policy_module(loadkeys,1.0.0) ######################################## # # Declarations # ifdef(`targeted_policy',` # for compatibility with strict: corecmd_bin_alias(loadkeys_exec_t) ',` # cjp: this should probably be rewritten # per user domain, since it can rw # all user domain ttys type loadkeys_t; domain_type(loadkeys_t) type loadkeys_exec_t; domain_entry_file(loadkeys_t,loadkeys_exec_t) ') ######################################## # # Local policy # ifdef(`targeted_policy',` # loadkeys domain disabled in targeted policy ',` allow loadkeys_t self:capability { setuid sys_tty_config }; allow loadkeys_t self:fifo_file rw_fifo_file_perms; kernel_read_system_state(loadkeys_t) corecmd_exec_bin(loadkeys_t) corecmd_exec_shell(loadkeys_t) files_dontaudit_read_etc_runtime_files(loadkeys_t) libs_use_ld_so(loadkeys_t) libs_use_shared_libs(loadkeys_t) locallogin_use_fds(loadkeys_t) miscfiles_read_localization(loadkeys_t) ')