˙|ųT€˙|ųSE Linux Module googleearth1.0.0,,%netlink_audit_socket nlmsg_relay append bind connectcreatewrite relabelfromioctl name_bindnlmsg_readpriv nlmsg_writesendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen nlmsg_read tcp_socket append bind connectcreatewrite relabelfrom acceptfrom connecttoioctl name_bind node_bindnewconnsendtorecv_msgsend_msggetattrsetattracceptgetopt name_connectreadsetoptshutdownrecvfromlock relabelto listen msgq associatecreatewrite unix_readdestroygetattrsetattrread enqueue unix_writedirrmdir appendcreateexecutewrite relabelfrom link unlinkioctl remove_namegetattrsetattradd_namereparentread renamesearchlock relabeltomountonquotaonswapon blk_file appendcreateexecutewrite relabelfrom link unlinkioctlgetattrsetattrread renamelock relabeltomountonquotaonswapon chr_file appendcreateexecutewrite relabelfrom link unlinkioctl entrypointgetattrsetattrexecmodread renamelock relabeltoexecute_no_transmountonquotaonswapon ipc associatecreatewrite unix_readdestroygetattrsetattrread unix_write lnk_file appendcreateexecutewrite relabelfrom link unlinkioctlgetattrsetattrread renamelock relabeltomountonquotaonswaponprocessgetcapsetcapsigstopsigchldshareexecheap setcurrent setfscreate setkeycreatesiginh dyntransition transitionfork getsession noatsecuresigkillsignull setrlimitgetattr getschedsetexec setsched getpgid setpgidptrace execstack rlimitinh setsockcreatesignalexecmemfduse+packetflow_outsendrecv relabeltoflow_insocket append bind connectcreatewrite relabelfromioctl name_bindsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen fifo_file appendcreateexecutewrite relabelfrom link unlinkioctlgetattrsetattrread renamelock relabeltomountonquotaonswaponfile appendcreateexecutewrite relabelfrom link unlinkioctl entrypointgetattrsetattrexecmodread renamelock relabeltoexecute_no_transmountonquotaonswaponnode rawip_recvtcp_recvudp_recv rawip_sendtcp_sendudp_send enforce_dest"netlink_nflog_socket append bind connectcreatewrite relabelfromioctl name_bindsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listenpaxmprotectemutramprandmmappageexecrandexecsegmexec,keycreatewriteviewlinksetattrreadsearch!netlink_tcpdiag_socket append bind connectcreatewrite relabelfromioctl name_bind nlmsg_writesendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen nlmsg_readunix_stream_socket append bind connectcreatewrite relabelfrom acceptfrom connecttoioctl name_bindnewconnsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listennetlink_route_socket append bind connectcreatewrite relabelfromioctl name_bind nlmsg_writesendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen nlmsg_read shm associatecreatewrite unix_readdestroygetattrsetattrread lock unix_write$netlink_selinux_socket append bind connectcreatewrite relabelfromioctl name_bindsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen capability setpcapfownersys_bootsys_tty_confignet_raw sys_admin sys_chroot sys_module sys_rawio dac_override ipc_ownerkilldac_read_search sys_pacct net_broadcast net_bind_servicesys_nicesys_timefsetidmknodsetgidsetuidlease net_admin audit_write linux_immutable sys_ptrace audit_controlipc_lock sys_resourcechown&netlink_ip6fw_socket append bind connectcreatewrite relabelfromioctl name_bind nlmsg_writesendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen nlmsg_read