#DESC X print server
#
# Author:  Russell Coker <russell@coker.com.au>
# X-Debian-Packages: xprt-xprintorg
#

#################################
#
# Rules for the xprint_t domain.
#
# xprint_exec_t is the type of the xprint executable.
#
daemon_domain(xprint)

allow initrc_t readable_t:dir r_dir_perms;
allow initrc_t fonts_t:dir r_dir_perms;

allow xprint_t var_lib_t:dir search;
allow xprint_t fonts_t:dir r_dir_perms;
allow xprint_t fonts_t:file { getattr read };

allow xprint_t { bin_t sbin_t }:dir search;
can_exec(xprint_t, { bin_t sbin_t ls_exec_t shell_exec_t })
allow xprint_t bin_t:lnk_file { getattr read };

allow xprint_t tmp_t:dir { getattr search };
ifdef(`xdm.te', `
allow xprint_t xdm_xserver_tmp_t:dir rw_dir_perms;
allow xprint_t xdm_xserver_tmp_t:sock_file create_file_perms;
')

# Use the network.
can_network_server(xprint_t)
can_ypbind(xprint_t)
allow xprint_t self:fifo_file rw_file_perms;
allow xprint_t self:unix_stream_socket create_stream_socket_perms;

allow xprint_t proc_t:file { getattr read };
allow xprint_t self:file { getattr read };

# read config files
allow xprint_t { etc_t etc_runtime_t }:file { getattr read };
ifdef(`cups.te', `
allow xprint_t cupsd_etc_t:dir search;
allow xprint_t cupsd_etc_t:file { getattr read };
')

r_dir_file(xprint_t, usr_t)

allow xprint_t urandom_device_t:chr_file { getattr read };