add authlogin_read_pam_runtime_data and cleanup interfaces

This commit is contained in:
Chris PeBenito 2005-05-02 18:41:20 +00:00
parent 9f2f9e6dfe
commit dfaf6c2ad8

View File

@ -72,10 +72,10 @@ class unix_dgram_socket { create read getattr write setattr append bind connect
#######################################
#
# authlogin_make_login_program_entrypoint(type,[`optional'])
# authlogin_make_login_program_entrypoint(domain)
#
define(`authlogin_make_login_program_entrypoint',`
requires_block_template(authlogin_make_login_program_entrypoint_depend,$2)
requires_block_template(authlogin_make_login_program_entrypoint_depend)
domain_make_entrypoint_file($1,login_exec_t)
')
@ -86,10 +86,10 @@ domain_make_entrypoint_file_depend
#######################################
#
# authlogin_check_password_transition(type,[`optional'])
# authlogin_check_password_transition(domain)
#
define(`authlogin_check_password_transition',`
requires_block_template(authlogin_check_password_transition_depend,$2)
requires_block_template(authlogin_check_password_transition_depend)
allow $1 chkpwd_exec_t:file { getattr read execute };
allow $1 system_chkpwd_t:process transition;
dontaudit $1 shadow_t:file { getattr read };
@ -108,10 +108,10 @@ class process transition;
#######################################
#
# authlogin_modify_login_records(type,[`optional'])
# authlogin_modify_login_records(domain)
#
define(`authlogin_modify_login_records',`
requires_block_template(authlogin_modify_login_records_depend,$2)
requires_block_template(authlogin_modify_login_records_depend)
allow $1 wtmp_t:file { getattr read write setattr };
')
@ -122,10 +122,10 @@ class file { getattr read write setattr };
#######################################
#
# authlogin_read_shadow_passwords(type,[`optional'])
# authlogin_read_shadow_passwords(domain)
#
define(`authlogin_read_shadow_passwords',`
requires_block_template(authlogin_read_shadow_passwords_depend,$2)
requires_block_template(authlogin_read_shadow_passwords_depend)
allow $1 shadow_t:file { getattr read };
typeattribute $1 can_read_shadow_passwords;
')
@ -138,10 +138,10 @@ class file { getattr read };
#######################################
#
# authlogin_ignore_read_shadow_passwords(type,[`optional'])
# authlogin_ignore_read_shadow_passwords(domain)
#
define(`authlogin_ignore_read_shadow_passwords',`
requires_block_template(authlogin_ignore_read_shadow_passwords_depend,$2)
requires_block_template(authlogin_ignore_read_shadow_passwords_depend)
dontaudit $1 shadow_t:file { getattr read };
')
@ -152,10 +152,10 @@ class file { getattr read };
#######################################
#
# authlogin_modify_shadow_passwords(type,[`optional'])
# authlogin_modify_shadow_passwords(domain)
#
define(`authlogin_modify_shadow_passwords',`
requires_block_template(authlogin_modify_shadow_passwords_depend,$2)
requires_block_template(authlogin_modify_shadow_passwords_depend)
allow $1 shadow_t:file { getattr read write };
typeattribute $1 can_read_shadow_passwords;
typeattribute $1 can_write_shadow_passwords;
@ -170,10 +170,10 @@ class file { getattr read write };
#######################################
#
# authlogin_modify_last_login_log(type,[`optional'])
# authlogin_modify_last_login_log(domain)
#
define(`authlogin_modify_last_login_log',`
requires_block_template(authlogin_modify_last_login_log_depend,$2)
requires_block_template(authlogin_modify_last_login_log_depend)
allow $1 lastlog_t:file { getattr read write setattr };
')
@ -181,3 +181,19 @@ define(`authlogin_modify_last_login_log_depend',`
type lastlog_t;
class file { getattr read write setattr };
')
#######################################
#
# authlogin_read_pam_runtime_data(domain)
#
define(`authlogin_read_pam_runtime_data',`
requires_block_template(authlogin_read_pam_runtime_data_depend)
# FIXME: search var_t
# FIXME: search var_run_t
allow $1 pam_var_run_t:file { getattr read };
')
define(`authlogin_read_pam_runtime_data_depend',`
type lastlog_t;
class file { getattr read };
')