[PATCH] SELinux: regenerate SELinux module headers

This patch regenerates the SELinux module headers to use a new format and updates their use by the AVC. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] SELinux: regenerate SELinux module headers
This patch regenerates the SELinux module headers to use a new format and updates their use by the AVC. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
260cac59 · Stephen D. Smalley · Linus Torvalds · 0d583489 · 260cac59 · 260cac59
Commit 260cac59 authored Jan 04, 2005 by Stephen D. Smalley Committed by Linus Torvalds Jan 04, 2005
7 changed files
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -31,13 +31,44 @@
 #include <net/ipv6.h>
 #include "avc.h"
 #include "avc_ss.h"
+static const struct av_perm_to_string
+{
+  u16 tclass;
+  u32 value;
+  const char *name;
+} av_perm_to_string[] = {
+#define S_(c, v, s) { c, v, s },
+#include "av_perm_to_string.h"
+#undef S_
+};
 #ifdef CONFIG_AUDIT
+static const char *class_to_string[] = {
+#define S_(s) s,
 #include "class_to_string.h"
+#undef S_
+};
 #endif
+#define TB_(s) static const char * s [] = {
+#define TE_(s) };
+#define S_(s) s,
 #include "common_perm_to_string.h"
+#undef TB_
+#undef TE_
+#undef S_
+static const struct av_inherit
+{
+    u16 tclass;
+    const char **common_pts;
+    u32 common_base;
+} av_inherit[] = {
+#define S_(c, i, b) { c, common_##i##_perm_to_string, b },
 #include "av_inherit.h"
-#include "av_perm_to_string.h"
+#undef S_
-#include "objsec.h"
+};
 #define AVC_CACHE_SLOTS			512
 #define AVC_DEF_CACHE_THRESHOLD		512
@@ -110,7 +141,7 @@ static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass)
 */
 void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
 {
-	char **common_pts = NULL;
+	const char **common_pts = NULL;
 	u32 common_base = 0;
 	int i, i2, perm;

--- a/security/selinux/include/av_inherit.h
+++ b/security/selinux/include/av_inherit.h
 /* This file is automatically generated.  Do not edit. */
-/* FLASK */
+   S_(SECCLASS_DIR, file, 0x00020000UL)
+   S_(SECCLASS_FILE, file, 0x00020000UL)
-struct av_inherit
+   S_(SECCLASS_LNK_FILE, file, 0x00020000UL)
-{
+   S_(SECCLASS_CHR_FILE, file, 0x00020000UL)
-    u16 tclass;
+   S_(SECCLASS_BLK_FILE, file, 0x00020000UL)
-    char **common_pts;
+   S_(SECCLASS_SOCK_FILE, file, 0x00020000UL)
-    u32 common_base;
+   S_(SECCLASS_FIFO_FILE, file, 0x00020000UL)
-};
+   S_(SECCLASS_SOCKET, socket, 0x00400000UL)
+   S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL)
-static struct av_inherit av_inherit[] = {
+   S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_DIR, common_file_perm_to_string, 0x00020000UL },
+   S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_FILE, common_file_perm_to_string, 0x00020000UL },
+   S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_LNK_FILE, common_file_perm_to_string, 0x00020000UL },
+   S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_CHR_FILE, common_file_perm_to_string, 0x00020000UL },
+   S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_BLK_FILE, common_file_perm_to_string, 0x00020000UL },
+   S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_SOCK_FILE, common_file_perm_to_string, 0x00020000UL },
+   S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_FIFO_FILE, common_file_perm_to_string, 0x00020000UL },
+   S_(SECCLASS_IPC, ipc, 0x00000200UL)
-   { SECCLASS_SOCKET, common_socket_perm_to_string, 0x00400000UL },
+   S_(SECCLASS_SEM, ipc, 0x00000200UL)
-   { SECCLASS_TCP_SOCKET, common_socket_perm_to_string, 0x00400000UL },
+   S_(SECCLASS_MSGQ, ipc, 0x00000200UL)
-   { SECCLASS_UDP_SOCKET, common_socket_perm_to_string, 0x00400000UL },
+   S_(SECCLASS_SHM, ipc, 0x00000200UL)
-   { SECCLASS_RAWIP_SOCKET, common_socket_perm_to_string, 0x00400000UL },
+   S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_NETLINK_SOCKET, common_socket_perm_to_string, 0x00400000UL },
+   S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_PACKET_SOCKET, common_socket_perm_to_string, 0x00400000UL },
+   S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_KEY_SOCKET, common_socket_perm_to_string, 0x00400000UL },
+   S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_UNIX_STREAM_SOCKET, common_socket_perm_to_string, 0x00400000UL },
+   S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_UNIX_DGRAM_SOCKET, common_socket_perm_to_string, 0x00400000UL },
+   S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_IPC, common_ipc_perm_to_string, 0x00000200UL },
+   S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_SEM, common_ipc_perm_to_string, 0x00000200UL },
+   S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_MSGQ, common_ipc_perm_to_string, 0x00000200UL },
+   S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL)
-   { SECCLASS_SHM, common_ipc_perm_to_string, 0x00000200UL },
-   { SECCLASS_NETLINK_ROUTE_SOCKET, common_socket_perm_to_string, 0x00400000UL },
-   { SECCLASS_NETLINK_FIREWALL_SOCKET, common_socket_perm_to_string, 0x00400000UL },
-   { SECCLASS_NETLINK_TCPDIAG_SOCKET, common_socket_perm_to_string, 0x00400000UL },
-   { SECCLASS_NETLINK_NFLOG_SOCKET, common_socket_perm_to_string, 0x00400000UL },
-   { SECCLASS_NETLINK_XFRM_SOCKET, common_socket_perm_to_string, 0x00400000UL },
-   { SECCLASS_NETLINK_SELINUX_SOCKET, common_socket_perm_to_string, 0x00400000UL },
