# SPDX-License-Identifier: AGPL-3.0-or-later
#
# PASST - Plug A Simple Socket Transport
#  for qemu/UNIX domain socket mode
#
# contrib/selinux/passt.if - SELinux profile example: Interface File for passt
#
# Copyright (c) 2022 Red Hat GmbH
# Author: Stefano Brivio <sbrivio@redhat.com>

interface(`passt_read_data',`
	gen_require(`
		type passt_data_t;
	')
	allow $1 passt_t:dir { search add_name };
	allow $1 passt_t:file { open read getattr };
')

interface(`passt_domtrans',`
	gen_require(`
		type passt_t, passt_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, passt_exec_t, passt_t)
')

interface(`passt_socket',`
	gen_require(`
		type passt_t;
	')

	allow $1 user_tmp_t:sock_file write;
	allow $1 passt_t:unix_stream_socket connectto;
')

interface(`passt_kill',`
	gen_require(`
		type passt_t;
	')

	allow $1 passt_t:process { signal sigkill };
')