# i18n_input.te
# Security Policy for IIIMF htt server
# Date: 2004, 12th April (Monday)

# Establish i18n_input as a daemon
daemon_domain(i18n_input)

can_exec(i18n_input_t, i18n_input_exec_t)
can_network(i18n_input_t)
allow i18n_input_t port_type:tcp_socket name_connect;
can_ypbind(i18n_input_t)

can_tcp_connect(userdomain, i18n_input_t)
can_unix_connect(i18n_input_t, initrc_t)

allow i18n_input_t self:fifo_file rw_file_perms;
allow i18n_input_t i18n_input_port_t:tcp_socket name_bind;

allow i18n_input_t self:capability { kill setgid setuid };
allow i18n_input_t self:process { setsched setpgid };

allow i18n_input_t { bin_t sbin_t }:dir search;
can_exec(i18n_input_t, bin_t)

allow i18n_input_t etc_t:file r_file_perms;
allow i18n_input_t self:unix_dgram_socket create_socket_perms;
allow i18n_input_t self:unix_stream_socket create_stream_socket_perms;
allow i18n_input_t i18n_input_var_run_t:dir create_dir_perms;
allow i18n_input_t i18n_input_var_run_t:sock_file create_file_perms;
allow i18n_input_t usr_t:file { getattr read };
allow i18n_input_t home_root_t:dir search;
allow i18n_input_t etc_runtime_t:file { getattr read };
allow i18n_input_t proc_t:file { getattr read };