#
# Macros for iceauth domains.
#
# Author:  Ivan Gyurdiev <gyurdiev@redhat.com>
#
# iceauth_domain(domain_prefix)

define(`iceauth_domain',`

# Program type
type $1_iceauth_t, domain;

# Transition from the user domain to this domain.
domain_auto_trans($1_t, iceauth_exec_t, $1_iceauth_t)
role $1_r types $1_iceauth_t;

# Store .ICEauthority files
home_domain($1, iceauth)
file_type_auto_trans($1_iceauth_t, $1_home_dir_t, $1_iceauth_home_t, file)

# Supress xdm trying to restore .ICEauthority permissions
ifdef(`xdm.te', `
dontaudit xdm_t $1_iceauth_home_t:file r_file_perms;
')

# /root
allow $1_iceauth_t root_t:dir search;

# Terminal output
access_terminal($1_iceauth_t, $1)

uses_shlib($1_iceauth_t)

# ??? 
allow $1_iceauth_t etc_t:dir search;
allow $1_iceauth_t usr_t:dir search;

# FIXME: policy is incomplete

')dnl end xauth_domain macro