]> git.ipfire.org Git - people/stevee/selinux-policy.git/blob - policy/modules/admin/usermanage.if
projects / people / stevee / selinux-policy.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
trunk: 5 patches from dan.
[people/stevee/selinux-policy.git] / policy / modules / admin / usermanage.if
1 ## <summary>Policy for managing user accounts.</summary>
2
3 ########################################
4 ## <summary>
5 ## Execute chfn in the chfn domain.
6 ## </summary>
7 ## <param name="domain">
8 ## <summary>
9 ## The type of the process performing this action.
10 ## </summary>
11 ## </param>
12 #
13 interface(`usermanage_domtrans_chfn',`
14 gen_require(`
15 type chfn_t, chfn_exec_t;
16 ')
17
18 files_search_usr($1)
19 corecmd_search_bin($1)
20 domtrans_pattern($1,chfn_exec_t,chfn_t)
21 ')
22
23 ########################################
24 ## <summary>
25 ## Execute chfn in the chfn domain, and
26 ## allow the specified role the chfn domain.
27 ## </summary>
28 ## <param name="domain">
29 ## <summary>
30 ## The type of the process performing this action.
31 ## </summary>
32 ## </param>
33 ## <param name="role">
34 ## <summary>
35 ## The role to be allowed the chfn domain.
36 ## </summary>
37 ## </param>
38 ## <param name="terminal">
39 ## <summary>
40 ## The type of the terminal allow the chfn domain to use.
41 ## </summary>
42 ## </param>
43 #
44 interface(`usermanage_run_chfn',`
45 gen_require(`
46 type chfn_t;
47 ')
48
49 usermanage_domtrans_chfn($1)
50 role $2 types chfn_t;
51 allow chfn_t $3:chr_file rw_term_perms;
52 ')
53
54 ########################################
55 ## <summary>
56 ## Execute groupadd in the groupadd domain.
57 ## </summary>
58 ## <param name="domain">
59 ## <summary>
60 ## The type of the process performing this action.
61 ## </summary>
62 ## </param>
63 #
64 interface(`usermanage_domtrans_groupadd',`
65 gen_require(`
66 type groupadd_t, groupadd_exec_t;
67 ')
68
69 files_search_usr($1)
70 corecmd_search_bin($1)
71 domtrans_pattern($1,groupadd_exec_t,groupadd_t)
72 ')
73
74 ########################################
75 ## <summary>
76 ## Execute groupadd in the groupadd domain, and
77 ## allow the specified role the groupadd domain.
78 ## </summary>
79 ## <param name="domain">
80 ## <summary>
81 ## The type of the process performing this action.
82 ## </summary>
83 ## </param>
84 ## <param name="role">
85 ## <summary>
86 ## The role to be allowed the groupadd domain.
87 ## </summary>
88 ## </param>
89 ## <param name="terminal">
90 ## <summary>
91 ## The type of the terminal allow the groupadd domain to use.
92 ## </summary>
93 ## </param>
94 ## <rolecap/>
95 #
96 interface(`usermanage_run_groupadd',`
97 gen_require(`
98 type groupadd_t;
99 ')
100
101 usermanage_domtrans_groupadd($1)
102 role $2 types groupadd_t;
103 allow groupadd_t $3:chr_file rw_term_perms;
104 nscd_run(groupadd_t, $2, $3)
105 ')
106
107 ########################################
108 ## <summary>
109 ## Execute passwd in the passwd domain.
110 ## </summary>
111 ## <param name="domain">
112 ## <summary>
113 ## The type of the process performing this action.
114 ## </summary>
115 ## </param>
116 #
117 interface(`usermanage_domtrans_passwd',`
118 gen_require(`
119 type passwd_t, passwd_exec_t;
120 ')
121
122 files_search_usr($1)
123 corecmd_search_bin($1)
124 domtrans_pattern($1,passwd_exec_t,passwd_t)
125 ')
126
127 ########################################
128 ## <summary>
129 ## Execute passwd in the passwd domain, and
130 ## allow the specified role the passwd domain.
131 ## </summary>
132 ## <param name="domain">
133 ## <summary>
134 ## The type of the process performing this action.
135 ## </summary>
136 ## </param>
137 ## <param name="role">
138 ## <summary>
139 ## The role to be allowed the passwd domain.