-   { SECCLASS_NETLINK_AUDIT_SOCKET, common_socket_perm_to_string, 0x00400000UL },
-   { SECCLASS_NETLINK_IP6FW_SOCKET, common_socket_perm_to_string, 0x00400000UL },
-   { SECCLASS_NETLINK_DNRT_SOCKET, common_socket_perm_to_string, 0x00400000UL },
-};
-/* FLASK */
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
 /* This file is automatically generated.  Do not edit. */
-/* FLASK */
+   S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount")
+   S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount")
-struct av_perm_to_string
+   S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount")
-{
+   S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr")
-    u16 tclass;
+   S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom")
-    u32 value;
+   S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto")
-    char *name;
+   S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition")
-};
+   S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate")
+   S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod")
-static struct av_perm_to_string av_perm_to_string[] = {
+   S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget")
-   { SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount" },
+   S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name")
-   { SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount" },
+   S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name")
-   { SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount" },
+   S_(SECCLASS_DIR, DIR__REPARENT, "reparent")
-   { SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr" },
+   S_(SECCLASS_DIR, DIR__SEARCH, "search")
-   { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom" },
+   S_(SECCLASS_DIR, DIR__RMDIR, "rmdir")
-   { SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto" },
+   S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans")
-   { SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition" },
+   S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint")
-   { SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate" },
+   S_(SECCLASS_FD, FD__USE, "use")
-   { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod" },
+   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
-   { SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget" },
+   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn")
-   { SECCLASS_DIR, DIR__ADD_NAME, "add_name" },
+   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom")
-   { SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name" },
+   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind")
-   { SECCLASS_DIR, DIR__REPARENT, "reparent" },
+   S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind")
-   { SECCLASS_DIR, DIR__SEARCH, "search" },
+   S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind")
-   { SECCLASS_DIR, DIR__RMDIR, "rmdir" },
+   S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv")
-   { SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans" },
+   S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send")
-   { SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint" },
+   S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv")
-   { SECCLASS_FD, FD__USE, "use" },
+   S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send")
-   { SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto" },
+   S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv")
-   { SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn" },
+   S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send")
-   { SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom" },
+   S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest")
-   { SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind" },
+   S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv")
-   { SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind" },
+   S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send")
-   { SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind" },
+   S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv")
-   { SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv" },
+   S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send")
-   { SECCLASS_NODE, NODE__TCP_SEND, "tcp_send" },
+   S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv")
-   { SECCLASS_NODE, NODE__UDP_RECV, "udp_recv" },
+   S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send")
-   { SECCLASS_NODE, NODE__UDP_SEND, "udp_send" },
+   S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto")
-   { SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv" },
+   S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn")
-   { SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send" },
+   S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom")
-   { SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest" },
+   S_(SECCLASS_PROCESS, PROCESS__FORK, "fork")
-   { SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv" },
+   S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition")
-   { SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send" },
+   S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld")
-   { SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv" },
+   S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill")
