policy_module(boltd, 1.0.0)

########################################
#
# Declarations
#

type boltd_t;
type boltd_exec_t;
init_daemon_domain(boltd_t, boltd_exec_t)

type boltd_var_lib_t;
files_type(boltd_var_lib_t)

type boltd_var_run_t;
files_pid_file(boltd_var_run_t)

########################################
#
# boltd local policy
#
allow boltd_t self:capability dac_read_search;

allow boltd_t self:netlink_kobject_uevent_socket create_socket_perms;
allow boltd_t self:unix_dgram_socket create_socket_perms;

manage_dirs_pattern(boltd_t, boltd_var_lib_t, boltd_var_lib_t)
manage_files_pattern(boltd_t, boltd_var_lib_t, boltd_var_lib_t)
manage_lnk_files_pattern(boltd_t, boltd_var_lib_t, boltd_var_lib_t)
files_var_lib_filetrans(boltd_t, boltd_var_lib_t, { dir file lnk_file })

manage_dirs_pattern(boltd_t, boltd_var_run_t, boltd_var_run_t)
manage_files_pattern(boltd_t, boltd_var_run_t, boltd_var_run_t)
manage_fifo_files_pattern(boltd_t, boltd_var_run_t, boltd_var_run_t)
files_pid_filetrans(boltd_t, boltd_var_run_t, { dir file fifo_file })

kernel_dgram_send(boltd_t)

auth_use_nsswitch(boltd_t)

dev_manage_sysfs(boltd_t)

domain_read_all_domains_state(boltd_t)

fs_getattr_tmpfs(boltd_t)
fs_getattr_xattr_fs(boltd_t)

init_named_socket_activation(boltd_t, boltd_var_lib_t, "boltd")

logging_send_syslog_msg(boltd_t)
logging_stream_connect_syslog(boltd_t)

optional_policy(`
    dbus_acquire_svc_system_dbusd(boltd_t)
    dbus_stream_connect_system_dbusd(boltd_t)
    dbus_send_system_bus(boltd_t)
    policykit_dbus_chat(boltd_t)
')

optional_policy(`
    gnome_read_generic_cache_files(boltd_t)
')

optional_policy(`
    fwupd_read_state(boltd_t)
    fwupd_dbus_chat(boltd_t)
')

optional_policy(`
    udev_read_db(boltd_t)
')

optional_policy(`
    xserver_dbus_chat_xdm(boltd_t)
')

optional_policy(`
    unconfined_dbus_send(boltd_t)
')