#DESC clockspeed - Simple network time protocol client
#
# Author Petre Rodan <kaiowas@gentoo.org>
#

daemon_base_domain(clockspeed)
var_lib_domain(clockspeed)
can_network(clockspeed_t)
allow clockspeed_t port_type:tcp_socket name_connect;
read_locale(clockspeed_t)

allow clockspeed_t self:capability { sys_time net_bind_service };
allow clockspeed_t self:unix_dgram_socket create_socket_perms;
allow clockspeed_t self:unix_stream_socket create_socket_perms;
allow clockspeed_t clockspeed_port_t:udp_socket name_bind;
allow clockspeed_t domain:packet_socket recvfrom;

allow clockspeed_t var_t:dir search;
allow clockspeed_t clockspeed_var_lib_t:file create_file_perms;
allow clockspeed_t clockspeed_var_lib_t:fifo_file create_file_perms;

# sysadm can play with clockspeed
role sysadm_r types clockspeed_t;
ifdef(`targeted_policy', `', `
domain_auto_trans( sysadm_t, clockspeed_exec_t, clockspeed_t)
')