-   { SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send" },
+   S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop")
-   { SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv" },
+   S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull")
-   { SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send" },
+   S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal")
-   { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto" },
+   S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace")
-   { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn" },
+   S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched")
-   { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom" },
+   S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched")
-   { SECCLASS_PROCESS, PROCESS__FORK, "fork" },
+   S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession")
-   { SECCLASS_PROCESS, PROCESS__TRANSITION, "transition" },
+   S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid")
-   { SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld" },
+   S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid")
-   { SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill" },
+   S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap")
-   { SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop" },
+   S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap")
-   { SECCLASS_PROCESS, PROCESS__SIGNULL, "signull" },
+   S_(SECCLASS_PROCESS, PROCESS__SHARE, "share")
-   { SECCLASS_PROCESS, PROCESS__SIGNAL, "signal" },
+   S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr")
-   { SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace" },
+   S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec")
-   { SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched" },
+   S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate")
-   { SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched" },
+   S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure")
-   { SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession" },
+   S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh")
-   { SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid" },
+   S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit")
-   { SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid" },
+   S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh")
-   { SECCLASS_PROCESS, PROCESS__GETCAP, "getcap" },
+   S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
-   { SECCLASS_PROCESS, PROCESS__SETCAP, "setcap" },
+   S_(SECCLASS_MSG, MSG__SEND, "send")
-   { SECCLASS_PROCESS, PROCESS__SHARE, "share" },
+   S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
-   { SECCLASS_PROCESS, PROCESS__GETATTR, "getattr" },
+   S_(SECCLASS_SHM, SHM__LOCK, "lock")
-   { SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec" },
+   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
-   { SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate" },
+   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
-   { SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure" },
+   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
-   { SECCLASS_PROCESS, PROCESS__SIGINH, "siginh" },
+   S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context")
-   { SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit" },
+   S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy")
-   { SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh" },
+   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel")
-   { SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue" },
+   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user")
-   { SECCLASS_MSG, MSG__SEND, "send" },
+   S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce")
-   { SECCLASS_MSG, MSG__RECEIVE, "receive" },
+   S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool")
-   { SECCLASS_SHM, SHM__LOCK, "lock" },
+   S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam")
-   { SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av" },
+   S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info")
-   { SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create" },
+   S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read")
-   { SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member" },
+   S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod")
-   { SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context" },
+   S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console")
-   { SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown")
-   { SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override")
-   { SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search")
-   { SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner")
-   { SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid")
-   { SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill")
-   { SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid")
-   { SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid")
-   { SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap")
-   { SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable")
-   { SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service")
