## policy for afs
########################################
##
## Execute a domain transition to run afs.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`afsd_domtrans',`
gen_require(`
type afsd_t, afsd_exec_t;
')
domain_auto_trans($1,afsd_exec_t,afsd_t)
allow $1 afsd_t:fd use;
allow afsd_t $1:fd use;
allow afsd_t $1:fifo_file rw_file_perms;
allow afsd_t $1:process sigchld;
')
interface(`afs_access',`
gen_require(`
type afsd_t, afsd_etc_t;
type autofs_t, nfs_t;
')
allow $1 afsd_t:udp_socket all_udp_socket_perms;
allow $1 afsd_etc_t:dir r_dir_perms;
allow $1 afsd_etc_t:file r_file_perms;
allow $1 afsd_etc_t:lnk_file r_file_perms;
allow $1 autofs_t:dir all_dir_perms;
allow $1 autofs_t:lnk_file all_lnk_file_perms;
allow $1 nfs_t:dir all_dir_perms;
allow $1 nfs_t:file all_file_perms;
allow $1 nfs_t:lnk_file all_lnk_file_perms;
allow $1 nfs_t:sock_file all_sock_file_perms;
allow $1 nfs_t:fifo_file all_fifo_file_perms;
allow $1 nfs_t:chr_file all_chr_file_perms;
allow $1 nfs_t:blk_file all_blk_file_perms;
')