## <summary>NetLabel/CIPSO labeled networking management</summary>

########################################
## <summary>
##      Execute netlabel_mgmt in the netlabel_mgmt domain.
## </summary>
## <param name="domain">
##      <summary>
##      Domain allowed access.
##      </summary>
## </param>
#
interface(`netlabel_domtrans_mgmt',`
        gen_require(`
                type netlabel_mgmt_t, netlabel_mgmt_exec_t;
        ')

	corecmd_search_sbin($1)
	domain_auto_trans($1,netlabel_mgmt_exec_t,netlabel_mgmt_t)
	allow netlabel_mgmt_t $1:fd use;
	allow netlabel_mgmt_t $1:fifo_file rw_file_perms;
	allow netlabel_mgmt_t $1:process sigchld;
')

########################################
## <summary>
##      Execute netlabel_mgmt in the netlabel_mgmt domain, and
##      allow the specified role the netlabel_mgmt domain.
## </summary>
## <param name="domain">
##      <summary>
##      Domain allowed access.
##      </summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the netlabel_mgmt domain.
##	</summary>
## </param>
## <param name="terminal">
##	<summary>
##	The type of the terminal allow the netlabel_mgmt domain to use.
##	</summary>
## </param>
## <rolecap/>
#
interface(`netlabel_run_mgmt',`
	gen_require(`
		type netlabel_mgmt_t;
	')

	netlabel_domtrans_mgmt($1)
	role $2 types netlabel_mgmt_t;
	allow netlabel_mgmt_t $3:chr_file rw_term_perms;
')