[selinux-policy: 85/3172] add authlogin_read_pam_runtime_data and cleanup interfaces

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 19:12:30 UTC 2010 

commit dfaf6c2ad87872d08f7a8d1ec9ef0ef0fbf6bf99
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon May 2 18:41:20 2005 +0000

    add authlogin_read_pam_runtime_data and cleanup interfaces

 refpolicy/policy/modules/system/authlogin.if |   44 +++++++++++++++++--------
 1 files changed, 30 insertions(+), 14 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index d9657ab..24613b8 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -72,10 +72,10 @@ class unix_dgram_socket { create read getattr write setattr append bind connect
 
 #######################################
 #
-# authlogin_make_login_program_entrypoint(type,[`optional'])
+# authlogin_make_login_program_entrypoint(domain)
 #
 define(`authlogin_make_login_program_entrypoint',`
-requires_block_template(authlogin_make_login_program_entrypoint_depend,$2)
+requires_block_template(authlogin_make_login_program_entrypoint_depend)
 domain_make_entrypoint_file($1,login_exec_t)
 ')
 
@@ -86,10 +86,10 @@ domain_make_entrypoint_file_depend
 
 #######################################
 #
-# authlogin_check_password_transition(type,[`optional'])
+# authlogin_check_password_transition(domain)
 #
 define(`authlogin_check_password_transition',`
-requires_block_template(authlogin_check_password_transition_depend,$2)
+requires_block_template(authlogin_check_password_transition_depend)
 allow $1 chkpwd_exec_t:file { getattr read execute };
 allow $1 system_chkpwd_t:process transition;
 dontaudit $1 shadow_t:file { getattr read };
@@ -108,10 +108,10 @@ class process transition;
 
 #######################################
 #
-# authlogin_modify_login_records(type,[`optional'])
+# authlogin_modify_login_records(domain)
 #
 define(`authlogin_modify_login_records',`
-requires_block_template(authlogin_modify_login_records_depend,$2)
+requires_block_template(authlogin_modify_login_records_depend)
 allow $1 wtmp_t:file { getattr read write setattr };
 ')
 
@@ -122,10 +122,10 @@ class file { getattr read write setattr };
 
 #######################################
 #
-# authlogin_read_shadow_passwords(type,[`optional'])
+# authlogin_read_shadow_passwords(domain)
 #
 define(`authlogin_read_shadow_passwords',`
-requires_block_template(authlogin_read_shadow_passwords_depend,$2)
+requires_block_template(authlogin_read_shadow_passwords_depend)
 allow $1 shadow_t:file { getattr read };
 typeattribute $1 can_read_shadow_passwords;
 ')
@@ -138,10 +138,10 @@ class file { getattr read };
 
 #######################################
 #
-# authlogin_ignore_read_shadow_passwords(type,[`optional'])
+# authlogin_ignore_read_shadow_passwords(domain)
 #
 define(`authlogin_ignore_read_shadow_passwords',`
-requires_block_template(authlogin_ignore_read_shadow_passwords_depend,$2)
+requires_block_template(authlogin_ignore_read_shadow_passwords_depend)
 dontaudit $1 shadow_t:file { getattr read };
 ')
 
@@ -152,10 +152,10 @@ class file { getattr read };
 
 #######################################
 #
-# authlogin_modify_shadow_passwords(type,[`optional'])
+# authlogin_modify_shadow_passwords(domain)
 #
 define(`authlogin_modify_shadow_passwords',`
-requires_block_template(authlogin_modify_shadow_passwords_depend,$2)
+requires_block_template(authlogin_modify_shadow_passwords_depend)
 allow $1 shadow_t:file { getattr read write };
 typeattribute $1 can_read_shadow_passwords;
 typeattribute $1 can_write_shadow_passwords;
@@ -170,10 +170,10 @@ class file { getattr read write };
 
 #######################################
 #
-# authlogin_modify_last_login_log(type,[`optional'])
+# authlogin_modify_last_login_log(domain)
 #
 define(`authlogin_modify_last_login_log',`
-requires_block_template(authlogin_modify_last_login_log_depend,$2)
+requires_block_template(authlogin_modify_last_login_log_depend)
 allow $1 lastlog_t:file { getattr read write setattr };
 ')
 
@@ -181,3 +181,19 @@ define(`authlogin_modify_last_login_log_depend',`
 type lastlog_t;
 class file { getattr read write setattr };
 ')
+
+#######################################
+#
+# authlogin_read_pam_runtime_data(domain)
+#
+define(`authlogin_read_pam_runtime_data',`
+requires_block_template(authlogin_read_pam_runtime_data_depend)
+# FIXME: search var_t
+# FIXME: search var_run_t
+allow $1 pam_var_run_t:file { getattr read };
+')
+
+define(`authlogin_read_pam_runtime_data_depend',`
+type lastlog_t;
+class file { getattr read };
+')

More information about the scm-commits mailing list