# SPDX-License-Identifier: AGPL-3.0-or-later
#
# PASST - Plug A Simple Socket Transport
#  for qemu/UNIX domain socket mode
#
# contrib/selinux/passt.if - SELinux profile: Interface File for passt
#
# Copyright (c) 2022 Red Hat GmbH
# Author: Stefano Brivio <sbrivio@redhat.com>

interface(`passt_domtrans',`
	gen_require(`
		type passt_t, passt_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, passt_exec_t, passt_t)
')

interface(`passt_socket',`
	gen_require(`
		type passt_t;
	')

	allow $1 $2:sock_file write;
	allow $1 passt_t:unix_stream_socket connectto;

	allow passt_t $2:sock_file { create read write unlink };
')

interface(`passt_logfile',`
	gen_require(`
		type passt_t;
	')

	logging_log_file($1);
	allow passt_t $1:dir { search write add_name };
	allow passt_t $1:file { create open read write };
')

interface(`passt_pidfile',`
	gen_require(`
		type passt_t;
	')

	allow $1 $2:file { open read unlink };

	files_pid_file($2);
	allow passt_t $2:dir { search write add_name };
	allow passt_t $2:file { create open write };
')

interface(`passt_kill',`
	gen_require(`
		type passt_t;
	')

	allow $1 passt_t:process { signal sigkill };
')