-   { SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast")
-   { SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin")
-   { SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw")
-   { SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock")
-   { SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner")
-   { SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module")
-   { SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio")
-   { SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot")
-   { SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace")
-   { SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct")
-   { SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin")
-   { SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot")
-   { SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice")
-   { SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource")
-   { SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time")
-   { SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config")
-   { SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod")
-   { SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot" },
+   S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
-   { SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace" },
+   S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
-   { SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct" },
+   S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
-   { SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin" },
+   S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
-   { SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot" },
+   S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok")
-   { SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice" },
+   S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab")
-   { SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource" },
+   S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create")
-   { SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time" },
+   S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy")
-   { SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config" },
+   S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw")
-   { SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod" },
+   S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy")
-   { SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease" },
+   S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr")
-   { SECCLASS_PASSWD, PASSWD__PASSWD, "passwd" },
+   S_(SECCLASS_GC, GC__CREATE, "create")
-   { SECCLASS_PASSWD, PASSWD__CHFN, "chfn" },
+   S_(SECCLASS_GC, GC__FREE, "free")
-   { SECCLASS_PASSWD, PASSWD__CHSH, "chsh" },
+   S_(SECCLASS_GC, GC__GETATTR, "getattr")
-   { SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok" },
+   S_(SECCLASS_GC, GC__SETATTR, "setattr")
-   { SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create" },
+   S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild")
-   { SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy" },
+   S_(SECCLASS_WINDOW, WINDOW__CREATE, "create")
-   { SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw" },
+   S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy")
-   { SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy" },
+   S_(SECCLASS_WINDOW, WINDOW__MAP, "map")
-   { SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr" },
+   S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap")
-   { SECCLASS_GC, GC__CREATE, "create" },
+   S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack")
-   { SECCLASS_GC, GC__FREE, "free" },
+   S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist")
-   { SECCLASS_GC, GC__GETATTR, "getattr" },
+   S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop")
-   { SECCLASS_GC, GC__SETATTR, "setattr" },
+   S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop")
-   { SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild" },
+   S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr")
-   { SECCLASS_WINDOW, WINDOW__CREATE, "create" },
+   S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr")
-   { SECCLASS_WINDOW, WINDOW__DESTROY, "destroy" },
+   S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus")
-   { SECCLASS_WINDOW, WINDOW__MAP, "map" },
+   S_(SECCLASS_WINDOW, WINDOW__MOVE, "move")
-   { SECCLASS_WINDOW, WINDOW__UNMAP, "unmap" },
+   S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection")
-   { SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack" },
+   S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent")
-   { SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist" },
+   S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife")
-   { SECCLASS_WINDOW, WINDOW__CHPROP, "chprop" },
+   S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate")
-   { SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop" },
+   S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent")
-   { SECCLASS_WINDOW, WINDOW__GETATTR, "getattr" },
+   S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion")
-   { SECCLASS_WINDOW, WINDOW__SETATTR, "setattr" },
+   S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent")
-   { SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus" },
