]>
Commit | Line | Data |
---|---|---|
21468a60 | 1 | |
29af4c13 | 2 | policy_module(loadkeys, 1.7.0) |
21468a60 CP |
3 | |
4 | ######################################## | |
5 | # | |
6 | # Declarations | |
7 | # | |
8 | ||
350b6ab7 CP |
9 | # cjp: this should probably be rewritten |
10 | # per user domain, since it can rw | |
11 | # all user domain ttys | |
12 | type loadkeys_t; | |
13 | type loadkeys_exec_t; | |
0bfccda4 | 14 | init_system_domain(loadkeys_t, loadkeys_exec_t) |
21468a60 CP |
15 | |
16 | ######################################## | |
17 | # | |
18 | # Local policy | |
19 | # | |
20 | ||
350b6ab7 CP |
21 | allow loadkeys_t self:capability { dac_override dac_read_search setuid sys_tty_config }; |
22 | allow loadkeys_t self:fifo_file rw_fifo_file_perms; | |
21468a60 | 23 | |
350b6ab7 | 24 | kernel_read_system_state(loadkeys_t) |
21468a60 | 25 | |
350b6ab7 CP |
26 | corecmd_exec_bin(loadkeys_t) |
27 | corecmd_exec_shell(loadkeys_t) | |
6b19be33 | 28 | |
350b6ab7 CP |
29 | files_read_etc_files(loadkeys_t) |
30 | files_read_etc_runtime_files(loadkeys_t) | |
6b19be33 | 31 | |
350b6ab7 CP |
32 | term_dontaudit_use_console(loadkeys_t) |
33 | term_use_unallocated_ttys(loadkeys_t) | |
21468a60 | 34 | |
737fcf23 | 35 | init_dontaudit_use_fds(loadkeys_t) |
350b6ab7 | 36 | init_dontaudit_use_script_ptys(loadkeys_t) |
21468a60 | 37 | |
350b6ab7 | 38 | locallogin_use_fds(loadkeys_t) |
21468a60 | 39 | |
350b6ab7 | 40 | miscfiles_read_localization(loadkeys_t) |
0a0b8078 | 41 | |
296273a7 | 42 | userdom_use_user_ttys(loadkeys_t) |
2e4e39d2 CP |
43 | userdom_list_user_home_content(loadkeys_t) |
44 | ||
45 | ifdef(`hide_broken_symptoms',` | |
46 | dev_dontaudit_rw_lvm_control(loadkeys_t) | |
47 | ') | |
296273a7 | 48 | |
350b6ab7 CP |
49 | optional_policy(` |
50 | nscd_dontaudit_search_pid(loadkeys_t) | |
9e91381a | 51 | ') |