policy_module(loadkeys,1.0.1)

########################################
#
# Declarations
#

ifdef(`targeted_policy',`
	# for compatibility with strict:
	corecmd_bin_alias(loadkeys_exec_t)
',`
	# cjp: this should probably be rewritten
	# per user domain, since it can rw
	# all user domain ttys

	type loadkeys_t;
	type loadkeys_exec_t;
	init_system_domain(loadkeys_t,loadkeys_exec_t)
')

########################################
#
# Local policy
#

ifdef(`targeted_policy',`
	# loadkeys domain disabled in targeted policy
',`
	allow loadkeys_t self:capability { dac_override dac_read_search setuid sys_tty_config };
	allow loadkeys_t self:fifo_file rw_fifo_file_perms;

	kernel_read_system_state(loadkeys_t)

	corecmd_exec_bin(loadkeys_t)
	corecmd_exec_shell(loadkeys_t)

	files_read_etc_files(loadkeys_t)
	files_read_etc_runtime_files(loadkeys_t)

	term_dontaudit_use_console(loadkeys_t)
	term_dontaudit_use_unallocated_ttys(loadkeys_t)

	init_dontaudit_use_script_ptys(loadkeys_t)

	libs_use_ld_so(loadkeys_t)
	libs_use_shared_libs(loadkeys_t)

	locallogin_use_fds(loadkeys_t)

	miscfiles_read_localization(loadkeys_t)
')