## <summary>policy for zarafa services</summary>

######################################
## <summary>
##	Creates types and rules for a basic
##	zararfa init daemon domain.
## </summary>
## <param name="prefix">
##	<summary>
##	Prefix for the domain.
##	</summary>
## </param>
#
template(`zarafa_domain_template',`
	gen_require(`
		attribute zarafa_domain;
	')

	##############################
	#
	# $1_t declarations
	#

	type zarafa_$1_t, zarafa_domain;
	type zarafa_$1_exec_t;
	init_daemon_domain(zarafa_$1_t, zarafa_$1_exec_t)

	type zarafa_$1_log_t;
	logging_log_file(zarafa_$1_log_t)

	type zarafa_$1_var_run_t;
	files_pid_file(zarafa_$1_var_run_t)

	##############################
	#
	# $1_t local policy
	#

	manage_files_pattern(zarafa_$1_t, zarafa_$1_var_run_t, zarafa_$1_var_run_t)
	manage_sock_files_pattern(zarafa_$1_t, zarafa_$1_var_run_t, zarafa_$1_var_run_t)
	files_pid_filetrans(zarafa_$1_t, zarafa_$1_var_run_t, { file sock_file })
	#stream_connect_pattern(zarafa_$1_t, $1_var_run_t, $1_var_run_t, virtd_t)

	manage_files_pattern(zarafa_$1_t, zarafa_$1_log_t,zarafa_$1_log_t)
	#manage_sock_files_pattern(zarafa_$1_t, zarafa_$1_log_t,zarafa_$1_log_t)
	logging_log_filetrans(zarafa_$1_t,zarafa_$1_log_t,{ file })
')

########################################
## <summary>
##	Execute a domain transition to run zarafa_server.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`zarafa_server_domtrans',`
	gen_require(`
		type zarafa_server_t, zarafa_server_exec_t;
	')

	domtrans_pattern($1, zarafa_server_exec_t, zarafa_server_t)
')

########################################
## <summary>
##	Execute a domain transition to run zarafa_deliver.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`zarafa_deliver_domtrans',`
	gen_require(`
		type zarafa_deliver_t, zarafa_deliver_exec_t;
	')

	domtrans_pattern($1, zarafa_deliver_exec_t, zarafa_deliver_t)
')

#######################################
## <summary>
##	Connect to zarafa-server unix domain stream socket.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`zarafa_stream_connect_server',`
	gen_require(`
		type zarafa_server_t, zarafa_server_var_run_t;
	')

	files_search_var_lib($1)
	stream_connect_pattern($1, zarafa_server_var_run_t, zarafa_server_var_run_t, zarafa_server_t)
')