From dd5ef107adfe2c05f7d2e3e3543d3c042868b6fb Mon Sep 17 00:00:00 2001
From: Karel Zak
Date: Tue, 14 Jun 2016 13:15:44 +0200
Subject: chfn: chsh: use selinux_check_passwd_access()

* selinux/av_permissions.h and magic constants are deprecated, the
  recommended solution is to use string_to_security_class() and
  string_to_av_perm() to get access vector

* it also seems that selinux_check_passwd_access() does exactly the
  same as our checkAccess(), let's use it.

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 login-utils/chfn.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'login-utils/chfn.c')

diff --git a/login-utils/chfn.c b/login-utils/chfn.c
index b1c7ea25a..89e6bd7ec 100644
--- a/login-utils/chfn.c
+++ b/login-utils/chfn.c
@@ -46,7 +46,6 @@
 
 #ifdef HAVE_LIBSELINUX
 # include <selinux/selinux.h>
-# include <selinux/av_permissions.h>
 # include "selinux_utils.h"
 #endif
 
@@ -424,7 +423,9 @@ int main(int argc, char **argv)
 #ifdef HAVE_LIBSELINUX
 	if (is_selinux_enabled() > 0) {
 		if (uid == 0) {
-			if (checkAccess(ctl.username, PASSWD__CHFN) != 0) {
+			access_vector_t av = get_access_vector("passwd", "chfn");
+
+			if (selinux_check_passwd_access(av) != 0) {
 				security_context_t user_context;
 				if (getprevcon(&user_context) < 0)
 					user_context = NULL;
-- 
cgit v1.2.3-55-g7522