+   S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent")
-   { SECCLASS_WINDOW, WINDOW__MOVE, "move" },
+   S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent")
-   { SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection" },
+   S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent")
-   { SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent" },
+   S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest")
-   { SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife" },
+   S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent")
-   { SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate" },
+   S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent")
-   { SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent" },
+   S_(SECCLASS_FONT, FONT__LOAD, "load")
-   { SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion" },
+   S_(SECCLASS_FONT, FONT__FREE, "free")
-   { SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent" },
+   S_(SECCLASS_FONT, FONT__GETATTR, "getattr")
-   { SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent" },
+   S_(SECCLASS_FONT, FONT__USE, "use")
-   { SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent" },
+   S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create")
-   { SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent" },
+   S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free")
-   { SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest" },
+   S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install")
-   { SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent" },
+   S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall")
-   { SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent" },
+   S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list")
-   { SECCLASS_FONT, FONT__LOAD, "load" },
+   S_(SECCLASS_COLORMAP, COLORMAP__READ, "read")
-   { SECCLASS_FONT, FONT__FREE, "free" },
+   S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store")
-   { SECCLASS_FONT, FONT__GETATTR, "getattr" },
+   S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr")
-   { SECCLASS_FONT, FONT__USE, "use" },
+   S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr")
-   { SECCLASS_COLORMAP, COLORMAP__CREATE, "create" },
+   S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create")
-   { SECCLASS_COLORMAP, COLORMAP__FREE, "free" },
+   S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free")
-   { SECCLASS_COLORMAP, COLORMAP__INSTALL, "install" },
+   S_(SECCLASS_PROPERTY, PROPERTY__READ, "read")
-   { SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall" },
+   S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write")
-   { SECCLASS_COLORMAP, COLORMAP__LIST, "list" },
+   S_(SECCLASS_CURSOR, CURSOR__CREATE, "create")
-   { SECCLASS_COLORMAP, COLORMAP__READ, "read" },
+   S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph")
-   { SECCLASS_COLORMAP, COLORMAP__STORE, "store" },
+   S_(SECCLASS_CURSOR, CURSOR__FREE, "free")
-   { SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr" },
+   S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign")
-   { SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr" },
+   S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr")
-   { SECCLASS_PROPERTY, PROPERTY__CREATE, "create" },
+   S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill")
-   { SECCLASS_PROPERTY, PROPERTY__FREE, "free" },
+   S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup")
-   { SECCLASS_PROPERTY, PROPERTY__READ, "read" },
+   S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr")
-   { SECCLASS_PROPERTY, PROPERTY__WRITE, "write" },
+   S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr")
-   { SECCLASS_CURSOR, CURSOR__CREATE, "create" },
+   S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus")
-   { SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph" },
+   S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer")
-   { SECCLASS_CURSOR, CURSOR__FREE, "free" },
+   S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab")
-   { SECCLASS_CURSOR, CURSOR__ASSIGN, "assign" },
+   S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab")
-   { SECCLASS_CURSOR, CURSOR__SETATTR, "setattr" },
+   S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab")
-   { SECCLASS_XCLIENT, XCLIENT__KILL, "kill" },
+   S_(SECCLASS_XINPUT, XINPUT__BELL, "bell")
-   { SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup" },
+   S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion")
-   { SECCLASS_XINPUT, XINPUT__GETATTR, "getattr" },
+   S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput")
-   { SECCLASS_XINPUT, XINPUT__SETATTR, "setattr" },
+   S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver")
-   { SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus" },
+   S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist")
-   { SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer" },
+   S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist")
-   { SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab" },
+   S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath")
-   { SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab" },
+   S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath")
