| |
@@ -48,8 +48,6 @@
|
| |
|
| |
#ifdef WITH_SELINUX
|
| |
#include <selinux/selinux.h>
|
| |
- #include <selinux/flask.h>
|
| |
- #include <selinux/av_permissions.h>
|
| |
#endif
|
| |
|
| |
#include "shvar.h"
|
| |
@@ -111,7 +109,7 @@
|
| |
struct av_decision avd;
|
| |
int retval = security_compute_av(user_context,
|
| |
user_context,
|
| |
- SECCLASS_PASSWD,
|
| |
+ string_to_security_class("passwd"),
|
| |
selaccess,
|
| |
&avd);
|
| |
|
| |
@@ -2267,7 +2265,8 @@
|
| |
const char *new_home_phone;
|
| |
const char *new_shell;
|
| |
#ifdef WITH_SELINUX
|
| |
- unsigned perm;
|
| |
+ security_class_t class;
|
| |
+ access_vector_t perm;
|
| |
#endif
|
| |
|
| |
/* State variable we pass around. */
|
| |
@@ -2426,12 +2425,13 @@
|
| |
user_name = g_strdup(argv[optind]);
|
| |
|
| |
#ifdef WITH_SELINUX
|
| |
+ class = string_to_security_class("passwd");
|
| |
if (c_flag)
|
| |
- perm = PASSWD__PASSWD;
|
| |
+ perm = string_to_av_perm(class, "passwd");
|
| |
else if (s_flag)
|
| |
- perm = PASSWD__CHSH;
|
| |
+ perm = string_to_av_perm(class, "chsh");
|
| |
else
|
| |
- perm = PASSWD__CHFN;
|
| |
+ perm = string_to_av_perm(class, "chfn");
|
| |
|
| |
if (is_selinux_enabled() > 0 &&
|
| |
checkAccess(perm)!= 0) {
|
| |
plautrba
commented 4 years ago
selinux/flask.h and selinux/av_permissions.h will be completely dropped in the
next SELinux release.
Use string_to_security_class() and string_to_av_perm() to get class and
permission values. The original hardcoded values could be invalid and are
deprecated as the whole flask.h and av_permissions.h header files.