]>
Commit | Line | Data |
---|---|---|
21468a60 | 1 | |
5ea24be9 | 2 | policy_module(loadkeys,1.0.0) |
21468a60 CP |
3 | |
4 | ######################################## | |
5 | # | |
6 | # Declarations | |
7 | # | |
8 | ||
9e91381a CP |
9 | ifdef(`targeted_policy',` |
10 | # for compatibility with strict: | |
11 | corecmd_bin_alias(loadkeys_exec_t) | |
12 | ',` | |
13 | # cjp: this should probably be rewritten | |
14 | # per user domain, since it can rw | |
15 | # all user domain ttys | |
21468a60 | 16 | |
9e91381a CP |
17 | type loadkeys_t; |
18 | domain_type(loadkeys_t) | |
21468a60 | 19 | |
9e91381a CP |
20 | type loadkeys_exec_t; |
21 | domain_entry_file(loadkeys_t,loadkeys_exec_t) | |
22 | ') | |
21468a60 CP |
23 | |
24 | ######################################## | |
25 | # | |
26 | # Local policy | |
27 | # | |
28 | ||
9e91381a CP |
29 | ifdef(`targeted_policy',` |
30 | # loadkeys domain disabled in targeted policy | |
31 | ',` | |
32 | allow loadkeys_t self:capability { setuid sys_tty_config }; | |
c0868a7a | 33 | allow loadkeys_t self:fifo_file rw_fifo_file_perms; |
21468a60 | 34 | |
9e91381a | 35 | kernel_read_system_state(loadkeys_t) |
21468a60 | 36 | |
9e91381a CP |
37 | corecmd_exec_bin(loadkeys_t) |
38 | corecmd_exec_shell(loadkeys_t) | |
21468a60 | 39 | |
9e91381a | 40 | files_dontaudit_read_etc_runtime_files(loadkeys_t) |
21468a60 | 41 | |
9e91381a CP |
42 | libs_use_ld_so(loadkeys_t) |
43 | libs_use_shared_libs(loadkeys_t) | |
21468a60 | 44 | |
1c1ac67f | 45 | locallogin_use_fds(loadkeys_t) |
21468a60 | 46 | |
9e91381a CP |
47 | miscfiles_read_localization(loadkeys_t) |
48 | ') |