policy for rhcd

######################################## ##

## Execute rhcd_exec_t in the rhcd domain. ##

## ##

## Domain allowed to transition. ##

## # interface(`rhcd_domtrans',` gen_require(` type rhcd_t, rhcd_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, rhcd_exec_t, rhcd_t) ') ###################################### ##

## Execute rhcd in the caller domain. ##

## ##

## Domain allowed access. ##

## # interface(`rhcd_exec',` gen_require(` type rhcd_exec_t; ') corecmd_search_bin($1) can_exec($1, rhcd_exec_t) ') ###################################### ##

## Read rhcd fifo files ##

## ##

## Domain allowed access. ##

## # interface(`rhcd_read_fifo_files',` gen_require(` type rhcd_t; ') allow $1 rhcd_t:fifo_file read_fifo_file_perms; ') ###################################### ##

## Write/append rhcd fifo files ##

## ##

## Domain allowed access. ##

## # interface(`rhcd_write_fifo_files',` gen_require(` type rhcd_t; ') allow $1 rhcd_t:fifo_file write_fifo_file_perms; ') ###################################### ##

## Send a message to rhcd over a datagram socket. ##

## ##

## Domain allowed access. ##

## # interface(`rhcd_dgram_send',` gen_require(` type rhcd_t; ') allow $1 rhcd_t:unix_dgram_socket sendto; ')