authlogin: Deprecate auth_domtrans_chk_passwd().

This is a duplicate interface.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>

policy/modules/services/hadoop.if

@@ -68,6 +68,8 @@ template(`hadoop_domain_template',`
 	filetrans_pattern(hadoop_$1_t, hadoop_hsperfdata_t, hadoop_$1_tmp_t, file)
 
 	auth_use_nsswitch(hadoop_$1_t)
+	auth_domtrans_chk_passwd(hadoop_$1_t)
+	auth_domtrans_upd_passwd(hadoop_$1_t)
 
 	####################################
 	#

policy/modules/services/hadoop.te

@@ -216,8 +216,6 @@ dev_read_sysfs(hadoop_domain)
 files_search_runtime(hadoop_domain)
 files_search_var_lib(hadoop_domain)
 
-auth_domtrans_chkpwd(hadoop_domain)
-
 init_read_utmp(hadoop_domain)
 init_use_fds(hadoop_domain)
 init_use_script_fds(hadoop_domain)

policy/modules/services/pwauth.te

@@ -31,7 +31,8 @@ files_runtime_filetrans(pwauth_t, pwauth_runtime_t, file)
 
 domain_use_interactive_fds(pwauth_t)
 
-auth_domtrans_chkpwd(pwauth_t)
+auth_domtrans_chk_passwd(pwauth_t)
+auth_domtrans_upd_passwd(pwauth_t)
 auth_use_nsswitch(pwauth_t)
 
 init_read_utmp(pwauth_t)

policy/modules/system/authlogin.if

@@ -419,13 +419,9 @@ interface(`auth_domtrans_chk_passwd',`
 ## </param>
 #
 interface(`auth_domtrans_chkpwd',`
-	gen_require(`
-		type chkpwd_t, chkpwd_exec_t, shadow_t;
-	')
+	refpolicywarn(`$0($*) has been deprecated, please use auth_domtrans_chk_passwd($1); auth_domtrans_upd_passwd($1) instead.')
 
-	corecmd_search_bin($1)
-	domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
-	dontaudit $1 shadow_t:file { getattr read };
+	auth_domtrans_chk_passwd($1)
 	auth_domtrans_upd_passwd($1)
 ')
 

policy/modules/system/authlogin.te

@@ -7,7 +7,7 @@ policy_module(authlogin, 2.18.2)
 
 ## <desc>
 ## <p>
-## Allow PAM usage.  If disabled, /etc/shadow is provided on systems that do not support PAM.
+## Allow PAM usage.  If disabled, read access /etc/shadow is allowed for domains that normally use PAM.
 ## </p>
 ## </desc>
 gen_tunable(authlogin_pam, true)