File system security

For overriding file system restrictions on user and group IDs, access permissions, labeling, ownership, and file privilege sets 

file_dac_chown - lets a process change the owner user ID of a file.

System V Interprocess Communication (IPC) security

For overriding restrictions on message queues, semaphore sets, or shared memory regions  

ipc_dac_read - lets a process read a System V IPC message queue, semaphore set, or shared memory region whose permission bits or ACL do not allow process read permission

Network security

For overriding restrictions on reserved port binding or binding to a multilevel port, sending broadcast messages, or specifying security attributes (such as labels, privileges on a message, or network endpoint defaults)  

net_broadcast - lets a process send a broadcast packet on a specified network

Process security

For overriding restrictions on auditing, labeling, covert channel delays, ownership, clearance, user IDs, or group IDs 

proc_mac_read - lets a process read another process where the reading process label is dominated by the other process label

System security

For overriding restrictions on auditing, workstation booting, workstation configuration management, console output redirection, device management, file systems, creating hard links to directories, increasing message queue size, increasing the number of processes, workstation network configuration, third-party loadable modules, or label translation  

sys_boot - lets a process halt or reboot a Trusted Solaris workstation

Window security

For overriding restrictions on colormaps, reading to and writing from windows, input devices, labeling, font paths, moving data between windows, X server resource management, or direct graphics access (DGA) X protocol extensions 

win_selection - allows a process to request inter-window data moves without the intervention of selection arbitrator