netlink_firewall_socket append bind connectcreatewrite relabelfromioctl name_bind nlmsg_writesendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen nlmsg_read sock_file appendcreateexecutewrite relabelfrom link unlinkioctlgetattrsetattrread renamelock relabeltomountonquotaonswaponunix_dgram_socket append bind connectcreatewrite relabelfromioctl name_bindsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen)netlink_kobject_uevent_socket append bind connectcreatewrite relabelfromioctl name_bindsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen  filesystem associate quotaget relabelfrom transitiongetattr quotamodmountremountunmount relabelto#netlink_xfrm_socket append bind connectcreatewrite relabelfromioctl name_bind nlmsg_writesendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen nlmsg_read'netlink_dnrt_socket append bind connectcreatewrite relabelfromioctl name_bindsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen key_socket append bind connectcreatewrite relabelfromioctl name_bindsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listennetif rawip_recvtcp_recvudp_recv rawip_sendtcp_sendudp_send packet_socket append bind connectcreatewrite relabelfromioctl name_bindsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listenmsgsendreceive udp_socket append bind connectcreatewrite relabelfromioctl name_bind node_bindsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen*appletalk_socket append bind connectcreatewrite relabelfromioctl name_bindsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen rawip_socket append bind connectcreatewrite relabelfromioctl name_bind node_bindsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen (association setcontextsendtorecvfrompolmatchnetlink_socket append bind connectcreatewrite relabelfromioctl name_bindsendtorecv_msgsend_msggetattrsetattracceptgetoptreadsetoptshutdownrecvfromlock relabelto listen sem associatecreatewrite unix_readdestroygetattrsetattrread unix_writesystemipc_info syslog_readsyslog_console syslog_mod securitycompute_member compute_usercompute_create setenforce check_context setcheckreqprotcompute_relabel setbool load_policy setsecparam compute_avobject_r@@@system_r@@@@''@nscd_var_run_t %@unlabeled_t @dri_device_t @selinux_config_t&@user_home_dir_t@devpts_t@locale_t @etc_t@fonts_t@fs_t @ld_so_t@proc_t@rpm_t@tmpfs_t @xdm_t @googleearth_t @http_port_t@googleearth_exec_t '@user_home_t @ld_so_cache_t@direct_run_init #@net_conf_t@urandom_device_t@sysctl_kernel_t "@home_root_t@sysctl_t@bin_t@init_t @lib_t@shlib_t$@tmp_t@usr_t@var_t@textrel_shlib_t @security_t @unconfined_t @default_t !@xdm_tmp_t@@domains0@c0c1023P@@@@@@@@@@@@@@@@@@S@@@@@@S@@@@@@ S@@@@@@S@@@@@@S@@@@@@ S@@@@@@ S@@@@@@S @@@@@@S@@@@@€@S@@@@@@S@@@@@@ S@@@@@`@ S@@@@@`@S @@@@@@@@@@@@@@@@@@@ @@@@@€@@@@@@@S@@@@@@ S@@@@@@S@@@@@€@@@@@@@S@@@@@@S S@@@@@ @@@@@?ū@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@ @@@@@@ @@@@@@@@@@@@ @@@@@ @@@@@@ @@@@@@@@@@@@@@ @@@@@@@@@@€@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@N@@@@@@@@@@@ @ @@@@@€@ @@@@@@@@@@@@€@@@@@@@@ @@@@@@@@@@@@@@@@€@ &@@@@@@ @@@@@@ @@@@@ @@@@@@ @@@@@H@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@+@@@@@ @@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@˙˙˙˙˙@@@@ ū˙˙@@@@@@,@@˙@@˙˙˙?@@@@˙˙˙@@˙@@˙˙@@˙˙?@@@@˙˙@@˙˙@@˙˙@@˙˙@@˙˙@@˙˙?@@˙˙˙@@˙˙@@˙˙@@@@?@@˙˙?@@˙˙?