1 ## <summary>Policy for managing user accounts.</summary>
3 ########################################
5 ## Execute chfn in the chfn domain.
7 ## <param name="domain">
9 ## The type of the process performing this action.
13 interface(`usermanage_domtrans_chfn',`
15 type chfn_t, chfn_exec_t;
19 corecmd_search_bin($1)
20 domtrans_pattern($1,chfn_exec_t,chfn_t)
23 ########################################
25 ## Execute chfn in the chfn domain, and
26 ## allow the specified role the chfn domain.
28 ## <param name="domain">
30 ## The type of the process performing this action.
33 ## <param name="role">
35 ## The role to be allowed the chfn domain.
38 ## <param name="terminal">
40 ## The type of the terminal allow the chfn domain to use.
44 interface(`usermanage_run_chfn',`
49 usermanage_domtrans_chfn($1)
51 allow chfn_t $3:chr_file rw_term_perms;
54 ########################################
56 ## Execute groupadd in the groupadd domain.
58 ## <param name="domain">
60 ## The type of the process performing this action.
64 interface(`usermanage_domtrans_groupadd',`
66 type groupadd_t, groupadd_exec_t;
70 corecmd_search_bin($1)
71 domtrans_pattern($1,groupadd_exec_t,groupadd_t)
74 ########################################
76 ## Execute groupadd in the groupadd domain, and
77 ## allow the specified role the groupadd domain.
79 ## <param name="domain">
81 ## The type of the process performing this action.
84 ## <param name="role">
86 ## The role to be allowed the groupadd domain.
89 ## <param name="terminal">
91 ## The type of the terminal allow the groupadd domain to use.
96 interface(`usermanage_run_groupadd',`
101 usermanage_domtrans_groupadd($1)
102 role $2 types groupadd_t;
103 allow groupadd_t $3:chr_file rw_term_perms;
104 nscd_run(groupadd_t, $2, $3)
107 ########################################
109 ## Execute passwd in the passwd domain.
111 ## <param name="domain">
113 ## The type of the process performing this action.
117 interface(`usermanage_domtrans_passwd',`
119 type passwd_t, passwd_exec_t;
123 corecmd_search_bin($1)
124 domtrans_pattern($1,passwd_exec_t,passwd_t)
127 ########################################
129 ## Execute passwd in the passwd domain, and
130 ## allow the specified role the passwd domain.
132 ## <param name="domain">
134 ## The type of the process performing this action.
137 ## <param name="role">
139 ## The role to be allowed the passwd domain.
142 ## <param name="terminal">
144 ## The type of the terminal allow the passwd domain to use.
148 interface(`usermanage_run_passwd',`
153 usermanage_domtrans_passwd($1)
154 role $2 types passwd_t;
155 allow passwd_t $3:chr_file rw_term_perms;
158 ########################################
160 ## Execute password admin functions in
161 ## the admin passwd domain.
163 ## <param name="domain">
165 ## Domain allowed access.
169 interface(`usermanage_domtrans_admin_passwd',`
171 type sysadm_passwd_t, admin_passwd_exec_t;
175 corecmd_search_bin($1)
176 domtrans_pattern($1,admin_passwd_exec_t,sysadm_passwd_t)
179 ########################################
181 ## Execute passwd admin functions in the admin
182 ## passwd domain, and allow the specified role
183 ## the admin passwd domain.
185 ## <param name="domain">
187 ## The type of the process performing this action.
190 ## <param name="role">
192 ## The role to be allowed the admin passwd domain.
195 ## <param name="terminal">
197 ## The type of the terminal allow the admin passwd domain to use.
202 interface(`usermanage_run_admin_passwd',`
204 type sysadm_passwd_t;
207 usermanage_domtrans_admin_passwd($1)
208 role $2 types sysadm_passwd_t;
209 allow sysadm_passwd_t $3:chr_file rw_term_perms;
210 nscd_run(sysadm_passwd_t, $2, $3)
213 ########################################
215 ## Execute useradd in the useradd domain.
217 ## <param name="domain">
219 ## The type of the process performing this action.
223 interface(`usermanage_domtrans_useradd',`
225 type useradd_t, useradd_exec_t;
229 corecmd_search_bin($1)
230 domtrans_pattern($1,useradd_exec_t,useradd_t)
233 ########################################
235 ## Execute useradd in the useradd domain, and
236 ## allow the specified role the useradd domain.
238 ## <param name="domain">
240 ## The type of the process performing this action.
243 ## <param name="role">
245 ## The role to be allowed the useradd domain.
248 ## <param name="terminal">
250 ## The type of the terminal allow the useradd domain to use.
255 interface(`usermanage_run_useradd',`
260 usermanage_domtrans_useradd($1)
261 role $2 types useradd_t;
262 allow useradd_t $3:chr_file rw_term_perms;
263 nscd_run(useradd_t, $2, $3)
266 ########################################
268 ## Read the crack database.
270 ## <param name="domain">
272 ## The type of the process performing this action.
276 interface(`usermanage_read_crack_db',`
281 read_files_pattern($1,crack_db_t,crack_db_t)