#DESC ucspi-tcp - TCP Server and Client Tools
#
# Author Petre Rodan <kaiowas@gentoo.org>
#			Andy Dustman (rblsmtp-related policy)
#

# http://cr.yp.to/ucspi-tcp.html

daemon_base_domain(utcpserver)
can_network(utcpserver_t)

allow utcpserver_t etc_t:file r_file_perms;
allow utcpserver_t { bin_t sbin_t var_t }:dir search;

allow utcpserver_t self:capability { net_bind_service setgid setuid };
allow utcpserver_t self:fifo_file { read write };
allow utcpserver_t self:process { fork sigchld };

allow utcpserver_t port_t:udp_socket name_bind;

ifdef(`qmail.te', `
domain_auto_trans(utcpserver_t, qmail_smtpd_exec_t, qmail_smtpd_t)
allow utcpserver_t smtp_port_t:tcp_socket name_bind;
allow qmail_smtpd_t utcpserver_t:tcp_socket { read write getattr };
allow utcpserver_t qmail_etc_t:dir r_dir_perms;
allow utcpserver_t qmail_etc_t:file r_file_perms;
')

daemon_base_domain(rblsmtpd)
can_network(rblsmtpd_t)

allow rblsmtpd_t self:process { fork sigchld };

allow rblsmtpd_t etc_t:file r_file_perms;
allow rblsmtpd_t { bin_t var_t }:dir search;
allow rblsmtpd_t port_t:udp_socket name_bind;
allow rblsmtpd_t utcpserver_t:tcp_socket { read write getattr };

ifdef(`qmail.te', `
domain_auto_trans(rblsmtpd_t, qmail_smtpd_exec_t, qmail_smtpd_t)
allow qmail_queue_t rblsmtpd_t:fd use;
')

ifdef(`daemontools.te', `
svc_ipc_domain(rblsmtpd_t)
')

domain_auto_trans(utcpserver_t, rblsmtpd_exec_t, rblsmtpd_t)