## <summary>Internet services daemon.</summary>

########################################
## <summary>
##	Define the specified domain as a inetd service.
## </summary>
## <desc>
##	Define the specified domain as a inetd service.  The
##	inetd_service_domain(), inetd_tcp_service_domain(),
##	or inetd_udp_service_domain() interfaces should be used
##	instead of this interface, as this interface only provides
##	the common rules to these three interfaces.
## </desc>
## <param name="domain">
##	The type associated with the inetd service process.
## </param>
## <param name="entrypoint">
##	The type associated with the process program.
## </param>
#
interface(`inetd_core_service_domain',`
	gen_require(`
		type inetd_t;
		role system_r;
		class fd use;
		class fifo_file rw_file_perms;
		class process { sigchld sigkill };
	')

	domain_type($1)
	domain_entry_file($1,$2)

	role system_r types $1;

	domain_auto_trans(inetd_t,$2,$1)

	allow $1 inetd_t:fd use;
	allow inetd_t $1:fd use;
	allow $1 inetd_t:fifo_file rw_file_perms;
	allow $1 inetd_t:process sigchld;

	allow inetd_t $1:process sigkill;
')

########################################
## <summary>
##	Define the specified domain as a TCP inetd service.
## </summary>
## <param name="domain">
##	The type associated with the inetd service process.
## </param>
## <param name="entrypoint">
##	The type associated with the process program.
## </param>
#
interface(`inetd_tcp_service_domain',`

	gen_require(`
		type inetd_t;
		class tcp_socket rw_stream_socket_perms;
	')

	inetd_core_service_domain($1,$2)

	allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
')

########################################
## <summary>
##	Define the specified domain as a UDP inetd service.
## </summary>
## <param name="domain">
##	The type associated with the inetd service process.
## </param>
## <param name="entrypoint">
##	The type associated with the process program.
## </param>
#
interface(`inetd_udp_service_domain',`
	gen_require(`
		type inetd_t;
		class udp_socket rw_socket_perms;
	')

	inetd_core_service_domain($1,$2)

	allow $1 inetd_t:udp_socket rw_socket_perms;
')

########################################
## <summary>
##	Define the specified domain as a TCP and UDP inetd service.
## </summary>
## <param name="domain">
##	The type associated with the inetd service process.
## </param>
## <param name="entrypoint">
##	The type associated with the process program.
## </param>
#
interface(`inetd_service_domain',`
	gen_require(`
		type inetd_t;
		class tcp_socket rw_stream_socket_perms;
		class udp_socket rw_socket_perms;
	')

	inetd_core_service_domain($1,$2)

	allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
	allow $1 inetd_t:udp_socket rw_socket_perms;
')

########################################
## <summary>
##	Connect to the inetd service using a TCP connection.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`inetd_tcp_connect',`
	gen_require(`
		type inetd_t;
		class tcp_socket { connectto acceptfrom recvfrom };
	')

	allow $1 inetd_t:tcp_socket { connectto recvfrom };
	allow inetd_t $1:tcp_socket { acceptfrom recvfrom };

	#allow inetd_t kernel_t:tcp_socket recvfrom;
	#allow $1 kernel_t:tcp_socket recvfrom;
')

########################################
## <summary>
##	Run inetd child process in the inet child domain
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`inetd_domtrans_child',`
	gen_require(`
		type inetd_child_t, inetd_child_exec_t;
		class process sigchld;
		class fd use;
		class fifo_file rw_file_perms;
	')

	corecmd_search_sbin($1)
	domain_auto_trans($1,inetd_child_exec_t,inetd_child_t)

	allow $1 inetd_child_t:fd use;
	allow inetd_child_t $1:fd use;
	allow inetd_child_t $1:fifo_file rw_file_perms;
	allow inetd_child_t $1:process sigchld;
')