## <module name="miscfiles" layer="system">
## <summary>Miscelaneous files.</summary>

########################################
## <interface name="miscfiles_manage_man_page_cache">
##     <description>
##             Allow process to create files and dirs in /var/cache/man
##             and /var/catman/
##     </description>
##      <securitydesc>
##              ...
##      </securitydesc>
##     <parameter name="domain">
##             Type type of the process performing this action.
##     </parameter>
## </interface>
#
define(`miscfiles_manage_man_page_cache',`
	requires_block_template(`$0'_depend)

	# FIXME: search var_t dir
	allow $1 catman_t:dir create_dir_perms;
	allow $1 catman_t:file create_file_perms;
')

define(`miscfiles_manage_man_page_cache_depend',`
	type catman_t;

	class dir create_dir_perms;
	class file create_file_perms;
')

########################################
## <interface name="miscfiles_read_fonts">
##     <description>
##             Allow process to read fonts files
##     </description>
##      <securitydesc>
##              ...
##      </securitydesc>
##     <parameter name="domain">
##             Type type of the process performing this action.
##     </parameter>
## </interface>
#
define(`miscfiles_read_fonts',`
	requires_block_template(`$0'_depend)

	# FIXME: search usr_t dir
	# FIXME: search lib_t dir
	# cjp: fonts can be in either of the above dirs
	allow $1 fonts_t:dir r_dir_perms;
	allow $1 fonts_t:file r_file_perms;
')

define(`miscfiles_read_fonts_depend',`
	type fonts_t;

	class dir r_dir_perms;
	class file r_file_perms;
')

########################################
## <interface name="miscfiles_read_localization">
##     <description>
##             Allow process to read localization info
##     </description>
##      <securitydesc>
##              ...
##      </securitydesc>
##     <parameter name="domain">
##             Type type of the process performing this action.
##     </parameter>
## </interface>
#
define(`miscfiles_read_localization',`
	requires_block_template(`$0'_depend)

	# FIXME: $1 read etc_t:lnk_file here
	# FIXME: $1 search usr_t:dir here
	allow $1 locale_t:dir r_dir_perms;
	allow $1 locale_t:lnk_file r_file_perms;
	allow $1 locale_t:file r_file_perms;

	# why?
	libraries_read_library_resources($1)
')

define(`miscfiles_read_localization_depend',`
	type locale_t;

	class dir r_dir_perms;
	class lnk_file r_file_perms;
	class file r_file_perms;
')

########################################
## <interface name="miscfiles_legacy_read_localization">
##     <description>
##             Allow process to read legacy time localization info
##     </description>
##      <securitydesc>
##              ...
##      </securitydesc>
##     <parameter name="domain">
##             Type type of the process performing this action.
##     </parameter>
## </interface>
#
define(`miscfiles_legacy_read_localization',`
	requires_block_template(`$0'_depend)

	miscfiles_read_localization($1)
	allow $1 locale_t:file execute;
')

define(`miscfiles_read_localization_depend',`
	type locale_t;

	class file execute;
')

########################################
## <interface name="miscfiles_read_man_pages">
##     <description>
##             Allow process to read manpages
##     </description>
##      <securitydesc>
##              ...
##      </securitydesc>
##     <parameter name="domain">
##             Type type of the process performing this action.
##     </parameter>
## </interface>
#
define(`miscfiles_read_man_pages',`
	requires_block_template(`$0'_depend)

	# FIXME: search usr_t dir
	allow $1 man_t:dir r_dir_perms;
	allow $1 man_t:file r_file_perms;
	allow $1 man_t:lnk_file r_file_perms;
')

define(`miscfiles_read_man_pages_depend',`
	type man_t;

	class dir r_dir_perms;
	class file r_file_perms;
	class lnk_file r_file_perms;
')

## </module>