From 57440fb0762396189643339277aa9f16ca231e42 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mon, 23 May 2005 17:56:26 +0000
Subject: [PATCH] add dontaudit shadow_t getattr

---
 refpolicy/policy/modules/system/authlogin.if | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 01cfa5e8..1e4154b8 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -134,6 +134,20 @@ class process transition;
 class udp_socket { create ioctl read getattr write setattr append bind getopt setopt shutdown connect };
 ')
 
+#######################################
+#
+# authlogin_ignore_get_shadow_passwords_attributes(domain)
+#
+define(`authlogin_ignore_get_shadow_passwords_attributes',`
+requires_block_template(`$0'_depend)
+dontaudit $1 shadow_t:file getattr;
+')
+
+define(`authlogin_ignore_get_shadow_passwords_attributes_depend',`
+type shadow_t;
+class file getattr;
+')
+
 #######################################
 #
 # authlogin_read_shadow_passwords(domain)