#

# ICE related types 

#

# Author: Ivan Gyurdiev <ivg2@cornell.edu>

#

# ice_domain(prefix, role) - create ICE sockets

# ice_connect(type1_prefix, type2_prefix) - allow communication through ICE sockets 

define(`ice_domain', `

ifdef(`$1_ice_tmp_t_defined',`', `

define(`$1_ice_tmp_t_defined')

# Type for ICE sockets

type $1_ice_tmp_t, file_type, $1_file_type, sysadmfile, tmpfile;

file_type_auto_trans($1_t, ice_tmp_t, $1_ice_tmp_t)

# Create the sockets

allow $1_t self:unix_stream_socket create_stream_socket_perms;

allow $1_t self:unix_dgram_socket create_socket_perms;

# FIXME: How does iceauth tie in?

')

')

# FIXME: Should this be bidirectional?

# Adding only unidirectional for now.

define(`ice_connect', `

# Read .ICEauthority file

allow $1_t $2_iceauth_home_t:file { read getattr };

can_unix_connect($1_t, $2_t)

allow $1_t ice_tmp_t:dir r_dir_perms;

allow $1_t $2_ice_tmp_t:sock_file { read write };

allow $1_t $2_t:unix_stream_socket { read write };

')