policy_module(lightsquid, 1.0.2)

########################################
#
# Declarations
#

attribute_role lightsquid_roles;
roleattribute system_r lightsquid_roles;

type lightsquid_t;
type lightsquid_exec_t;
application_domain(lightsquid_t, lightsquid_exec_t)
role lightsquid_roles types lightsquid_t;

type lightsquid_rw_content_t;
files_type(lightsquid_rw_content_t)

########################################
#
# Local policy
#

manage_dirs_pattern(lightsquid_t, lightsquid_rw_content_t, lightsquid_rw_content_t)
manage_files_pattern(lightsquid_t, lightsquid_rw_content_t, lightsquid_rw_content_t)
manage_lnk_files_pattern(lightsquid_t, lightsquid_rw_content_t, lightsquid_rw_content_t)
files_var_filetrans(lightsquid_t, lightsquid_rw_content_t, dir)

corecmd_exec_bin(lightsquid_t)
corecmd_exec_shell(lightsquid_t)

dev_read_urand(lightsquid_t)

squid_read_config(lightsquid_t)
squid_read_log(lightsquid_t)

optional_policy(`
	apache_content_template(lightsquid)

	list_dirs_pattern(httpd_lightsquid_script_t, lightsquid_rw_content_t, lightsquid_rw_content_t)
	read_files_pattern(httpd_lightsquid_script_t, lightsquid_rw_content_t, lightsquid_rw_content_t)
	read_lnk_files_pattern(httpd_lightsquid_script_t, lightsquid_rw_content_t, lightsquid_rw_content_t)
')

optional_policy(`
	cron_system_entry(lightsquid_t, lightsquid_exec_t)
')