add authlogin_read_pam_runtime_data and cleanup interfaces

refpolicy/policy/modules/system/authlogin.if

@@ -72,10 +72,10 @@ class unix_dgram_socket { create read getattr write setattr append bind connect
 
 #######################################
 #
-# authlogin_make_login_program_entrypoint(type,[`optional'])
+# authlogin_make_login_program_entrypoint(domain)
 #
 define(`authlogin_make_login_program_entrypoint',`
-requires_block_template(authlogin_make_login_program_entrypoint_depend,$2)
+requires_block_template(authlogin_make_login_program_entrypoint_depend)
 domain_make_entrypoint_file($1,login_exec_t)
 ')
 
@@ -86,10 +86,10 @@ domain_make_entrypoint_file_depend
 
 #######################################
 #
-# authlogin_check_password_transition(type,[`optional'])
+# authlogin_check_password_transition(domain)
 #
 define(`authlogin_check_password_transition',`
-requires_block_template(authlogin_check_password_transition_depend,$2)
+requires_block_template(authlogin_check_password_transition_depend)
 allow $1 chkpwd_exec_t:file { getattr read execute };
 allow $1 system_chkpwd_t:process transition;
 dontaudit $1 shadow_t:file { getattr read };
@@ -108,10 +108,10 @@ class process transition;
 
 #######################################
 #
-# authlogin_modify_login_records(type,[`optional'])
+# authlogin_modify_login_records(domain)
 #
 define(`authlogin_modify_login_records',`
-requires_block_template(authlogin_modify_login_records_depend,$2)
+requires_block_template(authlogin_modify_login_records_depend)
 allow $1 wtmp_t:file { getattr read write setattr };
 ')
 
@@ -122,10 +122,10 @@ class file { getattr read write setattr };
 
 #######################################
 #
-# authlogin_read_shadow_passwords(type,[`optional'])
+# authlogin_read_shadow_passwords(domain)
 #
 define(`authlogin_read_shadow_passwords',`
-requires_block_template(authlogin_read_shadow_passwords_depend,$2)
+requires_block_template(authlogin_read_shadow_passwords_depend)
 allow $1 shadow_t:file { getattr read };
 typeattribute $1 can_read_shadow_passwords;
 ')
@@ -138,10 +138,10 @@ class file { getattr read };
 
 #######################################
 #
-# authlogin_ignore_read_shadow_passwords(type,[`optional'])
+# authlogin_ignore_read_shadow_passwords(domain)
 #
 define(`authlogin_ignore_read_shadow_passwords',`
-requires_block_template(authlogin_ignore_read_shadow_passwords_depend,$2)
+requires_block_template(authlogin_ignore_read_shadow_passwords_depend)
 dontaudit $1 shadow_t:file { getattr read };
 ')
 
@@ -152,10 +152,10 @@ class file { getattr read };
 
 #######################################
 #
-# authlogin_modify_shadow_passwords(type,[`optional'])
+# authlogin_modify_shadow_passwords(domain)
 #
 define(`authlogin_modify_shadow_passwords',`
-requires_block_template(authlogin_modify_shadow_passwords_depend,$2)
+requires_block_template(authlogin_modify_shadow_passwords_depend)
 allow $1 shadow_t:file { getattr read write };
 typeattribute $1 can_read_shadow_passwords;
 typeattribute $1 can_write_shadow_passwords;
@@ -170,10 +170,10 @@ class file { getattr read write };
 
 #######################################
 #
-# authlogin_modify_last_login_log(type,[`optional'])
+# authlogin_modify_last_login_log(domain)
 #
 define(`authlogin_modify_last_login_log',`
-requires_block_template(authlogin_modify_last_login_log_depend,$2)
+requires_block_template(authlogin_modify_last_login_log_depend)
 allow $1 lastlog_t:file { getattr read write setattr };
 ')
 
@@ -181,3 +181,19 @@ define(`authlogin_modify_last_login_log_depend',`
 type lastlog_t;
 class file { getattr read write setattr };
 ')
+
+#######################################
+#
+# authlogin_read_pam_runtime_data(domain)
+#
+define(`authlogin_read_pam_runtime_data',`
+requires_block_template(authlogin_read_pam_runtime_data_depend)
+# FIXME: search var_t
+# FIXME: search var_run_t
+allow $1 pam_var_run_t:file { getattr read };
+')
+
+define(`authlogin_read_pam_runtime_data_depend',`
+type lastlog_t;
+class file { getattr read };
+')