-   { SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab" },
+   S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr")
-   { SECCLASS_XINPUT, XINPUT__BELL, "bell" },
+   S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab")
-   { SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion" },
+   S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab")
-   { SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput" },
+   S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query")
-   { SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver" },
+   S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use")
-   { SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist" },
+   S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec")
-   { SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist" },
+   S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp")
-   { SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath" },
+   S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect")
-   { SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath" },
+   S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap")
-   { SECCLASS_XSERVER, XSERVER__GETATTR, "getattr" },
+   S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec")
-   { SECCLASS_XSERVER, XSERVER__GRAB, "grab" },
+   S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec")
-   { SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab" },
+   S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
-   { SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query" },
+   S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
-   { SECCLASS_XEXTENSION, XEXTENSION__USE, "use" },
+   S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
-   { SECCLASS_PAX, PAX__PAGEEXEC, "pageexec" },
+   S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write")
-   { SECCLASS_PAX, PAX__EMUTRAMP, "emutramp" },
+   S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read")
-   { SECCLASS_PAX, PAX__MPROTECT, "mprotect" },
+   S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write")
-   { SECCLASS_PAX, PAX__RANDMMAP, "randmmap" },
+   S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read")
-   { SECCLASS_PAX, PAX__RANDEXEC, "randexec" },
+   S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write")
-   { SECCLASS_PAX, PAX__SEGMEXEC, "segmexec" },
+   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read")
-   { SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read" },
+   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write")
-   { SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write" },
+   S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
-   { SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read" },
+   S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
-   { SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write" },
+   S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")
-   { SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read" },
+   S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg")
-   { SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write" },
+   S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd")
-   { SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read" },
+   S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp")
-   { SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write" },
+   S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost")
-   { SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read" },
+   S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat")
-   { SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write" },
+   S_(SECCLASS_NSCD, NSCD__ADMIN, "admin")
-   { SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read" },
+   S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")
-   { SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write" },
+   S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")
-};
+   S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
-/* FLASK */
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
 /* This file is automatically generated.  Do not edit. */
-/* FLASK */
 #define COMMON_FILE__IOCTL                               0x00000001UL
 #define COMMON_FILE__READ                                0x00000002UL
 #define COMMON_FILE__WRITE                               0x00000004UL
@@ -556,6 +554,7 @@
 #define PASSWD__CHFN                              0x00000002UL
 #define PASSWD__CHSH                              0x00000004UL
 #define PASSWD__ROOTOK                            0x00000008UL
+#define PASSWD__CRONTAB                           0x00000010UL
 #define DRAWABLE__CREATE                          0x00000001UL
 #define DRAWABLE__DESTROY                         0x00000002UL
@@ -877,5 +876,17 @@
 #define NETLINK_DNRT_SOCKET__SENDTO               0x00040000UL
 #define NETLINK_DNRT_SOCKET__RECV_MSG             0x00080000UL
 #define NETLINK_DNRT_SOCKET__SEND_MSG             0x00100000UL
+#define NETLINK_DNRT_SOCKET__NAME_BIND            0x00200000UL
+#define DBUS__ACQUIRE_SVC                         0x00000001UL
+#define DBUS__SEND_MSG                            0x00000002UL
+#define NSCD__GETPWD                              0x00000001UL
+#define NSCD__GETGRP                              0x00000002UL
