#
# Macros for tvtime domains.
#

#
# Author: Dan Walsh <dwalsh@redhat.com>
#

#
# tvtime_domain(domain_prefix)
#
# Define a derived domain for the tvtime program when executed
# by a user domain.
#
# The type declaration for the executable type for this program is
# provided separately in domains/program/tvtime.te. 
#
undefine(`tvtime_domain')
ifdef(`tvtime.te', `
define(`tvtime_domain',`

home_domain($1, tvtime)
x_client_domain($1, tvtime)

allow $1_tvtime_t urandom_device_t:chr_file read;
allow $1_tvtime_t clock_device_t:chr_file { ioctl read };
allow $1_tvtime_t kernel_t:system ipc_info;
allow $1_tvtime_t sound_device_t:chr_file read;
allow $1_tvtime_t $1_home_t:dir { getattr read search };
allow $1_tvtime_t $1_home_t:file { getattr read };
tmp_domain($1_tvtime)
allow $1_tvtime_t self:capability { setuid sys_nice sys_resource };
allow $1_tvtime_t self:process setsched;
allow $1_tvtime_t usr_t:file { getattr read };

')dnl end tvtime_domain

', `

define(`tvtime_domain',`')

')