selinux-policy/policy/modules/admin/amtu.if

## <summary>Abstract Machine Test Utility</summary>

########################################
## <summary>
##	Execute amtu in the amtu domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`amtu_domtrans',`
	gen_require(`
		type amtu_t, amtu_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1,amtu_exec_t,amtu_t)
')

########################################
## <summary>
##	Execute amtu in the amtu domain, and
##	allow the specified role the amtu domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to be allowed the amtu domain.
##	</summary>
## </param>
## <param name="terminal">
##	<summary>
##	The type of the terminal allow the amtu domain to use.
##	</summary>
## </param>
#
interface(`amtu_run',`
	gen_require(`
		type amtu_t;
	')

	amtu_domtrans($1)
	role $2 types amtu_t;
	allow amtu_t $3:chr_file rw_term_perms;
')