selinux-policy/refpolicy/policy/modules/apps/loadkeys.te

49 lines
954 B
Plaintext

policy_module(loadkeys,1.0)
########################################
#
# Declarations
#
ifdef(`targeted_policy',`
# for compatibility with strict:
corecmd_bin_alias(loadkeys_exec_t)
',`
# cjp: this should probably be rewritten
# per user domain, since it can rw
# all user domain ttys
type loadkeys_t;
domain_type(loadkeys_t)
type loadkeys_exec_t;
domain_entry_file(loadkeys_t,loadkeys_exec_t)
')
########################################
#
# Local policy
#
ifdef(`targeted_policy',`
# loadkeys domain disabled in targeted policy
',`
allow loadkeys_t self:capability { setuid sys_tty_config };
allow loadkeys_t self:fifo_file rw_file_perms;
kernel_read_system_state(loadkeys_t)
corecmd_exec_bin(loadkeys_t)
corecmd_exec_shell(loadkeys_t)
files_dontaudit_read_etc_runtime_files(loadkeys_t)
libs_use_ld_so(loadkeys_t)
libs_use_shared_libs(loadkeys_t)
locallogin_use_fd(loadkeys_t)
miscfiles_read_localization(loadkeys_t)
')