selinux-policy/policy/modules/apps/loadkeys.te
2008-10-17 17:31:04 +00:00

45 lines
948 B
Plaintext

policy_module(loadkeys, 1.4.0)
########################################
#
# Declarations
#
# cjp: this should probably be rewritten
# per user domain, since it can rw
# all user domain ttys
type loadkeys_t;
type loadkeys_exec_t;
init_system_domain(loadkeys_t, loadkeys_exec_t)
########################################
#
# Local policy
#
allow loadkeys_t self:capability { dac_override dac_read_search setuid sys_tty_config };
allow loadkeys_t self:fifo_file rw_fifo_file_perms;
kernel_read_system_state(loadkeys_t)
corecmd_exec_bin(loadkeys_t)
corecmd_exec_shell(loadkeys_t)
files_read_etc_files(loadkeys_t)
files_read_etc_runtime_files(loadkeys_t)
term_dontaudit_use_console(loadkeys_t)
term_use_unallocated_ttys(loadkeys_t)
init_dontaudit_use_fds(loadkeys_t)
init_dontaudit_use_script_ptys(loadkeys_t)
locallogin_use_fds(loadkeys_t)
miscfiles_read_localization(loadkeys_t)
optional_policy(`
nscd_dontaudit_search_pid(loadkeys_t)
')