Oreon-Lime-R2/selinux-policy/selinux-policy-bc228bd/selinux-policy-bc228bd0c249a9e4aa3dcf238c2b1bb138943b07/policy/modules/contrib/pwauth.if

## <summary>policy for pwauth</summary>

########################################
## <summary>
##	Transition to pwauth.
## </summary>
## <param name="domain">
## <summary>
##	Domain allowed to transition.
## </summary>
## </param>
#
interface(`pwauth_domtrans',`
	gen_require(`
		type pwauth_t, pwauth_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, pwauth_exec_t, pwauth_t)
')

########################################
## <summary>
##	Execute pwauth in the pwauth domain, and
##	allow the specified role the pwauth domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the pwauth domain.
##	</summary>
## </param>
#
interface(`pwauth_run',`
	gen_require(`
		type pwauth_t;
	')

	pwauth_domtrans($1)
	role $2 types pwauth_t;
')

########################################
## <summary>
##	Role access for pwauth
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role
##	</summary>
## </param>
#
interface(`pwauth_role',`
	gen_require(`
		type pwauth_t;
	')

	role $1 types pwauth_t;

	pwauth_domtrans($2)

	ps_process_pattern($2, pwauth_t)
	allow $2 pwauth_t:process signal;
')