selinux-refpolicy/policy/modules/apps/vlock.if

## <summary>Lock one or more sessions on the Linux console.</summary>

#######################################
## <summary>
## 	Execute vlock in the vlock domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`vlock_domtrans_vlock',`
	gen_require(`
		type vlock_t, vlock_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, vlock_exec_t, vlock_t)
')

########################################
## <summary>
##	Execute vlock in the vlock domain, and
##	allow the specified role the vlock domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed to access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`vlock_run_vlock',`
	gen_require(`
		type vlock_t;
	')

	vlock_domtrans_vlock($1)
	role $2 types vlock_t;
')