policy_module(smstools, 1.0.0)

########################################
#
# Declarations
#

type smsd_t;
type smsd_exec_t;
init_daemon_domain(smsd_t, smsd_exec_t)

type smsd_initrc_exec_t;
init_script_file(smsd_initrc_exec_t)

type smsd_conf_t;
files_config_file(smsd_conf_t)

type smsd_log_t;
logging_log_file(smsd_log_t)

type smsd_var_lib_t;
files_type(smsd_var_lib_t)

type smsd_var_run_t;
files_pid_file(smsd_var_run_t)

type smsd_spool_t;
files_type(smsd_spool_t)

########################################
#
# Local policy
#

allow smsd_t self:capability { kill setgid setuid };
allow smsd_t self:process signal;
allow smsd_t self:fifo_file rw_fifo_file_perms;
allow smsd_t self:unix_stream_socket { accept listen };

allow smsd_t smsd_conf_t:file read_file_perms;

manage_dirs_pattern(smsd_t, smsd_log_t, smsd_log_t)
create_files_pattern(smsd_t, smsd_log_t, smsd_log_t)
append_files_pattern(smsd_t, smsd_log_t, smsd_log_t)
setattr_files_pattern(smsd_t, smsd_log_t, smsd_log_t)
manage_lnk_files_pattern(smsd_t, smsd_log_t, smsd_log_t)
logging_log_filetrans(smsd_t, smsd_log_t, { dir file })

manage_dirs_pattern(smsd_t, smsd_var_lib_t, smsd_var_lib_t)
manage_files_pattern(smsd_t, smsd_var_lib_t, smsd_var_lib_t)
manage_lnk_files_pattern(smsd_t, smsd_var_lib_t, smsd_var_lib_t)

manage_dirs_pattern(smsd_t, smsd_var_run_t, smsd_var_run_t)
manage_files_pattern(smsd_t, smsd_var_run_t, smsd_var_run_t)
manage_lnk_files_pattern(smsd_t, smsd_var_run_t, smsd_var_run_t)
files_pid_filetrans(smsd_t, smsd_var_run_t, { dir file })

manage_dirs_pattern(smsd_t, smsd_spool_t, smsd_spool_t)
manage_files_pattern(smsd_t, smsd_spool_t, smsd_spool_t)
manage_lnk_files_pattern(smsd_t, smsd_spool_t, smsd_spool_t)
files_spool_filetrans(smsd_t, smsd_spool_t, dir)

kernel_read_kernel_sysctls(smsd_t)
kernel_read_system_state(smsd_t)

corecmd_exec_shell(smsd_t)

auth_use_nsswitch(smsd_t)

logging_send_syslog_msg(smsd_t)

optional_policy(`
	mysql_stream_connect(smsd_t)
')