#DESC Oav - Anti-virus update program

#

# Author:  Brian May <bam@snoopy.apana.org.au>

# X-Debian-Packages:

#

type oav_update_var_lib_t, file_type, sysadmfile;

type oav_update_exec_t, file_type, sysadmfile, exec_type;

type oav_update_etc_t, file_type, sysadmfile;

# Derived domain based on the calling user domain and the program.

type oav_update_t, domain, privlog;

# Transition from the sysadm domain to the derived domain.

role sysadm_r types oav_update_t;

domain_auto_trans(sysadm_t, oav_update_exec_t, oav_update_t)

# Transition from the sysadm domain to the derived domain.

role system_r types oav_update_t;

system_crond_entry(oav_update_exec_t, oav_update_t)

# Uses shared librarys

uses_shlib(oav_update_t)

# Run helper programs.

can_exec_any(oav_update_t,bin_t)

# Can read /etc/oav-update/* files

allow oav_update_t oav_update_etc_t:dir r_dir_perms;

allow oav_update_t oav_update_etc_t:file r_file_perms;

# Can read /var/lib/oav-update/current

allow oav_update_t oav_update_var_lib_t:dir create_dir_perms;

allow oav_update_t oav_update_var_lib_t:file create_file_perms;

allow oav_update_t oav_update_var_lib_t:lnk_file r_file_perms;

# Can download via network

can_network_server(oav_update_t)