policy_module(ptchown, 1.1.2)

########################################
#
# Declarations
#

attribute_role ptchown_roles;
roleattribute system_r ptchown_roles;

type ptchown_t;
type ptchown_exec_t;
application_domain(ptchown_t, ptchown_exec_t)
role ptchown_roles types ptchown_t;

########################################
#
# Local policy
#

allow ptchown_t self:capability { chown fowner fsetid setuid };
allow ptchown_t self:process { getcap setcap };


fs_rw_anon_inodefs_files(ptchown_t)

term_setattr_generic_ptys(ptchown_t)
term_getattr_all_ptys(ptchown_t)
term_setattr_all_ptys(ptchown_t)
term_use_generic_ptys(ptchown_t)
term_use_ptmx(ptchown_t)

auth_read_passwd(ptchown_t)