policy_module(getresults,1.0.1)

########################################
#
# Declarations
#


require {

        type unconfined_t;
        type proc_t;
        type user_devpts_t;
        type fs_t;

}

type getresults_t;
type getresults_exec_t;
application_domain(getresults_t, getresults_exec_t)


role unconfined_r types getresults_t;
type_transition unconfined_t getresults_exec_t:process getresults_t;

# domena ta bedzie dzialala tylko w trybie permissive
#permissive getresults_t;

########################################
#
# getresults local policy
#
allow getresults_t self:fifo_file manage_fifo_file_perms;
allow getresults_t self:unix_stream_socket create_stream_socket_perms;


allow unconfined_t getresults_t:process transition;

allow getresults_t getresults_t:file { write getattr open create };
allow getresults_t getresults_t:dir { write add_name };


allow getresults_t fs_t:filesystem associate;
allow unconfined_t getresults_t:dir { relabelfrom relabelto };

allow getresults_t proc_t:file { read getattr open };
allow getresults_t user_devpts_t:chr_file { read write };
 

files_read_etc_files(getresults_t)

miscfiles_read_localization(getresults_t)

domain_use_interactive_fds(getresults_t)

files_read_etc_files(getresults_t)

miscfiles_read_localization(getresults_t)