selinux-refpolicy/strict/domains/program/crack.te

49 lines
1.1 KiB
Plaintext
Raw Normal View History

2005-04-29 17:45:15 +00:00
#DESC Crack - Password cracking application
#
# Author: Russell Coker <russell@coker.com.au>
# X-Debian-Packages: crack
#
#################################
#
# Rules for the crack_t domain.
#
# crack_exec_t is the type of the crack executable.
#
system_domain(crack)
ifdef(`crond.te', `
system_crond_entry(crack_exec_t, crack_t)
')
# for SSP
allow crack_t urandom_device_t:chr_file read;
type crack_db_t, file_type, sysadmfile, usercanread;
allow crack_t var_t:dir search;
rw_dir_create_file(crack_t, crack_db_t)
allow crack_t device_t:dir search;
allow crack_t devtty_t:chr_file rw_file_perms;
allow crack_t self:fifo_file { read write getattr };
tmp_domain(crack)
# for dictionaries
allow crack_t usr_t:file { getattr read };
can_exec(crack_t, bin_t)
allow crack_t { bin_t sbin_t }:dir search;
allow crack_t self:process { fork signal_perms };
allow crack_t proc_t:dir { read search };
allow crack_t proc_t:file { read getattr };
# read config files
allow crack_t { etc_t etc_runtime_t }:file { getattr read };
allow crack_t etc_t:dir r_dir_perms;
allow crack_t fs_t:filesystem getattr;
dontaudit crack_t sysadm_home_dir_t:dir { getattr search };