140 ## </summary>
141 ## </param>
142 ## <param name="terminal">
143 ## <summary>
144 ## The type of the terminal allow the passwd domain to use.
145 ## </summary>
146 ## </param>
147 #
148 interface(`usermanage_run_passwd',`
149 gen_require(`
150 type passwd_t;
151 ')
152
153 usermanage_domtrans_passwd($1)
154 role $2 types passwd_t;
155 allow passwd_t $3:chr_file rw_term_perms;
156 ')
157
158 ########################################
159 ## <summary>
160 ## Execute password admin functions in
161 ## the admin passwd domain.
162 ## </summary>
163 ## <param name="domain">
164 ## <summary>
165 ## Domain allowed access.
166 ## </summary>
167 ## </param>
168 #
169 interface(`usermanage_domtrans_admin_passwd',`
170 gen_require(`
171 type sysadm_passwd_t, admin_passwd_exec_t;
172 ')
173
174 files_search_usr($1)
175 corecmd_search_bin($1)
176 domtrans_pattern($1,admin_passwd_exec_t,sysadm_passwd_t)
177 ')
178
179 ########################################
180 ## <summary>
181 ## Execute passwd admin functions in the admin
182 ## passwd domain, and allow the specified role
183 ## the admin passwd domain.
184 ## </summary>
185 ## <param name="domain">
186 ## <summary>
187 ## The type of the process performing this action.
188 ## </summary>
189 ## </param>
190 ## <param name="role">
191 ## <summary>
192 ## The role to be allowed the admin passwd domain.
193 ## </summary>
194 ## </param>
195 ## <param name="terminal">
196 ## <summary>
197 ## The type of the terminal allow the admin passwd domain to use.
198 ## </summary>
199 ## </param>
200 ## <rolecap/>
201 #
202 interface(`usermanage_run_admin_passwd',`
203 gen_require(`
204 type sysadm_passwd_t;
205 ')
206
207 usermanage_domtrans_admin_passwd($1)
208 role $2 types sysadm_passwd_t;
209 allow sysadm_passwd_t $3:chr_file rw_term_perms;
210 nscd_run(sysadm_passwd_t, $2, $3)
211 ')
212
213 ########################################
214 ## <summary>
215 ## Execute useradd in the useradd domain.
216 ## </summary>
217 ## <param name="domain">
218 ## <summary>
219 ## The type of the process performing this action.
220 ## </summary>
221 ## </param>
222 #
223 interface(`usermanage_domtrans_useradd',`
224 gen_require(`
225 type useradd_t, useradd_exec_t;
226 ')
227
228 files_search_usr($1)
229 corecmd_search_bin($1)
230 domtrans_pattern($1,useradd_exec_t,useradd_t)
231 ')
232
233 ########################################
234 ## <summary>
235 ## Execute useradd in the useradd domain, and
236 ## allow the specified role the useradd domain.
237 ## </summary>
238 ## <param name="domain">
239 ## <summary>
240 ## The type of the process performing this action.
241 ## </summary>
242 ## </param>
243 ## <param name="role">
244 ## <summary>
245 ## The role to be allowed the useradd domain.
246 ## </summary>
247 ## </param>
248 ## <param name="terminal">
249 ## <summary>
250 ## The type of the terminal allow the useradd domain to use.
251 ## </summary>
252 ## </param>
253 ## <rolecap/>
254 #
255 interface(`usermanage_run_useradd',`
256 gen_require(`
257 type useradd_t;
258 ')
259
260 usermanage_domtrans_useradd($1)
261 role $2 types useradd_t;
262 allow useradd_t $3:chr_file rw_term_perms;
263 nscd_run(useradd_t, $2, $3)
264 ')
265
266 ########################################
267 ## <summary>
268 ## Read the crack database.
269 ## </summary>
270 ## <param name="domain">
271 ## <summary>
272 ## The type of the process performing this action.
273 ## </summary>
274 ## </param>
275 #
276 interface(`usermanage_read_crack_db',`
277 gen_require(`
278 type crack_db_t;
279 ')
280
281 read_files_pattern($1,crack_db_t,crack_db_t)
282 ')
The IPFire selinux policy.