[people/stevee/selinux-policy.git] / policy / modules / apps / loadkeys.te


policy_module(loadkeys, 1.7.0)

########################################
#
# Declarations
#

# cjp: this should probably be rewritten
# per user domain, since it can rw
# all user domain ttys
type loadkeys_t;
type loadkeys_exec_t;
init_system_domain(loadkeys_t, loadkeys_exec_t)

########################################
#
# Local policy
#

allow loadkeys_t self:capability { dac_override dac_read_search setuid sys_tty_config };
allow loadkeys_t self:fifo_file rw_fifo_file_perms;

kernel_read_system_state(loadkeys_t)

corecmd_exec_bin(loadkeys_t)
corecmd_exec_shell(loadkeys_t)

files_read_etc_files(loadkeys_t)
files_read_etc_runtime_files(loadkeys_t)

term_dontaudit_use_console(loadkeys_t)
term_use_unallocated_ttys(loadkeys_t)

init_dontaudit_use_fds(loadkeys_t)
init_dontaudit_use_script_ptys(loadkeys_t)

locallogin_use_fds(loadkeys_t)

miscfiles_read_localization(loadkeys_t)

userdom_use_user_ttys(loadkeys_t)
userdom_list_user_home_content(loadkeys_t)

ifdef(`hide_broken_symptoms',`
	dev_dontaudit_rw_lvm_control(loadkeys_t)
')

optional_policy(`
	nscd_dontaudit_search_pid(loadkeys_t)
')
Commit	Line	Data
21468a60	1
29af4c13	2	policy_module(loadkeys, 1.7.0)
21468a60 CP	3
	4	########################################
	5	#
	6	# Declarations
	7	#
	8
350b6ab7 CP	9	# cjp: this should probably be rewritten
	10	# per user domain, since it can rw
	11	# all user domain ttys
	12	type loadkeys_t;
	13	type loadkeys_exec_t;
0bfccda4	14	init_system_domain(loadkeys_t, loadkeys_exec_t)
21468a60 CP	15
	16	########################################
	17	#
	18	# Local policy
	19	#
	20
350b6ab7 CP	21	allow loadkeys_t self:capability { dac_override dac_read_search setuid sys_tty_config };
350b6ab7 CP	22	allow loadkeys_t self:fifo_file rw_fifo_file_perms;
21468a60	23
350b6ab7	24	kernel_read_system_state(loadkeys_t)
21468a60	25
350b6ab7 CP	26	corecmd_exec_bin(loadkeys_t)
350b6ab7 CP	27	corecmd_exec_shell(loadkeys_t)
6b19be33	28
350b6ab7 CP	29	files_read_etc_files(loadkeys_t)
350b6ab7 CP	30	files_read_etc_runtime_files(loadkeys_t)
6b19be33	31
350b6ab7 CP	32	term_dontaudit_use_console(loadkeys_t)
350b6ab7 CP	33	term_use_unallocated_ttys(loadkeys_t)
21468a60	34
737fcf23	35	init_dontaudit_use_fds(loadkeys_t)
350b6ab7	36	init_dontaudit_use_script_ptys(loadkeys_t)
21468a60	37
350b6ab7	38	locallogin_use_fds(loadkeys_t)
21468a60	39
350b6ab7	40	miscfiles_read_localization(loadkeys_t)
0a0b8078	41
296273a7	42	userdom_use_user_ttys(loadkeys_t)
2e4e39d2 CP	43	userdom_list_user_home_content(loadkeys_t)
	44
	45	ifdef(`hide_broken_symptoms',`
	46	dev_dontaudit_rw_lvm_control(loadkeys_t)
	47	')
296273a7	48
350b6ab7 CP	49	optional_policy(`
350b6ab7 CP	50	nscd_dontaudit_search_pid(loadkeys_t)
9e91381a	51	')