policy_module(timedatex, 1.0.0)

########################################
#
# Declarations
#

type timedatex_t;
type timedatex_exec_t;
init_daemon_domain(timedatex_t, timedatex_exec_t)

########################################
#
# timedatex local policy
#
allow timedatex_t self:capability sys_time;
allow timedatex_t self:fifo_file rw_fifo_file_perms;
allow timedatex_t self:unix_stream_socket create_stream_socket_perms;

corenet_tcp_connect_time_port(timedatex_t)

dev_read_realtime_clock(timedatex_t)

domain_use_interactive_fds(timedatex_t)

files_read_etc_files(timedatex_t)

init_status(timedatex_t)

miscfiles_manage_localization(timedatex_t)
miscfiles_etc_filetrans_localization(timedatex_t)
miscfiles_relabel_localization(timedatex_t)

selinux_dontaudit_validate_context(timedatex_t)
seutil_dontaudit_read_file_contexts(timedatex_t)

systemd_timedated_status(timedatex_t)

optional_policy(`
    chronyd_systemctl(timedatex_t)
')

optional_policy(`
    clock_read_adjtime(timedatex_t)
    clock_domtrans(timedatex_t)
')

optional_policy(`
    cron_dbus_chat_system_job(timedatex_t)
')

optional_policy(`
    dbus_read_pid_files(timedatex_t)
    dbus_system_bus_client(timedatex_t)
    dbus_connect_system_bus(timedatex_t)

    init_dbus_chat(timedatex_t)

    policykit_dbus_chat(timedatex_t)

	optional_policy(`
		xserver_dbus_chat_xdm(timedatex_t)
	')
')

optional_policy(`
    sosreport_dbus_chat(timedatex_t)
')

optional_policy(`
    userdom_dbus_send_all_users(timedatex_t)
')