#DESC canna - A Japanese character set input system.
#
# Authors: Dan Walsh <dwalsh@redhat.com>
#
#

#################################
#
# Rules for the canna_t domain.
#
daemon_domain(canna)

file_type_auto_trans(canna_t, var_run_t, canna_var_run_t, sock_file)

logdir_domain(canna)
var_lib_domain(canna)

allow canna_t self:capability { setgid setuid net_bind_service };
allow canna_t tmp_t:dir { search };
allow canna_t self:unix_stream_socket { connectto create_stream_socket_perms};
allow canna_t self:unix_dgram_socket create_stream_socket_perms;
allow canna_t etc_t:file { getattr read };
allow canna_t usr_t:file { getattr read };

allow canna_t proc_t:file r_file_perms;
allow canna_t etc_runtime_t:file r_file_perms;
allow canna_t canna_var_lib_t:dir create;

rw_dir_create_file(canna_t, canna_var_lib_t)

can_network_tcp(canna_t)
allow canna_t port_type:tcp_socket name_connect;
can_ypbind(canna_t)

allow userdomain canna_var_run_t:dir search;
allow userdomain canna_var_run_t:sock_file write;
can_unix_connect(userdomain, canna_t)

ifdef(`i18n_input.te', `
allow i18n_input_t canna_var_run_t:dir search;
allow i18n_input_t canna_var_run_t:sock_file write;
can_unix_connect(i18n_input_t, canna_t)
')

dontaudit canna_t kernel_t:fd use;
dontaudit canna_t root_t:file read;