mousemotion     w          10
    666       relabelinput     b           3
    667 
    668 class xserver 8
    669        screensaver     w          10
    670        gethostlist     r           7
    671        sethostlist     w           7
    672        getfontpath     r           7
    673        setfontpath     w           7
    674            getattr     r           7
    675               grab     w          10
    676             ungrab     w           1
    677 
    678 class xextension 2
    679              query     r          10
    680                use     b           1
    681 
    682 class pax 6
    683           pageexec     n           1
    684           emutramp     n           1
    685           mprotect     n           1
    686           randmmap     n           1
    687           randexec     n           1
    688           segmexec     n           1
    689 
    690 class netlink_route_socket 24
    691         nlmsg_read     r          10
    692        nlmsg_write     w          10
    693              ioctl     n           1
    694               read     r          10
    695              write     w          10
    696             create     w           1
    697            getattr     r           7
    698            setattr     w           7
    699               lock     n           1
    700        relabelfrom     r           10
    701          relabelto     w           10
    702             append     w           1
    703               bind     w           1
    704            connect     w           1
    705             listen     r           1
    706             accept     r           1
    707             getopt     r           1
    708             setopt     w           1
    709           shutdown     w           1
    710           recvfrom     r          10
    711             sendto     r          10
    712           recv_msg     r          10
    713           send_msg     w          10
    714          name_bind     n           1
    715 
    716 class netlink_firewall_socket 24
    717         nlmsg_read     r          10
    718        nlmsg_write     w          10
    719              ioctl     n           1
    720               read     r          10
    721              write     w          10
    722             create     w           1
    723            getattr     r           7
    724            setattr     w           7
    725               lock     n           1
    726        relabelfrom     r           10
    727          relabelto     w           10
    728             append     w           1
    729               bind     w           1
    730            connect     w           1
    731             listen     r           1
    732             accept     r           1
    733             getopt     r           1
    734             setopt     w           1
    735           shutdown     w           1
    736           recvfrom     r          10
    737             sendto     r          10
    738           recv_msg     r          10
    739           send_msg     w          10
    740          name_bind     n           1
    741 
    742 class netlink_tcpdiag_socket 24
    743         nlmsg_read     r          10
    744        nlmsg_write     w          10
    745              ioctl     n           1
    746               read     r          10
    747              write     w          10
    748             create     w           1
    749            getattr     r           7
    750            setattr     w           7
    751               lock     n           1
    752        relabelfrom     r           10
    753          relabelto     w           10
    754             append     w           1
    755               bind     w           1
    756            connect     w           1
    757             listen     r           1
    758             accept     r           1
    759             getopt     r           1
    760             setopt     w           1
    761           shutdown     w           1
    762           recvfrom     r          10
    763             sendto     r          10
    764           recv_msg     r          10
    765           send_msg     w          10
    766          name_bind     n           1
    767 
    768 class netlink_nflog_socket 22
    769              ioctl     n           1
    770               read     r          10
    771              write     w          10
    772             create     w           1
    773            getattr     r           7
    774            setattr     w           7
    775               lock     n           1
    776        relabelfrom     r           10
    777          relabelto     w           10
    778             append     w           1
    779               bind     w           1
    780            connect     w           1
    781             listen     r           1
    782             accept     r           1
    783             getopt     r           1
    784             setopt     w           1
    785           shutdown     w           1
    786           recvfrom     r          10
    787             sendto     r          10
    788           recv_msg     r          10
    789           send_msg     w          10
    790          name_bind     n           1
    791 
    792 class netlink_xfrm_socket 24
    793         nlmsg_read     r          10
    794        nlmsg_write     w          10
    795              ioctl     n           1
    796               read     r          10
    797              write     w          10
    798             create     w           1
    799            getattr     r           7
    800            setattr     w           7
    801               lock     n           1
    802        relabelfrom     r           10
    803          relabelto     w           10
    804             append     w           1
    805               bind     w           1
    806            connect     w           1
    807             listen     r           1
    808             accept     r           1
    809             getopt     r           1
    810             setopt     w           1
    811           shutdown     w           1
    812           recvfrom     r          10
    813             sendto     r          10
    814           recv_msg     r          10
    815           send_msg     w          10
    816          name_bind     n           1
    817 
    818 class netlink_selinux_socket 22
    819              ioctl     n           1
    820               read     r          10
    821              write     w          10
    822             create     w           1
    823            getattr     r           7
    824            setattr     w           7
    825               lock     n           1
    826        relabelfrom     r           10
    827          relabelto     w           10
    828             append     w           1
    829               bind     w           1
    830            connect     w           1
    831             listen     r           1
