policy_module(loadkeys,1.0)

########################################
#
# Declarations
#

ifdef(`targeted_policy',`
	# for compatibility with strict:
	corecmd_bin_alias(loadkeys_exec_t)
',`
	# cjp: this should probably be rewritten
	# per user domain, since it can rw
	# all user domain ttys

	type loadkeys_t;
	domain_type(loadkeys_t)

	type loadkeys_exec_t;
	domain_entry_file(loadkeys_t,loadkeys_exec_t)
')

########################################
#
# Local policy
#

ifdef(`targeted_policy',`
	# loadkeys domain disabled in targeted policy
',`
	allow loadkeys_t self:capability { setuid sys_tty_config };
	allow loadkeys_t self:fifo_file rw_file_perms;

	kernel_read_system_state(loadkeys_t)

	corecmd_exec_bin(loadkeys_t)
	corecmd_exec_shell(loadkeys_t)

	files_dontaudit_read_etc_runtime_files(loadkeys_t)

	libs_use_ld_so(loadkeys_t)
	libs_use_shared_libs(loadkeys_t)

	locallogin_use_fd(loadkeys_t)

	miscfiles_read_localization(loadkeys_t)
')