/usr/share/selinux/ubuntu/include/system/locallogin.if is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 | ## <summary>Policy for local logins.</summary>
########################################
## <summary>
## Execute local logins in the local login domain.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`locallogin_domtrans',`
gen_require(`
type local_login_t;
')
auth_domtrans_login_program($1, local_login_t)
ifdef(`enable_mcs',`
auth_ranged_domtrans_login_program($1, local_login_t, s0 - mcs_systemhigh)
')
')
########################################
## <summary>
## Allow processes to inherit local login file descriptors.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`locallogin_use_fds',`
gen_require(`
type local_login_t;
')
allow $1 local_login_t:fd use;
')
########################################
## <summary>
## Do not audit attempts to inherit local login file descriptors.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`locallogin_dontaudit_use_fds',`
gen_require(`
type local_login_t;
')
dontaudit $1 local_login_t:fd use;
')
########################################
## <summary>
## Send a null signal to local login processes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`locallogin_signull',`
gen_require(`
type local_login_t;
')
allow $1 local_login_t:process signull;
')
########################################
## <summary>
## Search for key.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`locallogin_search_keys',`
gen_require(`
type local_login_t;
')
allow $1 local_login_t:key search;
')
########################################
## <summary>
## Allow link to the local_login key ring.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`locallogin_link_keys',`
gen_require(`
type local_login_t;
')
allow $1 local_login_t:key link;
')
########################################
## <summary>
## Execute local logins in the local login domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`locallogin_domtrans_sulogin',`
gen_require(`
type sulogin_exec_t, sulogin_t;
')
domtrans_pattern($1, sulogin_exec_t, sulogin_t)
')
|