policy_module(mptcpd, 1.0.0)

########################################
#
# Declarations
#

type mptcpd_t;
type mptcpd_exec_t;
init_daemon_domain(mptcpd_t, mptcpd_exec_t)
init_nnp_daemon_domain(mptcpd_t)

type mptcpd_etc_t;
files_config_file(mptcpd_etc_t)

permissive mptcpd_t;

########################################
#
# mptcpd local policy
#
allow mptcpd_t self:fifo_file rw_fifo_file_perms;
allow mptcpd_t self:netlink_generic_socket create_socket_perms;
allow mptcpd_t self:netlink_route_socket r_netlink_socket_perms;
allow mptcpd_t self:unix_dgram_socket create_socket_perms;
allow mptcpd_t self:unix_stream_socket create_stream_socket_perms;

allow mptcpd_t mptcpd_etc_t:file map;
manage_dirs_pattern(mptcpd_t, mptcpd_etc_t, mptcpd_etc_t)
read_files_pattern(mptcpd_t, mptcpd_etc_t, mptcpd_etc_t)

kernel_dgram_send(mptcpd_t)
kernel_read_net_sysctls(mptcpd_t)

domain_use_interactive_fds(mptcpd_t)

files_read_etc_files(mptcpd_t)

logging_create_devlog_dev(mptcpd_t)
logging_write_syslog_pid_socket(mptcpd_t)

miscfiles_read_localization(mptcpd_t)