#DESC Oav - Anti-virus update program
#
# Author:  Brian May <bam@snoopy.apana.org.au>
# X-Debian-Packages:
#

type oav_update_var_lib_t, file_type, sysadmfile;
type oav_update_exec_t, file_type, sysadmfile, exec_type;
type oav_update_etc_t, file_type, sysadmfile;

# Derived domain based on the calling user domain and the program.
type oav_update_t, domain, privlog;

# Transition from the sysadm domain to the derived domain.
role sysadm_r types oav_update_t;
domain_auto_trans(sysadm_t, oav_update_exec_t, oav_update_t)

# Transition from the sysadm domain to the derived domain.
role system_r types oav_update_t;
system_crond_entry(oav_update_exec_t, oav_update_t)

# Uses shared librarys
uses_shlib(oav_update_t)

# Run helper programs.
can_exec_any(oav_update_t,bin_t)

# Can read /etc/oav-update/* files
allow oav_update_t oav_update_etc_t:dir r_dir_perms;
allow oav_update_t oav_update_etc_t:file r_file_perms;

# Can read /var/lib/oav-update/current
allow oav_update_t oav_update_var_lib_t:dir create_dir_perms;
allow oav_update_t oav_update_var_lib_t:file create_file_perms;
allow oav_update_t oav_update_var_lib_t:lnk_file r_file_perms;

# Can download via network
can_network_server(oav_update_t)