module my-unixchkpwd 1.0;

require {
	type admin_home_t;
	type chkpwd_t;
	class file { map open read };
}

#============= chkpwd_t ==============
allow chkpwd_t admin_home_t:file { map open read };