49 lines
954 B
Plaintext
49 lines
954 B
Plaintext
|
|
policy_module(loadkeys,1.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
ifdef(`targeted_policy',`
|
|
# for compatibility with strict:
|
|
corecmd_bin_alias(loadkeys_exec_t)
|
|
',`
|
|
# cjp: this should probably be rewritten
|
|
# per user domain, since it can rw
|
|
# all user domain ttys
|
|
|
|
type loadkeys_t;
|
|
domain_type(loadkeys_t)
|
|
|
|
type loadkeys_exec_t;
|
|
domain_entry_file(loadkeys_t,loadkeys_exec_t)
|
|
')
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
ifdef(`targeted_policy',`
|
|
# loadkeys domain disabled in targeted policy
|
|
',`
|
|
allow loadkeys_t self:capability { setuid sys_tty_config };
|
|
allow loadkeys_t self:fifo_file rw_file_perms;
|
|
|
|
kernel_read_system_state(loadkeys_t)
|
|
|
|
corecmd_exec_bin(loadkeys_t)
|
|
corecmd_exec_shell(loadkeys_t)
|
|
|
|
files_dontaudit_read_etc_runtime_files(loadkeys_t)
|
|
|
|
libs_use_ld_so(loadkeys_t)
|
|
libs_use_shared_libs(loadkeys_t)
|
|
|
|
locallogin_use_fd(loadkeys_t)
|
|
|
|
miscfiles_read_localization(loadkeys_t)
|
|
')
|