policy_module(loadkeys,1.1.0) ######################################## # # Declarations # ifdef(`targeted_policy',` # for compatibility with strict: corecmd_bin_alias(loadkeys_exec_t) ',` # cjp: this should probably be rewritten # per user domain, since it can rw # all user domain ttys type loadkeys_t; type loadkeys_exec_t; init_system_domain(loadkeys_t,loadkeys_exec_t) ') ######################################## # # Local policy # ifdef(`targeted_policy',` # loadkeys domain disabled in targeted policy ',` allow loadkeys_t self:capability { dac_override dac_read_search setuid sys_tty_config }; allow loadkeys_t self:fifo_file rw_fifo_file_perms; kernel_read_system_state(loadkeys_t) corecmd_exec_bin(loadkeys_t) corecmd_exec_shell(loadkeys_t) files_read_etc_files(loadkeys_t) files_read_etc_runtime_files(loadkeys_t) term_dontaudit_use_console(loadkeys_t) term_dontaudit_use_unallocated_ttys(loadkeys_t) init_dontaudit_use_script_ptys(loadkeys_t) libs_use_ld_so(loadkeys_t) libs_use_shared_libs(loadkeys_t) locallogin_use_fds(loadkeys_t) miscfiles_read_localization(loadkeys_t) ')