49 lines
1.1 KiB
Plaintext
49 lines
1.1 KiB
Plaintext
#DESC Crack - Password cracking application
|
|
#
|
|
# Author: Russell Coker <russell@coker.com.au>
|
|
# X-Debian-Packages: crack
|
|
#
|
|
|
|
#################################
|
|
#
|
|
# Rules for the crack_t domain.
|
|
#
|
|
# crack_exec_t is the type of the crack executable.
|
|
#
|
|
system_domain(crack)
|
|
ifdef(`crond.te', `
|
|
system_crond_entry(crack_exec_t, crack_t)
|
|
')
|
|
|
|
# for SSP
|
|
allow crack_t urandom_device_t:chr_file read;
|
|
|
|
type crack_db_t, file_type, sysadmfile, usercanread;
|
|
allow crack_t var_t:dir search;
|
|
rw_dir_create_file(crack_t, crack_db_t)
|
|
|
|
allow crack_t device_t:dir search;
|
|
allow crack_t devtty_t:chr_file rw_file_perms;
|
|
allow crack_t self:fifo_file { read write getattr };
|
|
|
|
tmp_domain(crack)
|
|
|
|
# for dictionaries
|
|
allow crack_t usr_t:file { getattr read };
|
|
|
|
can_exec(crack_t, bin_t)
|
|
allow crack_t { bin_t sbin_t }:dir search;
|
|
|
|
allow crack_t self:process { fork signal_perms };
|
|
|
|
allow crack_t proc_t:dir { read search };
|
|
allow crack_t proc_t:file { read getattr };
|
|
|
|
# read config files
|
|
allow crack_t { etc_t etc_runtime_t }:file { getattr read };
|
|
allow crack_t etc_t:dir r_dir_perms;
|
|
|
|
allow crack_t fs_t:filesystem getattr;
|
|
|
|
dontaudit crack_t sysadm_home_dir_t:dir { getattr search };
|