@@˙˙?@@˙˙˙@@˙˙?@@˙@@@@˙@@˙@@˙@@?@@˙˙˙@@˙˙˙@@˙˙˙@@˙˙?@@˙˙˙@@˙˙?@@˙˙˙@@˙˙˙@@˙˙?@@@@˙˙?@@˙˙?@@@@@@@@@@@@@@@@@@@@@@@@@ @@@˙˙˙˙˙@@@@<ū˙˙@@@@@@,@@˙@@˙˙˙?@@@@˙˙˙@@˙@@˙˙@@˙˙?@@@@˙˙@@˙˙@@˙˙@@˙˙@@˙˙@@˙˙?@@˙˙˙@@˙˙@@˙˙@@@@?@@˙˙?@@˙˙?@@˙˙?@@˙˙˙@@˙˙?@@˙@@@@˙@@˙@@˙@@?@@˙˙˙@@˙˙˙@@˙˙˙@@˙˙?@@˙˙˙@@˙˙?@@˙˙˙@@˙˙˙@@˙˙?@@@@˙˙?@@˙˙?@@@@@@@@@@@@@@@@@@@@@@@@@@ S@@@˙˙˙˙˙@@@@Lū˙˙@@@@@@,@@˙@@˙˙˙?@@@@˙˙˙@@˙@@˙˙@@˙˙?@@@@˙˙@@˙˙@@˙˙@@˙˙@@˙˙@@˙˙?@@˙˙˙@@˙˙@@˙˙@@@@?@@˙˙?@@˙˙?@@˙˙?@@˙˙˙@@˙˙?@@˙@@@@˙@@˙@@˙@@?@@˙˙˙@@˙˙˙@@˙˙˙@@˙˙?@@˙˙˙@@˙˙?@@˙˙˙@@˙˙˙@@˙˙?@@@@˙˙?@@˙˙?@@@@@@@@@@@@@@@@@€@@@@@@€@@@@˙˙˙˙˙@@@@Œū˙˙@@@@@@,@@˙@@˙˙˙?@@@@˙˙˙@@˙@@˙˙@@˙˙?@@@@˙˙@@˙˙@@˙˙@@˙˙@@˙˙@@˙˙?@@˙˙˙@@˙˙@@˙˙@@@@?@@˙˙?@@˙˙?@@˙˙?@@˙˙˙@@˙˙?@@˙@@@@˙@@˙@@˙@@?@@˙˙˙@@˙˙˙@@˙˙˙@@˙˙?@@˙˙˙@@˙˙?@@˙˙˙@@˙˙˙@@˙˙?@@@@˙˙?@@˙˙?@@@@@@@@@@@@@@@@@@@@@@@@@@@˙˙˙˙˙@@@@ ˙˙˙@@@@@@,@@˙@@˙˙˙?@@@@˙˙˙@@˙@@˙˙@@˙˙?@@@@˙˙@@˙˙@@˙˙@@˙˙@@˙˙@@˙˙?@@˙˙˙@@˙˙@@˙˙@@@@?@@˙˙?@@˙˙?@@˙˙?@@˙˙˙@@˙˙?@@˙@@@@˙@@˙@@˙@@?@@˙˙˙@@˙˙˙@@˙˙˙@@˙˙?@@˙˙˙@@˙˙?@@˙˙˙@@˙˙˙@@˙˙?@@@@˙˙?@@˙˙?@@@@@@@@@@@@,netlink_audit_socket tcp_socketmsgqdirblk_filechr_fileipclnk_fileprocessfdpacketsocket fifo_filefilenodenetlink_nflog_socketpaxkeynetlink_tcpdiag_socketunix_stream_socketnetlink_route_socketshmnetlink_selinux_socket capabilitynetlink_ip6fw_socketnetlink_firewall_socket sock_fileunix_dgram_socketnetlink_kobject_uevent_socket filesystemnetlink_xfrm_socketnetlink_dnrt_socket key_socketnetif packet_socketmsg udp_socketappletalk_socket rawip_socket associationnetlink_socketsemsystemsecurityobject_rsystem_r'nscd_var_run_t unlabeled_t dri_device_tselinux_config_tuser_home_dir_tdevpts_tlocale_tetc_tfonts_tfs_tld_so_tproc_trpm_ttmpfs_txdm_t googleearth_t http_port_tgoogleearth_exec_t user_home_t ld_so_cache_tdirect_run_init net_conf_turandom_device_tsysctl_kernel_t home_root_tsysctl_tbin_tinit_tlib_tshlib_ttmp_tusr_tvar_ttextrel_shlib_t security_t unconfined_t default_t xdm_tmp_tdomains0c0c1023˙|ų ######################################## # # Macros for switching between source policy # and loadable policy module support # ############################## # # For adding the module statement # ############################## # # For use in interfaces, to optionally insert a require block # # helper function, since m4 wont expand macros # if a line is a comment (#): ############################## # # In the future interfaces should be in loadable modules # # template(name,rules) # ############################## # # In the future interfaces should be in loadable modules # # interface(name,rules) # ############################## # # Optional policy handling # ############################## # # Determine if we should use the default # tunable value as specified by the policy # or if the override value should be used # ############################## # # Extract booleans out of an expression. # This needs to be reworked so expressions # with parentheses can work. ############################## # # Tunable declaration # ############################## # # Tunable policy handling # ######################################## # # Helper macros # # # shiftn(num,list...) # # shift the list num times # # # ifndef(expr,true_block,false_block) # # m4 does not have this. # # # __endline__ # # dummy macro to insert a newline. used for # errprint, so the close parentheses can be # indented correctly. # ######################################## # # refpolwarn(message) # # print