#
# ICE related types 
#
# Author: Ivan Gyurdiev <ivg2@cornell.edu>
#
# ice_domain(prefix, role) - create ICE sockets
# ice_connect(type1_prefix, type2_prefix) - allow communication through ICE sockets 

define(`ice_domain', `
ifdef(`$1_ice_tmp_t_defined',`', `
define(`$1_ice_tmp_t_defined')

# Type for ICE sockets
type $1_ice_tmp_t, file_type, $1_file_type, sysadmfile, tmpfile;
file_type_auto_trans($1_t, ice_tmp_t, $1_ice_tmp_t)

# Create the sockets
allow $1_t self:unix_stream_socket create_stream_socket_perms;
allow $1_t self:unix_dgram_socket create_socket_perms;

# FIXME: How does iceauth tie in?

')
')

# FIXME: Should this be bidirectional?
# Adding only unidirectional for now.

define(`ice_connect', `

# Read .ICEauthority file
allow $1_t $2_iceauth_home_t:file { read getattr };

can_unix_connect($1_t, $2_t)
allow $1_t ice_tmp_t:dir r_dir_perms;
allow $1_t $2_ice_tmp_t:sock_file { read write };
allow $1_t $2_t:unix_stream_socket { read write };
')