selinux-policy/strict/domains/program/crack.te

#DESC Crack - Password cracking application
#
# Author:  Russell Coker <russell@coker.com.au>
# X-Debian-Packages: crack
#

#################################
#
# Rules for the crack_t domain.
#
# crack_exec_t is the type of the crack executable.
#
system_domain(crack)
ifdef(`crond.te', `
system_crond_entry(crack_exec_t, crack_t)
')

# for SSP
allow crack_t urandom_device_t:chr_file read;

type crack_db_t, file_type, sysadmfile, usercanread;
allow crack_t var_t:dir search;
rw_dir_create_file(crack_t, crack_db_t)

allow crack_t device_t:dir search;
allow crack_t devtty_t:chr_file rw_file_perms;
allow crack_t self:fifo_file { read write getattr };

tmp_domain(crack)

# for dictionaries
allow crack_t usr_t:file { getattr read };

can_exec(crack_t, bin_t)
allow crack_t { bin_t sbin_t }:dir search;

allow crack_t self:process { fork signal_perms };

allow crack_t proc_t:dir { read search };
allow crack_t proc_t:file { read getattr };

# read config files
allow crack_t { etc_t etc_runtime_t }:file { getattr read };
allow crack_t etc_t:dir r_dir_perms;

allow crack_t fs_t:filesystem getattr;

dontaudit crack_t sysadm_home_dir_t:dir { getattr search };