## <summary>policy for afs</summary>

########################################
## <summary>
##	Execute a domain transition to run afs.
## </summary>
## <param name="domain">
## <summary>
##	Domain allowed to transition.
## </summary>
## </param>
#
interface(`afsd_domtrans',`
	gen_require(`
		type afsd_t, afsd_exec_t;
	')

	domain_auto_trans($1,afsd_exec_t,afsd_t)

	allow $1 afsd_t:fd use;
	allow afsd_t $1:fd use;
	allow afsd_t $1:fifo_file rw_file_perms;
	allow afsd_t $1:process sigchld;
')

interface(`afs_access',`
	gen_require(`
		type afsd_t, afsd_etc_t;
		type autofs_t, nfs_t;
	')
	allow $1 afsd_t:udp_socket all_udp_socket_perms;
	allow $1 afsd_etc_t:dir r_dir_perms;
	allow $1 afsd_etc_t:file r_file_perms;
	allow $1 afsd_etc_t:lnk_file r_file_perms;
	allow $1 autofs_t:dir all_dir_perms;
	allow $1 autofs_t:lnk_file all_lnk_file_perms;
	allow $1 nfs_t:dir all_dir_perms;
	allow $1 nfs_t:file all_file_perms;
	allow $1 nfs_t:lnk_file all_lnk_file_perms;
	allow $1 nfs_t:sock_file all_sock_file_perms;
	allow $1 nfs_t:fifo_file all_fifo_file_perms;
	allow $1 nfs_t:chr_file all_chr_file_perms;
	allow $1 nfs_t:blk_file all_blk_file_perms;
')