## <summary>Policy for getty.</summary>

########################################
## <summary>
##	Execute gettys in the getty domain.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`getty_domtrans',`
	gen_require(`
		type getty_t, getty_exec_t;
		class process sigchld;
		class fd use;
		class fifo_file rw_file_perms;
	')

	corecmd_search_sbin($1)
	domain_auto_trans($1,getty_exec_t,getty_t)

	allow $1 getty_t:fd use;
	allow getty_t $1:fd use;
	allow getty_t $1:fifo_file rw_file_perms;
	allow getty_t $1:process sigchld;
')

########################################
## <summary>
##	Allow process to read getty log file.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`getty_read_log',`
	gen_require(`
		type getty_log_t;
		class file { getattr read };
	')

	logging_search_logs($1)
	allow $1 getty_log_t:file { getattr read };
')

########################################
## <summary>
##	Allow process to read getty config file.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`getty_read_config',`
	gen_require(`
		type getty_etc_t;
		class file { getattr read };
	')

	files_search_etc($1)
	allow $1 getty_etc_t:file { getattr read };
')

########################################
## <summary>
##	Allow process to edit getty config file.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`getty_modify_config',`
	gen_require(`
		type getty_etc_t;
		class file rw_file_perms;
	')

	files_search_etc($1)
	allow $1 getty_etc_t:file rw_file_perms;
')