Allow shadow lock access for dpkg scripts

Some dpkg scripts call update-passwd(8), which in turn call lckpwdf(3).
It is therefore expected that shadow.lock should be appropriately
accessesd by this tool.

Signed-off-by: Antonio Enrico Russo <[email protected]>

Author: aerusso

policy/modules/admin/dpkg.te

@@ -278,6 +278,8 @@ files_manage_non_auth_files(dpkg_script_t)
 
 auth_etc_filetrans_shadow(dpkg_script_t, "shadow.upwd-write")
 auth_manage_shadow(dpkg_script_t)
+auth_filetrans_shadow_lock(dpkg_script_t)
+auth_rw_shadow_lock(dpkg_script_t)
 
 init_all_labeled_script_domtrans(dpkg_script_t)
 init_use_script_fds(dpkg_script_t)