policy_module(ulogd, 1.2.1)

########################################

#

# Declarations

#

type ulogd_t;

type ulogd_exec_t;

init_daemon_domain(ulogd_t, ulogd_exec_t)

type ulogd_etc_t;

files_config_file(ulogd_etc_t)

type ulogd_initrc_exec_t;

init_script_file(ulogd_initrc_exec_t)

type ulogd_modules_t;

files_type(ulogd_modules_t)

type ulogd_var_log_t;

logging_log_file(ulogd_var_log_t)

########################################

#

# Local policy

#

allow ulogd_t self:capability { net_admin sys_nice };

allow ulogd_t self:process { setsched };

allow ulogd_t self:netlink_nflog_socket create_socket_perms;

allow ulogd_t self:netlink_route_socket r_netlink_socket_perms;

allow ulogd_t self:netlink_socket create_socket_perms;

allow ulogd_t self:tcp_socket { create_stream_socket_perms connect };

allow ulogd_t self:udp_socket create_socket_perms;

read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t)

list_dirs_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)

mmap_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)

append_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)

create_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)

setattr_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)

logging_log_filetrans(ulogd_t, ulogd_var_log_t, file)

sysnet_dns_name_resolve(ulogd_t)

optional_policy(`

	mysql_stream_connect(ulogd_t)

	mysql_tcp_connect(ulogd_t)

')

optional_policy(`

	postgresql_stream_connect(ulogd_t)

	postgresql_tcp_connect(ulogd_t)

')