module otel_collector_journald 1.0;

require {
    type journalctl_t;
    type syslogd_t;
    type usr_t;
    class file { read open execute };
    class dir { search open };
    class service status;
    class process transition;
    class tcp_socket { read write connect create getattr setattr };
    class udp_socket { read write connect create getattr setattr };
}

# Define the new type for the OpenTelemetry Collector process
type otel_collector_t;
type otel_collector_exec_t;

# Allow the execution of the collector binary with the correct label
allow usr_t otel_collector_exec_t:file { read execute open };
allow otel_collector_t otel_collector_exec_t:file { read execute open };

# Allow the transition from usr_t to otel_collector_t
type_transition usr_t otel_collector_exec_t:process otel_collector_t;

# Allow otel_collector_t to read journald logs
allow otel_collector_t journalctl_t:file { read open };

# Allow otel_collector_t to search and open directories of journald logs
allow otel_collector_t journalctl_t:dir { search open };

# Allow otel_collector_t to get the status of journald
allow otel_collector_t journalctl_t:service status;

# Allow otel_collector_t to get the status of syslogd
allow otel_collector_t syslogd_t:service status;

# Allow otel_collector_t to create and use TCP sockets
allow otel_collector_t self:tcp_socket { read write connect create getattr setattr };

# Allow otel_collector_t to create and use UDP sockets
allow otel_collector_t self:udp_socket { read write connect create getattr setattr };