diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index 8f9aecb..b673033 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -1,5 +1,51 @@
+########################################
+#
+# Declarations
+#
+type chkpwd_exec_t;
+domain_make_entrypoint_file(system_chkpwd_t,chkpwd_exec_t)
+
+type faillog_t;
+logging_make_log_file(faillog_t)
+
 type lastlog_t;
 logging_make_log_file(lastlog_t)
 
+type login_exec_t;
+files_make_file(login_exec_t)
+
+type pam_t;
+domain_make_domain(pam_t)
+
+type pam_tmp_t;
+files_make_file(pam_tmp_t)
+
+type pam_var_console_t;
+files_make_file(pam_var_console_t)
+
+type pam_var_run_t;
+files_make_file(pam_var_run_t)
+
+type shadow_t;
+files_make_file(shadow_t)
+attribute can_read_shadow_passwords;
+attribute can_write_shadow_passwords;
+neverallow ~can_read_shadow_passwords shadow_t:file read;
+neverallow ~can_write_shadow_passwords shadow_t:file write;
+
+type utempter_t;
+domain_make_domain(utempter_t)
+
+type utempter_exec_t;
+domain_make_entrypoint_file(utempter_t,utempter_exec_t)
+
 type wtmp_t;
 logging_make_log_file(wtmp_t)
+
+########################################
+#
+# Local policy
+#
+authlogin_per_userdomain_template(system)
+#dontaudit system_chkpwd_t { user_tty_type tty_device_t }:chr_file rw_file_perms;
+#dontaudit system_chkpwd_t privfd:fd use;