## <summary>Policy for network configuration: ifconfig and dhcp client.</summary>

#######################################
##     <desc>
##             Execute dhcp client in dhcpc domain.
##     </desc>
##     <param name="domain">
##             The type of the process performing this action.
##     </param>
#
interface(`sysnet_domtrans_dhcpc',`
	gen_require(`
		type dhcpc_t, dhcpc_exec_t;
		class process sigchld;
		class fd use;
		class fifo_file rw_file_perms;
	')

	corecmd_search_sbin($1)
	domain_auto_trans($1, dhcpc_exec_t, dhcpc_t)

	allow $1 dhcpc_t:fd use;
	allow dhcpc_t $1:fd use;
	allow dhcpc_t $1:fifo_file rw_file_perms;
	allow dhcpc_t $1:process sigchld;
')

########################################
## <summary>
##	Send a SIGCHLD signal to the dhcp client.
## </summary>
## <param name="domain">
##	The domain sending the SIGCHLD.
## </param>
#
interface(`sysnet_sigchld_dhcpc',`
	gen_require(`
		type dhcpc_t;
		class process sigchld;
	')

	allow $1 dhcpc_t:process sigchld;
')

########################################
## <summary>
##	Send a kill signal to the dhcp client.
## </summary>
## <param name="domain">
##	The domain sending the SIGKILL.
## </param>
#
interface(`sysnet_kill_dhcpc',`
	gen_require(`
		type dhcpc_t;
		class process sigkill;
	')

	allow $1 dhcpc_t:process sigkill;
')

########################################
## <summary>
##	Send a SIGSTOP signal to the dhcp client.
## </summary>
## <param name="domain">
##	The domain sending the SIGSTOP.
## </param>
#
interface(`sysnet_sigstop_dhcpc',`
	gen_require(`
		type dhcpc_t;
		class process sigstop;
	')

	allow $1 dhcpc_t:process sigstop;
')

########################################
## <summary>
##	Send a null signal to the dhcp client.
## </summary>
## <param name="domain">
##	The domain sending the null signal.
## </param>
#
interface(`sysnet_signull_dhcpc',`
	gen_require(`
		type dhcpc_t;
		class process signull;
	')

	allow $1 dhcpc_t:process signull;
')

########################################
## <summary>
##	Send a generic signal to the dhcp client.
## </summary>
## <param name="domain">
##	The domain sending the signal.
## </param>
#
interface(`sysnet_signal_dhcpc',`
	gen_require(`
		type dhcpc_t;
		class process signal;
	')

	allow $1 dhcpc_t:process signal;
')

########################################
## <summary>
##	Read and write dhcp configuration files.
## </summary>
## <param name="domain">
##	The domain allowed access.
## </param>
#
interface(`sysnet_rw_dhcp_config',`
	gen_require(`
		type dhcp_etc_t;
		class file { getattr read };
	')

	files_search_etc($1)
	allow $1 dhcp_etc_t:file { getattr read };
')

########################################
## <summary>
##	Read dhcp client state files.
## </summary>
## <param name="domain">
##	The domain allowed access.
## </param>
#
interface(`sysnet_read_dhcpc_state',`
	gen_require(`
		type dhcpc_state_t;
		class file { getattr read };
	')

	allow $1 dhcpc_state_t:file { getattr read };
')

#######################################
## <summary>
##	Allow network init to read network config files.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`sysnet_read_config',`
	gen_require(`
		type net_conf_t;
		class file r_file_perms;
	')

	files_search_etc($1)
	allow $1 net_conf_t:file r_file_perms;
')

#######################################
## <summary>
##	Create, read, write, and delete network config files.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`sysnet_manage_config',`
	gen_require(`
		type net_conf_t;
		class file create_file_perms;
	')

	allow $1 net_conf_t:file r_file_perms;
	files_create_etc_config($1,net_conf_t,file)
')

#######################################
## <summary>
##	Read the dhcp client pid file.
## </summary>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`sysnet_read_dhcpc_pid',`
	gen_require(`
		type dhcpc_var_run_t;
		class file { getattr read };
	')

	files_list_pids($1)
	allow $1 dhcpc_var_run_t:file { getattr read };
')

#######################################
## <desc>
##	Execute ifconfig in the ifconfig domain.
## </desc>
## <param name="domain">
##	The type of the process performing this action.
## </param>
#
interface(`sysnet_domtrans_ifconfig',`
	gen_require(`
		type ifconfig_t, ifconfig_exec_t;
		class process sigchld;
		class fd use;
		class fifo_file rw_file_perms;
	')

	corecmd_search_sbin($1)
	domain_auto_trans($1, ifconfig_exec_t, ifconfig_t)

	allow $1 ifconfig_t:fd use;
	allow ifconfig_t $1:fd use;
	allow ifconfig_t $1:fifo_file rw_file_perms;
	allow ifconfig_t $1:process sigchld;
')

########################################
## <desc>
##	Execute ifconfig in the ifconfig domain, and
##	allow the specified role the ifconfig domain,
##	and use the caller's terminal.
## </desc>
## <param name="domain">
##	The type of the process performing this action.
## </param>
## <param name="role">
##	The role to be allowed the ifconfig domain.
## </param>
## <param name="terminal">
##	The type of the terminal allow the ifconfig domain to use.
## </param>
#
interface(`sysnet_run_ifconfig',`
	gen_require(`
		type ifconfig_t;
		class chr_file rw_term_perms;
	')

	corecmd_search_sbin($1)
	sysnet_domtrans_ifconfig($1)
	role $2 types ifconfig_t;
	allow ifconfig_t $3:chr_file rw_term_perms;
')