    832             accept     r           1
    833             getopt     r           1
    834             setopt     w           1
    835           shutdown     w           1
    836           recvfrom     r          10
    837             sendto     r          10
    838           recv_msg     r          10
    839           send_msg     w          10
    840          name_bind     n           1
    841 
    842 class netlink_audit_socket 26
    843         nlmsg_read     r          10
    844        nlmsg_write     w          10
    845              ioctl     n           1
    846               read     r          10
    847              write     w          10
    848             create     w           1
    849            getattr     r           7
    850            setattr     w           7
    851               lock     n           1
    852        relabelfrom     r           10
    853          relabelto     w           10
    854             append     w           1
    855               bind     w           1
    856            connect     w           1
    857             listen     r           1
    858             accept     r           1
    859             getopt     r           1
    860             setopt     w           1
    861           shutdown     w           1
    862           recvfrom     r          10
    863             sendto     r          10
    864           recv_msg     r          10
    865           send_msg     w          10
    866          name_bind     n           1
    867        nlmsg_relay     w          10
    868     nlmsg_readpriv     r          10
    869 
    870 class netlink_ip6fw_socket 24
    871         nlmsg_read     r          10
    872        nlmsg_write     w          10
    873              ioctl     n           1
    874               read     r          10
    875              write     w          10
    876             create     w           1
    877            getattr     r           7
    878            setattr     w           7
    879               lock     n           1
    880        relabelfrom     r           10
    881          relabelto     w           10
    882             append     w           1
    883               bind     w           1
    884            connect     w           1
    885             listen     r           1
    886             accept     r           1
    887             getopt     r           1
    888             setopt     w           1
    889           shutdown     w           1
    890           recvfrom     r          10
    891             sendto     r          10
    892           recv_msg     r          10
    893           send_msg     w          10
    894          name_bind     n           1
    895 
    896 class netlink_dnrt_socket 22
    897              ioctl     n           1
    898               read     r          10
    899              write     w          10
    900             create     w           1
    901            getattr     r           7
    902            setattr     w           7
    903               lock     n           1
    904        relabelfrom     r           10
    905          relabelto     w           10
    906             append     w           1
    907               bind     w           1
    908            connect     w           1
    909             listen     r           1
    910             accept     r           1
    911             getopt     r           1
    912             setopt     w           1
    913           shutdown     w           1
    914           recvfrom     r          10
    915             sendto     r          10
    916           recv_msg     r          10
    917           send_msg     w          10
    918          name_bind     n           1
    919 
    920 class netlink_kobject_uevent_socket 22
    921              ioctl     n           1
    922               read     r          10
    923              write     w          10
    924             create     w           1
    925            getattr     r           7
    926            setattr     w           7
    927               lock     n           1
    928        relabelfrom     r           10
    929          relabelto     w           10
    930             append     w           1
    931               bind     w           1
    932            connect     w           1
    933             listen     r           1
    934             accept     r           1
    935             getopt     r           1
    936             setopt     w           1
    937           shutdown     w           1
    938           recvfrom     r          10
    939             sendto     w          10
    940           recv_msg     r          10
    941           send_msg     w          10
    942          name_bind     n           1
    943 
    944 class dbus 2
    945        acquire_svc     b           1
    946           send_msg     w          10
    947 
    948 class nscd 8
    949             getpwd     r           7
    950             getgrp     r           7
    951            gethost     r           7
    952            getstat     r           7
    953              admin     w           5
    954           shmempwd     r           7
    955           shmemgrp     r           7
    956          shmemhost     r           7
    957 
    958 class association 4
    959             sendto     w          10
    960           recvfrom     r          10
    961         setcontext     w           3
    962           polmatch     r           1
    963 
    964 class appletalk_socket 22
    965              ioctl     n           1
    966               read     r          10
    967              write     w          10
    968             create     w           1
    969            getattr     r           1
    970            setattr     w           1
    971               lock     n           1
    972        relabelfrom     r          10
    973          relabelto     w          10
    974             append     w           1
    975               bind     w           1
    976            connect     w           1
    977             listen     r           1
    978             accept     r           1
    979             getopt     r           1
    980             setopt     w           1
    981           shutdown     w           1
    982           recvfrom     r          10
    983             sendto     w          10
    984           recv_msg     r          10
    985           send_msg     w          10
    986          name_bind     n           1
    987 
    988 class key 7
    989               view     r           7
    990               read     r          10
    991              write     w          10
    992             search     r           5
    993               link     w           7
    994            setattr     w           7
    995             create     w          10
    996 
    997 class packet 3
    998               send     w          10
    999               recv     r          10
   1000          relabelto     w           3
   1001