## <summary>File transfer protocol service</summary>

########################################
## <summary>
##      Use ftp by connecting over TCP.
## </summary>
## <param name="domain">
##      Domain allowed access.
## </param>
#
interface(`ftp_tcp_connect',`
	gen_require(`
		type ftpd_t;
	')

	allow $1 ftpd_t:tcp_socket { connectto recvfrom };
	allow ftpd_t $1:tcp_socket { acceptfrom recvfrom };
	kernel_tcp_recvfrom($1)
')

########################################
## <summary>
##      Read ftpd etc files
## </summary>
## <param name="domain">
##      Domain allowed access.
## </param>
#
interface(`ftp_read_config',`
	gen_require(`
		type ftpd_etc_t;
	')

	files_search_etc($1)
	allow $1 ftpd_etc_t:file { getattr read };
')

########################################
## <summary>
##      Execute FTP daemon entry point programs.
## </summary>
## <param name="domain">
##      Domain allowed access.
## </param>
#
interface(`ftp_check_exec',`
	gen_require(`
		type ftpd_exec_t;
	')

	corecmd_search_sbin($1)
	allow $1 ftpd_exec_t:file x_file_perms;
')

########################################
## <summary>
##      Read FTP transfer logs
## </summary>
## <param name="domain">
##      Domain allowed access.
## </param>
#
interface(`ftp_read_log',`
	gen_require(`
		type xferlog_t;
	')

	logging_search_logs($1)
	allow $1 xferlog_t:file r_file_perms;
')