## Policy for local logins.
########################################
##
## Execute local logins in the local login domain.
##
##
##
## The type of the process performing this action.
##
##
#
interface(`locallogin_domtrans',`
gen_require(`
type local_login_t;
')
auth_domtrans_login_program($1,local_login_t)
ifdef(`enable_mcs',`
auth_ranged_domtrans_login_program($1,local_login_t,s0 - mcs_systemhigh)
')
')
########################################
##
## Allow processes to inherit local login file descriptors.
##
##
##
## The type of the process performing this action.
##
##
#
interface(`locallogin_use_fds',`
gen_require(`
type local_login_t;
')
allow $1 local_login_t:fd use;
')
########################################
##
## Do not audit attempts to inherit local login file descriptors.
##
##
##
## Domain to not audit.
##
##
#
interface(`locallogin_dontaudit_use_fds',`
gen_require(`
type local_login_t;
')
dontaudit $1 local_login_t:fd use;
')
########################################
##
## Send a null signal to local login processes.
##
##
##
## Domain allowed access.
##
##
#
interface(`locallogin_signull',`
gen_require(`
type local_login_t;
')
allow $1 local_login_t:process signull;
')
########################################
##
## Search for key.
##
##
##
## Domain allowed access.
##
##
#
interface(`locallogin_search_keys',`
gen_require(`
type local_login_t;
')
allow $1 local_login_t:key search;
')
########################################
##
## Allow link to the local_login key ring.
##
##
##
## Domain allowed access.
##
##
#
interface(`locallogin_link_keys',`
gen_require(`
type local_login_t;
')
allow $1 local_login_t:key link;
')