## <summary>The  pcp  command summarizes the status of a Performance Co-Pilot (PCP) installation</summary>

######################################
## <summary>
##  Creates types and rules for a basic
##  pcp daemon domain.
## </summary>
## <param name="prefix">
##  <summary>
##  Prefix for the domain.
##  </summary>
## </param>
#
template(`pcp_domain_template',`
    gen_require(`
        attribute pcp_domain;
    ')

    type pcp_$1_t, pcp_domain;
    type pcp_$1_exec_t;
    init_daemon_domain(pcp_$1_t, pcp_$1_exec_t)
    
    type pcp_$1_initrc_exec_t;
    init_script_file(pcp_$1_initrc_exec_t)

    auth_use_nsswitch(pcp_$1_t)

    optional_policy(`
        cron_system_entry(pcp_$1_t, pcp_$1_exec_t)
    ')
')

######################################
## <summary>
##  Allow domain to read pcp lib files
## </summary>
## <param name="domain">
##  <summary>
##  Prefix for the domain.
##  </summary>
## </param>
#
interface(`pcp_read_lib_files',`
    gen_require(`
        type pcp_var_lib_t;
    ')
    files_search_var_lib($1)
    read_files_pattern($1,pcp_var_lib_t,pcp_var_lib_t)
')

########################################
## <summary>
##  All of the rules required to administrate
##  an pcp environment
## </summary>
## <param name="domain">
##  <summary>
##  Domain allowed access.
##  </summary>
## </param>
## <rolecap/>
#
interface(`pcp_admin',`
    gen_require(`
        type pcp_pmcd_t;
        type pcp_pmlogger_t;
        type pcp_pmproxy_t;
        type pcp_pmie_t;
        type pcp_var_run_t;
    ')

    allow $1 pcp_pmcd_t:process signal_perms;
    ps_process_pattern($1, pcp_pmcd_t)

    allow $1 pcp_pmlogger_t:process signal_perms;
    ps_process_pattern($1, pcp_pmlogger_t)

    allow $1 pcp_pmproxy_t:process signal_perms;
    ps_process_pattern($1, pcp_pmproxy_t)

    allow $1 pcp_pmie_t:process signal_perms;
    ps_process_pattern($1, pcp_pmie_t)

    tunable_policy(`deny_ptrace',`',`
        allow $1 pcp_pmcd_t:process ptrace;
        allow $1 pcp_pmlogger_t:process ptrace;
        allow $1 pcp_pmproxy_t:process ptrace;
        allow $1 pcp_pmie_t:process ptrace;
    ')

    files_search_pids($1)
    admin_pattern($1, pcp_var_run_t)
')

########################################
## <summary>
##  Allow the specified domain to execute pcp_pmie
##  in the caller domain.
## </summary>
## <param name="domain">
## <summary>
##  Domain allowed to transition.
## </summary>
## </param>
#
interface(`pcp_pmie_exec',`
    gen_require(`
        type pcp_pmie_exec_t;
    ')

    corecmd_search_bin($1)
    can_exec($1, pcp_pmie_exec_t)
')

########################################
## <summary>
##  Allow the specified domain to execute pcp_pmlogger
##  in the caller domain.
## </summary>
## <param name="domain">
## <summary>
##  Domain allowed to transition.
## </summary>
## </param>
#
interface(`pcp_pmlogger_exec',`
    gen_require(`
        type pcp_pmlogger_exec_t;
    ')

    corecmd_search_bin($1)
    can_exec($1, pcp_pmlogger_exec_t)
')

#######################################
## <summary>
##      Transition to pcp named content
## </summary>
## <param name="domain">
##      <summary>
##      Domain allowed access.
##      </summary>
## </param>
#
interface(`pcp_filetrans_named_content',`
    gen_require(`
        type pcp_var_run_t;
    ')
    files_pid_filetrans($1, pcp_var_run_t, dir, "pcp")
')

#######################################
## <summary>
##	Allow the specified domain to write to pcp sock file
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`pcp_write_pid_sock_file',`
	gen_require(`
		type pcp_var_run_t;
	')

	files_search_pids($1)
	write_sock_files_pattern($1, pcp_var_run_t, pcp_var_run_t)
')