#DESC dbus-daemon-1 server for dbus desktop bus protocol
#
# Author:  Russell Coker <russell@coker.com.au>

dbusd_domain(system)

allow system_dbusd_t system_dbusd_var_run_t:sock_file create_file_perms;

ifdef(`pamconsole.te', `
r_dir_file(system_dbusd_t, pam_var_console_t)
')

# dac_override: /var/run/dbus is owned by messagebus on Debian
allow system_dbusd_t self:capability { dac_override setgid setuid };
nsswitch_domain(system_dbusd_t)

# I expect we need more than this

allow initrc_t system_dbusd_t:dbus { send_msg acquire_svc };
allow initrc_t system_dbusd_t:unix_stream_socket connectto;
allow initrc_t system_dbusd_var_run_t:sock_file write;

can_exec(system_dbusd_t, sbin_t)
allow system_dbusd_t self:fifo_file { read write };
allow system_dbusd_t self:unix_stream_socket connectto;
allow system_dbusd_t self:unix_stream_socket connectto;
allow system_dbusd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };