# Joe Presbrey # presbrey@mit.edu # 2006/1/15 interface(`afsd_domtrans',` gen_require(` type afsd_t, afsd_exec_t; ') domain_auto_trans($1,afsd_exec_t,afsd_t) allow $1 afsd_t:fd use; allow afsd_t $1:fd use; allow afsd_t $1:fifo_file rw_file_perms; allow afsd_t $1:process sigchld; ') interface(`afs_access',` gen_require(` type afs_t, afs_bin_t; type afsd_t, afsd_etc_t; ') allow $1 afs_bin_t:file rx_file_perms; domain_auto_trans($1, afs_bin_t, afs_t) allow afs_t $1:fd use; allow afs_t $1:process sigchld; allow $1 afsd_t:udp_socket write; allow $1 afsd_etc_t:dir r_dir_perms; allow $1 afsd_etc_t:file r_file_perms; allow $1 afsd_etc_t:lnk_file r_file_perms; fs_manage_autofs_symlinks($1) fs_manage_nfs_dirs($1) fs_manage_nfs_files($1) fs_manage_nfs_symlinks($1) fs_manage_nfs_named_pipes($1) fs_manage_nfs_named_sockets($1) allow $1 nfs_t:file entrypoint; allow $1 nfs_t:{file dir} rx_file_perms; ')