+#define NSCD__GETHOST                             0x00000004UL
+#define NSCD__GETSTAT                             0x00000008UL
+#define NSCD__ADMIN                               0x00000010UL
+#define NSCD__SHMEMPWD                            0x00000020UL
+#define NSCD__SHMEMGRP                            0x00000040UL
+#define NSCD__SHMEMHOST                           0x00000080UL
-/* FLASK */
--- a/security/selinux/include/class_to_string.h
+++ b/security/selinux/include/class_to_string.h
@@ -2,59 +2,57 @@
 /*
 * Security object class definitions
 */
-static char *class_to_string[] =
+    S_("null")
-{
+    S_("security")
-    "null",
+    S_("process")
-    "security",
+    S_("system")
-    "process",
+    S_("capability")
-    "system",
+    S_("filesystem")
-    "capability",
+    S_("file")
-    "filesystem",
+    S_("dir")
-    "file",
+    S_("fd")
-    "dir",
+    S_("lnk_file")
-    "fd",
+    S_("chr_file")
-    "lnk_file",
+    S_("blk_file")
-    "chr_file",
+    S_("sock_file")
-    "blk_file",
+    S_("fifo_file")
-    "sock_file",
+    S_("socket")
-    "fifo_file",
+    S_("tcp_socket")
-    "socket",
+    S_("udp_socket")
-    "tcp_socket",
+    S_("rawip_socket")
-    "udp_socket",
+    S_("node")
-    "rawip_socket",
+    S_("netif")
-    "node",
+    S_("netlink_socket")
-    "netif",
+    S_("packet_socket")
-    "netlink_socket",
+    S_("key_socket")
-    "packet_socket",
+    S_("unix_stream_socket")
-    "key_socket",
+    S_("unix_dgram_socket")
-    "unix_stream_socket",
+    S_("sem")
-    "unix_dgram_socket",
+    S_("msg")
-    "sem",
+    S_("msgq")
-    "msg",
+    S_("shm")
-    "msgq",
+    S_("ipc")
-    "shm",
+    S_("passwd")
-    "ipc",
+    S_("drawable")
-    "passwd",
+    S_("window")
-    "drawable",
+    S_("gc")
-    "window",
+    S_("font")
-    "gc",
+    S_("colormap")
-    "font",
+    S_("property")
-    "colormap",
+    S_("cursor")
-    "property",
+    S_("xclient")
-    "cursor",
+    S_("xinput")
-    "xclient",
+    S_("xserver")
-    "xinput",
+    S_("xextension")
-    "xserver",
+    S_("pax")
-    "xextension",
+    S_("netlink_route_socket")
-    "pax",
+    S_("netlink_firewall_socket")
-    "netlink_route_socket",
+    S_("netlink_tcpdiag_socket")
-    "netlink_firewall_socket",
+    S_("netlink_nflog_socket")
-    "netlink_tcpdiag_socket",
+    S_("netlink_xfrm_socket")
-    "netlink_nflog_socket",
+    S_("netlink_selinux_socket")
-    "netlink_xfrm_socket",
+    S_("netlink_audit_socket")
-    "netlink_selinux_socket",
+    S_("netlink_ip6fw_socket")
-    "netlink_audit_socket",
+    S_("netlink_dnrt_socket")
-    "netlink_ip6fw_socket",
+    S_("dbus")
-    "netlink_dnrt_socket",
+    S_("nscd")
-};
--- a/security/selinux/include/common_perm_to_string.h
+++ b/security/selinux/include/common_perm_to_string.h
 /* This file is automatically generated.  Do not edit. */
-/* FLASK */
+TB_(common_file_perm_to_string)
+    S_("ioctl")
+    S_("read")
+    S_("write")
+    S_("create")
+    S_("getattr")
+    S_("setattr")
+    S_("lock")
+    S_("relabelfrom")
+    S_("relabelto")
+    S_("append")
+    S_("unlink")
+    S_("link")
+    S_("rename")
+    S_("execute")
+    S_("swapon")
+    S_("quotaon")
+    S_("mounton")
+TE_(common_file_perm_to_string)
-static char *common_file_perm_to_string[] =
+TB_(common_socket_perm_to_string)
-{
+    S_("ioctl")
-    "ioctl",
+    S_("read")
-    "read",
+    S_("write")
-    "write",
+    S_("create")
-    "create",
+    S_("getattr")
-    "getattr",
+    S_("setattr")
-    "setattr",
+    S_("lock")
-    "lock",
+    S_("relabelfrom")
-    "relabelfrom",
+    S_("relabelto")
-    "relabelto",
+    S_("append")
-    "append",
+    S_("bind")
-    "unlink",
+    S_("connect")
-    "link",
+    S_("listen")
-    "rename",
+    S_("accept")
-    "execute",
+    S_("getopt")
-    "swapon",
+    S_("setopt")
-    "quotaon",
+    S_("shutdown")
-    "mounton",
+    S_("recvfrom")
-};
+    S_("sendto")
+    S_("recv_msg")
+    S_("send_msg")
+    S_("name_bind")
+TE_(common_socket_perm_to_string)
-static char *common_socket_perm_to_string[] =
+TB_(common_ipc_perm_to_string)
-{
+    S_("create")
-    "ioctl",
+    S_("destroy")
-    "read",
+    S_("getattr")
-    "write",
+    S_("setattr")
-    "create",
+    S_("read")
-    "getattr",
+    S_("write")
-    "setattr",
+    S_("associate")
-    "lock",
+    S_("unix_read")
-    "relabelfrom",
+    S_("unix_write")
-    "relabelto",
+TE_(common_ipc_perm_to_string)
-    "append",
-    "bind",
-    "connect",
-    "listen",
-    "accept",
-    "getopt",
-    "setopt",
-    "shutdown",
-    "recvfrom",
-    "sendto",
-    "recv_msg",
-    "send_msg",
-    "name_bind",
-};
-static char *common_ipc_perm_to_string[] =
-{
-    "create",
-    "destroy",
-    "getattr",
-    "setattr",
-    "read",
-    "write",
-    "associate",
-    "unix_read",
-    "unix_write",
-};
-/* FLASK */
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -56,6 +56,8 @@
 #define SECCLASS_NETLINK_AUDIT_SOCKET                    49
 #define SECCLASS_NETLINK_IP6FW_SOCKET                    50
 #define SECCLASS_NETLINK_DNRT_SOCKET                     51
+#define SECCLASS_DBUS                                    52
+#define SECCLASS_NSCD                                    53
 /*
 * Security identifier indices for initial entities