policy_module(gnomeclock, 1.0.0)

########################################
#
# Declarations
#

type gnomeclock_t;
type gnomeclock_exec_t;
dbus_system_domain(gnomeclock_t, gnomeclock_exec_t)

########################################
#
# gnomeclock local policy
#

allow gnomeclock_t self:capability { sys_nice sys_time sys_ptrace };
allow gnomeclock_t self:process { getattr getsched };
allow gnomeclock_t self:fifo_file rw_fifo_file_perms;
allow gnomeclock_t self:unix_stream_socket create_stream_socket_perms;

corecmd_exec_bin(gnomeclock_t)

files_read_etc_files(gnomeclock_t)
files_read_usr_files(gnomeclock_t)

auth_use_nsswitch(gnomeclock_t)

clock_domtrans(gnomeclock_t)

miscfiles_read_localization(gnomeclock_t)
miscfiles_manage_localization(gnomeclock_t)
miscfiles_etc_filetrans_localization(gnomeclock_t)

userdom_read_all_users_state(gnomeclock_t)

optional_policy(`
	consolekit_dbus_chat(gnomeclock_t)
')

optional_policy(`
	policykit_dbus_chat(gnomeclock_t)
	policykit_domtrans_auth(gnomeclock_t)
	policykit_read_lib(gnomeclock_t)
	policykit_read_reload(gnomeclock_t)
')