policy_module(loadkeys, 1.13.0)

########################################
#
# Declarations
#

attribute_role loadkeys_roles;

type loadkeys_t;
type loadkeys_exec_t;
init_system_domain(loadkeys_t, loadkeys_exec_t)
role loadkeys_roles types loadkeys_t;

########################################
#
# Local policy
#

allow loadkeys_t self:capability { dac_override dac_read_search setuid sys_tty_config };
allow loadkeys_t self:fifo_file rw_fifo_file_perms;
allow loadkeys_t self:unix_stream_socket { connect create };

kernel_read_system_state(loadkeys_t)

init_use_fds(loadkeys_t)

corecmd_exec_bin(loadkeys_t)
corecmd_exec_shell(loadkeys_t)

files_read_etc_files(loadkeys_t)
files_read_etc_runtime_files(loadkeys_t)
# keymap files are in /usr/share/keymaps or /usr/share/kbd/keymaps
files_read_usr_files(loadkeys_t)
files_search_pids(loadkeys_t)
files_search_src(loadkeys_t)
files_search_tmp(loadkeys_t)

term_dontaudit_use_console(loadkeys_t)
term_use_unallocated_ttys(loadkeys_t)

init_read_script_tmp_files(loadkeys_t)

locallogin_use_fds(loadkeys_t)

miscfiles_read_localization(loadkeys_t)

userdom_use_user_ttys(loadkeys_t)
userdom_list_user_home_content(loadkeys_t)

optional_policy(`
	consolesetup_read_conf(loadkeys_t)
')

optional_policy(`
	keyboardd_read_pipes(loadkeys_t)
')

optional_policy(`
	nscd_dontaudit_search_pid(loadkeys_t)
')