#
# GConfd daemon  
#
# Author: Ivan Gyurdiev <ivg2@cornell.edu>
#

#######################################
# gconfd_domain(role_prefix)
#

define(`gconfd_domain', `

# Type for daemon
type $1_gconfd_t, domain, nscd_client_domain, privlog;

gnome_application($1_gconfd, $1)

# Transition from user type
domain_auto_trans($1_t, gconfd_exec_t, $1_gconfd_t)
role $1_r types $1_gconfd_t;

allow $1_gconfd_t self:process { signal getsched };

# Access .gconfd and .gconf
home_domain($1, gconfd)
file_type_auto_trans($1_gconfd_t, $1_home_dir_t, $1_gconfd_home_t, dir)

# Access /etc/gconf
r_dir_file($1_gconfd_t, gconf_etc_t)

# /tmp/gconfd-USER
tmp_domain($1_gconfd)

ifdef(`xdm.te', `
can_pipe_xdm($1_gconfd_t)
allow xdm_t $1_gconfd_t:process signal;
')

') dnl gconf_domain

#####################################
# gconf_client(prefix, role_prefix)
#

define(`gconf_client', `

# Launch the daemon if necessary
domain_auto_trans($1_t, gconfd_exec_t, $2_gconfd_t)

# Connect over bonobo
bonobo_connect($1, $2_gconfd)

# Read lock/ior
allow $1_t $2_gconfd_tmp_t:dir { getattr search };
allow $1_t $2_gconfd_tmp_t:file { getattr read }; 

') dnl gconf_client