From 6b63c0acdb2e2435e4294f2de08dd376db15e4e8 Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Tue, 25 Feb 2020 21:02:54 +0800
Subject: [PATCH] add access to faillog file for systemd

Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
---
 policy/modules/system/authlogin.if | 19 +++++++++++++++++++
 policy/modules/system/init.te      |  3 +++
 2 files changed, 22 insertions(+)

diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 728a1c4..6f35819 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -2413,3 +2413,22 @@ interface(`auth_login_manage_key',`
 
 	allow $1 login_pgm:key manage_key_perms;
 ')
+
+########################################
+## <summary>
+##      Manage the login failure log for systemd.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`systemd_manage_faillog',`
+gen_require(`
+type faillog_t;
+')
+
+allow $1 faillog_t:dir { add_name write };
+allow $1 faillog_t:file create;
+')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 035720b..e0d584a 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1868,3 +1868,6 @@ optional_policy(`
         ccs_read_config(daemon)
     ')
  ')
+
+# avc for oprnEuler
+systemd_manage_faillog(init_t)
-- 
1.8.3.1