projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| 21468a60 | 1 | |
| 5ea24be9 | 2 | policy_module(loadkeys,1.0.0) |
| 21468a60 CP |
3 | |
| 4 | ######################################## | |
| 5 | # | |
| 6 | # Declarations | |
| 7 | # | |
| 8 | ||
| 9e91381a CP |
9 | ifdef(`targeted_policy',` |
| 10 | # for compatibility with strict: | |
| 11 | corecmd_bin_alias(loadkeys_exec_t) | |
| 12 | ',` | |
| 13 | # cjp: this should probably be rewritten | |
| 14 | # per user domain, since it can rw | |
| 15 | # all user domain ttys | |
| 21468a60 | 16 | |
| 9e91381a CP |
17 | type loadkeys_t; |
| 18 | domain_type(loadkeys_t) | |
| 21468a60 | 19 | |
| 9e91381a CP |
20 | type loadkeys_exec_t; |
| 21 | domain_entry_file(loadkeys_t,loadkeys_exec_t) | |
| 22 | ') | |
| 21468a60 CP |
23 | |
| 24 | ######################################## | |
| 25 | # | |
| 26 | # Local policy | |
| 27 | # | |
| 28 | ||
| 9e91381a CP |
29 | ifdef(`targeted_policy',` |
| 30 | # loadkeys domain disabled in targeted policy | |
| 31 | ',` | |
| 32 | allow loadkeys_t self:capability { setuid sys_tty_config }; | |
| c0868a7a | 33 | allow loadkeys_t self:fifo_file rw_fifo_file_perms; |
| 21468a60 | 34 | |
| 9e91381a | 35 | kernel_read_system_state(loadkeys_t) |
| 21468a60 | 36 | |
| 9e91381a CP |
37 | corecmd_exec_bin(loadkeys_t) |
| 38 | corecmd_exec_shell(loadkeys_t) | |
| 21468a60 | 39 | |
| 9e91381a | 40 | files_dontaudit_read_etc_runtime_files(loadkeys_t) |
| 21468a60 | 41 | |
| 9e91381a CP |
42 | libs_use_ld_so(loadkeys_t) |
| 43 | libs_use_shared_libs(loadkeys_t) | |
| 21468a60 | 44 | |
| 1c1ac67f | 45 | locallogin_use_fds(loadkeys_t) |
| 21468a60 | 46 | |
| 9e91381a CP |
47 | miscfiles_read_localization(loadkeys_t) |
| 48 | ') |