policy_module(ical,1.0.0)

########################################
#
# Declarations
#

type ical_t;
type ical_exec_t;
application_domain(ical_t, ical_exec_t)
role system_r types ical_t;


type ical_tmp_t;
files_tmp_file(ical_tmp_t)
type ical_file_t;
files_config_file(ical_file_t)

########################################
#
# ical local policy
#

## internal communication is often done using fifo and unix sockets.
allow ical_t self:fifo_file rw_file_perms;
allow ical_t self:unix_stream_socket create_stream_socket_perms;

files_read_etc_files(ical_t)

libs_use_ld_so(ical_t)
libs_use_shared_libs(ical_t)

miscfiles_read_localization(ical_t)


allow ical_t ical_tmp_t:file manage_file_perms;
allow ical_t ical_tmp_t:dir create_dir_perms;
files_tmp_filetrans(ical_t,ical_tmp_t, { file dir })

logging_send_audit_msgs(ical_t)


optional_policy(`
	gen_require(`
		type unconfined_t;
		type unconfined_devpts_t;
		type unconfined_tty_device_t;
		role unconfined_r;
	')

	ical_run(unconfined_t, unconfined_r, { unconfined_tty_device_t unconfined_devpts_t })
')