a warning message # ######################################## # # refpolerr(message) # # print an error message. does not # make anything fail. # ######################################## # # gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_categories]) # ######################################## # # gen_context(context,mls_sensitivity,[mcs_categories]) # ######################################## # # can_exec(domain,executable) # ######################################## # # gen_bool(name,default_value) # ######################################## # # gen_cats(N) # # declares categores c0 to c(N-1) # ######################################## # # gen_sens(N) # # declares sensitivites s0 to s(N-1) with dominance # in increasing numeric order with s0 lowest, s(N-1) highest # ######################################## # # gen_levels(N,M) # # levels from s0 to (N-1) with categories c0 to (M-1) # ######################################## # # Basic level names for system low and high # ######################################## # # Support macros for sets of object classes and permissions # # This file should only have object class and permission set macros - they # can only reference object classes and/or permissions. # # All directory and file classes # # # All non-directory file classes. # # # Non-device file classes. # # # Device file classes. # # # All socket classes. # # # Datagram socket classes. # # # Stream socket classes. # # # Unprivileged socket classes (exclude rawip, netlink, packet). # ######################################## # # Macros for sets of permissions # # # Permissions for getting file attributes. # # # Permissions for executing files. # # # Permissions for reading files and their attributes. # # # Permissions for reading and executing files. # # # Permissions for reading and appending to files. # # # Permissions for linking, unlinking and renaming files. # # # Permissions for creating lnk_files. # # # Permissions for creating and using files. # # # Permissions for reading directories and their attributes. # # # Permissions for reading and writing directories and their attributes. # # # Permissions for reading and adding names to directories. # # # Permissions for creating and using directories. # # # Permissions to mount and unmount file systems. # # # Permissions for using sockets. # # # Permissions for creating and using sockets. # # # Permissions for using stream sockets. # # # Permissions for creating and using stream sockets. # # # Permissions for creating and using sockets. # # # Permissions for creating and using sockets. # # # Permissions for creating and using netlink sockets. # # # Permissions for using netlink sockets for operations that modify state. # # # Permissions for using netlink sockets for operations that observe state. # # # Permissions for sending all signals. # # # Permissions for sending and receiving network packets. # # # Permissions for using System V IPC # ######################################## # # New permission sets # # # Directory # # # File # # # Use (read and write) terminals # # # Sockets # # googleearth executable will have: # label: system_u:object_r:googleearth_exec_t # MLS sensitivity: s0 # MCS categories: /usr/local/google-earth/googleearth -- system_u:object_r:googleearth_exec_t:s0