module clamav-unixchkpwd 1.0;

require {
	type chkpwd_t;
	type user_devpts_t;
	type antivirus_t;
	type shadow_t;
	type init_t;
	class chr_file { read write };
	class file { getattr open read };
	class process siginh;
}

#============= antivirus_t ==============
allow antivirus_t shadow_t:file { open read };
allow antivirus_t shadow_t:file getattr;

#============= chkpwd_t ==============
allow chkpwd_t user_devpts_t:chr_file { read write };

#============= init_t ==============
allow init_t chkpwd_t:process siginh;