policy_module(podsleuth, 1.0.0)

########################################
#
# Declarations
#

type podsleuth_t;
type podsleuth_exec_t;
application_domain(podsleuth_t, podsleuth_exec_t)
role system_r types podsleuth_t;

########################################
#
# podsleuth local policy
#

allow podsleuth_t self:process { signal getsched execheap execmem };
allow podsleuth_t self:fifo_file rw_file_perms;
allow podsleuth_t self:unix_stream_socket create_stream_socket_perms;

kernel_read_system_state(podsleuth_t)

dev_read_urand(podsleuth_t)

files_read_etc_files(podsleuth_t)

miscfiles_read_localization(podsleuth_t)

dbus_system_bus_client_template(podsleuth, podsleuth_t)

mono_exec(podsleuth_t)

hal_dbus_chat(podsleuth_t)