policy_module(login_additional, 0.0.1)

require {
  type local_login_t;
  type proc_t;
}

allow local_login_t proc_t:filesystem getattr;