diff options
| -rw-r--r-- | policy/modules/system/authlogin.if | 19 | ||||
| -rw-r--r-- | policy/modules/system/userdomain.if | 1 |
2 files changed, 20 insertions, 0 deletions
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if index 1357a0ad..1c312506 100644 --- a/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if @@ -761,6 +761,25 @@ interface(`auth_etc_filetrans_shadow',` ######################################## ## <summary> +## Get the attributes of the shadow history file. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`auth_getattr_shadow_history',` + gen_require(` + type shadow_history_t; + ') + + files_search_etc($1) + allow $1 shadow_history_t:file getattr; +') + +######################################## +## <summary> ## Read the shadow history file. ## </summary> ## <param name="domain"> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 74e9f2e9..7755e753 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -1440,6 +1440,7 @@ template(`userdom_admin_user_template',` term_use_all_terms($1_t) auth_getattr_shadow($1_t) + auth_getattr_shadow_history($1_t) # Manage almost all files files_manage_non_auth_files($1_t) files_map_non_auth_files($1_t) |