policy_module(bootloader_additional, 0.0.2)

require {
  type bootloader_t;
}

kernel_read_unlabeled_files(bootloader_t)
allow bootloader_t self:process getsched;