## <summary>Filesystem namespacing/polyinstantiation application.</summary>

########################################
## <summary>
##	Execute a domain transition to run seunshare.
## </summary>
## <param name="domain">
## <summary>
##	Domain allowed to transition.
## </summary>
## </param>
#
interface(`seunshare_domtrans',`
	gen_require(`
		type seunshare_t, seunshare_exec_t;
	')

	domtrans_pattern($1, seunshare_exec_t, seunshare_t)
')

########################################
## <summary>
##	Execute seunshare in the seunshare domain, and
##	allow the specified role the seunshare domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
#
interface(`seunshare_run',`
	gen_require(`
		type seunshare_t;
	')

	seunshare_domtrans($1)
	role $2 types seunshare_t;

	allow $1 seunshare_t:process signal_perms;

	ifdef(`hide_broken_symptoms', `
		dontaudit seunshare_t $1:tcp_socket rw_socket_perms;
		dontaudit seunshare_t $1:udp_socket rw_socket_perms;
		dontaudit seunshare_t $1:unix_stream_socket rw_socket_perms;
	')
')

########################################
## <summary>
##	Role access for seunshare
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role.
##	</summary>
## </param>
#
interface(`seunshare_role',`
	gen_require(`
		type seunshare_t;
	')

	role $2 types seunshare_t;

	seunshare_domtrans($1)

	ps_process_pattern($2, seunshare_t)
	allow $2 seunshare_t:process signal;
')