## <summary>OpenCA - Open Certificate Authority</summary>

########################################
## <summary>
##	Execute the OpenCA program with
##	a domain transition.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`openca_domtrans',`
	gen_require(`
		type openca_ca_t, openca_ca_exec_t, openca_usr_share_t;
	')

	domain_auto_trans($1,openca_ca_exec_t,openca_ca_t)
	allow httpd_t openca_usr_share_t:dir search_dir_perms;
	files_search_usr(httpd_t)

	allow openca_ca_t $1:fd use;
	allow openca_ca_t $1:fifo_file rw_file_perms;
	allow openca_ca_t $1:process sigchld;
')

########################################
## <summary>
##	Send OpenCA generic signals.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`openca_signal',`
	gen_require(`
		type openca_ca_t;
	')

	allow $1 openca_ca_t:process signal;
')

########################################
## <summary>
##	Send OpenCA stop signals.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`openca_sigstop',`
	gen_require(`
		type openca_ca_t;
	')

	allow $1 openca_ca_t:process sigstop;
')

########################################
## <summary>
##	Kill OpenCA.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`openca_kill',`
	gen_require(`
		type openca_ca_t;
	')

	allow $1 openca_ca_t:process sigkill;
')