#
# Macros for tvtime domains.
#

#
# Author: Dan Walsh <dwalsh@redhat.com>
#

#
# tvtime_domain(domain_prefix)
#
# Define a derived domain for the tvtime program when executed
# by a user domain.
#
# The type declaration for the executable type for this program is
# provided separately in domains/program/tvtime.te. 
#
undefine(`tvtime_domain')
ifdef(`tvtime.te', `
define(`tvtime_domain',`

# Type transition
type $1_tvtime_t, domain, nscd_client_domain;
domain_auto_trans($1_t, tvtime_exec_t, $1_tvtime_t)
role $1_r types $1_tvtime_t;

# X access, Home files
home_domain($1, tvtime)
file_type_auto_trans($1_tvtime_t, $1_home_dir_t, $1_tvtime_home_t, dir)
x_client_domain($1_tvtime, $1)

uses_shlib($1_tvtime_t)
read_locale($1_tvtime_t)
read_sysctl($1_tvtime_t)
access_terminal($1_tvtime_t, $1)

# Allow the user domain to signal/ps.
can_ps($1_t, $1_tvtime_t)
allow $1_t $1_tvtime_t:process signal_perms;

# Read /etc/tvtime
allow $1_tvtime_t etc_t:file { getattr read };

# Tmp files
tmp_domain($1_tvtime, `', `{ file dir fifo_file }')

allow $1_tvtime_t urandom_device_t:chr_file read;
allow $1_tvtime_t clock_device_t:chr_file { ioctl read };
allow $1_tvtime_t kernel_t:system ipc_info;
allow $1_tvtime_t sound_device_t:chr_file { ioctl read };
allow $1_tvtime_t $1_home_t:dir { getattr read search };
allow $1_tvtime_t $1_home_t:file { getattr read };
allow $1_tvtime_t self:capability { setuid sys_nice sys_resource };
allow $1_tvtime_t self:process setsched;
allow $1_tvtime_t usr_t:file { getattr read };

')dnl end tvtime_domain

', `

define(`tvtime_domain',`')

')