policy_module(blkmapd, 1.0.0)

########################################
#
# Declarations
#

type blkmapd_t;
type blkmapd_exec_t;
init_daemon_domain(blkmapd_t, blkmapd_exec_t)

type blkmapd_initrc_exec_t;
init_script_file(blkmapd_initrc_exec_t)

type blkmapd_var_run_t;
files_pid_file(blkmapd_var_run_t)


########################################
#
# blkmapd local policy
#

allow blkmapd_t self:capability sys_rawio;

manage_files_pattern(blkmapd_t, blkmapd_var_run_t, blkmapd_var_run_t)
files_pid_filetrans(blkmapd_t, blkmapd_var_run_t, file)

kernel_read_system_state(blkmapd_t)

dev_list_sysfs(blkmapd_t)

fs_list_rpc(blkmapd_t)
fs_rw_rpc_named_pipes(blkmapd_t)
fs_watch_rpc_dirs(blkmapd_t)

storage_raw_read_fixed_disk(blkmapd_t)
storage_raw_read_removable_device(blkmapd_t)


logging_send_syslog_msg(blkmapd_t)

optional_policy(`
   rpc_read_nfs_state_data(blkmapd_t)
')