#DESC games
#
# Macros for games
#
#
# Authors:  Dan Walsh <dwalsh@redhat.com> 
#
#
# games_domain(domain_prefix)
#
#
define(`games_domain', `
x_client_domain($1, `games', `, transitionbool')

allow $1_games_t var_t:dir { search getattr };
rw_dir_create_file($1_games_t, games_data_t)
allow $1_games_t sound_device_t:chr_file rw_file_perms;
r_dir_file($1_games_t, usr_t)
can_udp_send($1_games_t, $1_games_t)
can_tcp_connect($1_games_t, $1_games_t)

# Access /home/user/.gnome2
create_dir_file($1_games_t, $1_home_t)
allow $1_games_t $1_home_dir_t:dir search;
allow $1_games_t $1_home_t:dir { read getattr };

create_dir_file($1_games_t, $1_tmp_t)
allow $1_games_t $1_tmp_t:sock_file create_file_perms;

dontaudit $1_games_t sysctl_t:dir search;

tmp_domain($1_games)
allow $1_games_t urandom_device_t:chr_file { getattr ioctl read };
ifdef(`xdm.te', `
allow $1_games_t xdm_tmp_t:dir rw_dir_perms;
allow $1_games_t xdm_tmp_t:sock_file create_file_perms;
allow $1_games_t xdm_var_lib_t:file { getattr read };
')dnl end if xdm.te

can_unix_connect($1_t, $1_games_t)
can_unix_connect($1_games_t, $1_t)

allow $1_games_t var_lib_t:dir search;
r_dir_file($1_games_t, man_t)
allow $1_games_t proc_t:file { read getattr };
ifdef(`mozilla.te', ` 
dontaudit $1_games_t $1_mozilla_t:unix_stream_socket connectto;
')
allow $1_games_t event_device_t:chr_file getattr;
allow $1_games_t mouse_device_t:chr_file getattr;
allow $1_games_t self:file { getattr read };

# kpat spews errors
dontaudit $1_games_t bin_t:dir getattr;
dontaudit $1_games_t var_run_t:dir search;

')dnl end macro definition