policy_module(afterburn, 1.0.0)

########################################
#
# Declarations
#

type afterburn_t;
type afterburn_exec_t;
init_daemon_domain(afterburn_t, afterburn_exec_t)

type afterburn_unit_file_t;
systemd_unit_file(afterburn_unit_file_t)

permissive afterburn_t;

########################################
#
# afterburn local policy
#
allow afterburn_t self:capability { setgid setuid sys_admin };
allow afterburn_t self:process { fork setpgid };
allow afterburn_t self:fifo_file rw_fifo_file_perms;
allow afterburn_t self:unix_dgram_socket create_socket_perms;

kernel_dgram_send(afterburn_t)
kernel_read_all_proc(afterburn_t)

corenet_tcp_connect_http_port(afterburn_t)

domain_use_interactive_fds(afterburn_t)

files_read_etc_files(afterburn_t)

optional_policy(`
	auth_use_nsswitch(afterburn_t)
')

optional_policy(`
	logging_write_syslog_pid_socket(afterburn_t)
')

optional_policy(`
	miscfiles_read_localization(afterburn_t)
')

optional_policy(`
	networkmanager_dbus_chat(afterburn_t)
')

optional_policy(`
	ssh_filetrans_home_content(afterburn_t)
')

optional_policy(`
	sysnet_dns_name_resolve(afterburn_t)
')