## <summary>Administration Server for Directory Server, dirsrv-admin.</summary>

########################################
## <summary>
##	Exec dirsrv-admin programs.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`dirsrvadmin_run_exec',`
	gen_require(`
		type dirsrvadmin_exec_t;
	')

	allow $1 dirsrvadmin_exec_t:dir search_dir_perms;
	can_exec($1, dirsrvadmin_exec_t)
')

########################################
## <summary>
##	Exec cgi programs.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`dirsrvadmin_run_script_exec',`
	gen_require(`
		type dirsrvadmin_script_exec_t;
	')

	allow $1 dirsrvadmin_script_exec_t:dir search_dir_perms;
	can_exec($1, dirsrvadmin_script_exec_t)
')

########################################
## <summary>
##	Manage dirsrv-adminserver configuration files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`dirsrvadmin_read_config',`
	gen_require(`
		type dirsrvadmin_config_t;
	')

	read_files_pattern($1, dirsrvadmin_config_t, dirsrvadmin_config_t)
')

########################################
## <summary>
##	Manage dirsrv-adminserver configuration files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`dirsrvadmin_manage_config',`
	gen_require(`
		type dirsrvadmin_config_t;
	')

	allow $1 dirsrvadmin_config_t:dir manage_dir_perms;
	allow $1 dirsrvadmin_config_t:file manage_file_perms;
')

#######################################
## <summary>
##      Read dirsrv-adminserver tmp files.
## </summary>
## <param name="domain">
##      <summary>
##      Domain allowed access.
##      </summary>
## </param>
#
interface(`dirsrvadmin_read_tmp',`
        gen_require(`
                type dirsrvadmin_tmp_t;
        ')

        read_files_pattern($1, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
')

########################################
## <summary>
##      Manage dirsrv-adminserver tmp files.
## </summary>
## <param name="domain">
##      <summary>
##      Domain allowed access.
##      </summary>
## </param>
#
interface(`dirsrvadmin_manage_tmp',`
        gen_require(`
                type dirsrvadmin_tmp_t;
        ')

	manage_files_pattern($1, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
	manage_dirs_pattern($1, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
')

########################################
## <summary>
##	Execute dirsrv-admin server in the dirsrv-admin domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`dirsrvadmin_systemctl',`
	gen_require(`
		type dirsrvadmin_t;
		type dirsrvadmin_unit_file_t;
	')

	systemd_exec_systemctl($1)
	init_reload_services($1)
	allow $1 dirsrvadmin_unit_file_t:file read_file_perms;
	allow $1 dirsrvadmin_unit_file_t:service manage_service_perms;

	ps_process_pattern($1, dirsrvadmin_t)
')

#######################################
## <summary>
##  Execute admin cgi programs in caller domain.
## </summary>
## <param name="domain">
##  <summary>
##  Domain allowed access.
##  </summary>
## </param>
#
interface(`dirsrvadmin_domtrans_unconfined_script_t',`
    gen_require(`
       type dirsrvadmin_unconfined_script_t;
        type dirsrvadmin_unconfined_script_exec_t;
    ')

   domtrans_pattern($1, dirsrvadmin_unconfined_script_exec_t, dirsrvadmin_unconfined_script_t)
   allow $1 dirsrvadmin_unconfined_script_t:process signal_perms;
')