policy_module(surrogator, 1.0.0)

########################################
#
# Declarations
#

type surrogator_t;
type surrogator_exec_t;
init_daemon_domain(surrogator_t, surrogator_exec_t)

permissive surrogator_t;

type surrogator_cache_t;
files_type(surrogator_cache_t)

type surrogator_var_lib_t;
files_type(surrogator_var_lib_t)

########################################
#
# surrogator local policy
#
allow surrogator_t self:fifo_file rw_fifo_file_perms;
allow surrogator_t self:unix_stream_socket create_stream_socket_perms;

manage_dirs_pattern(surrogator_t, surrogator_cache_t, surrogator_cache_t)
manage_files_pattern(surrogator_t, surrogator_cache_t, surrogator_cache_t)
manage_lnk_files_pattern(surrogator_t, surrogator_cache_t, surrogator_cache_t)
files_var_filetrans(surrogator_t, surrogator_cache_t, { dir file lnk_file })

manage_dirs_pattern(surrogator_t, surrogator_var_lib_t, surrogator_var_lib_t)
manage_files_pattern(surrogator_t, surrogator_var_lib_t, surrogator_var_lib_t)
manage_lnk_files_pattern(surrogator_t, surrogator_var_lib_t, surrogator_var_lib_t)
files_var_lib_filetrans(surrogator_t, surrogator_var_lib_t, { dir file lnk_file })

domain_use_interactive_fds(surrogator_t)

files_read_etc_files(surrogator_t)

miscfiles_read_localization(surrogator_t)

#============= httpd_t ==============
require {
	type httpd_t;
	class file { getattr read open };
}

allow httpd_t surrogator_cache_t:file { getattr read open map };