| |
@@ -26,8 +26,6 @@
|
| |
#include <unistd.h>
|
| |
#ifdef WITH_SELINUX
|
| |
#include <selinux/selinux.h>
|
| |
- #include <selinux/av_permissions.h>
|
| |
- #include <selinux/flask.h>
|
| |
#include <selinux/context.h>
|
| |
#endif
|
| |
#include "../lib/error.h"
|
| |
@@ -57,7 +55,7 @@
|
| |
|
| |
retval = security_compute_av(user_context,
|
| |
user_context,
|
| |
- SECCLASS_PASSWD,
|
| |
+ string_to_security_class("passwd"),
|
| |
access, &avd);
|
| |
|
| |
if (retval == 0 && (avd.allowed & access) == access)
|
| |
@@ -221,7 +219,8 @@
|
| |
#ifdef WITH_SELINUX
|
| |
if (is_selinux_enabled() > 0) {
|
| |
/* FIXME: PASSWD_CHSH, PASSWD_PASSWD ? */
|
| |
- if (getuid() == 0 && check_access(user, PASSWD__CHFN) != 0) {
|
| |
+ if (getuid() == 0 &&
|
| |
+ check_access(user, string_to_av_perm(string_to_security_class("passwd"), "chfn")) != 0) {
|
| |
security_context_t user_context;
|
| |
|
| |
if (getprevcon(&user_context) < 0)
|
| |