1 files changed, 78 insertions, 0 deletions

diff --git a/policy/modules/contrib/certwatch.if b/policy/modules/contrib/certwatch.if
new file mode 100644
index 000000000..953451a44
--- /dev/null
+++ b/policy/modules/contrib/certwatch.if
@@ -0,0 +1,78 @@
+## <summary>Digital Certificate Tracking</summary>
+
+########################################
+## <summary>
+##	Domain transition to certwatch.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`certwatch_domtrans',`
+	gen_require(`
+		type certwatch_exec_t, certwatch_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	domtrans_pattern($1, certwatch_exec_t, certwatch_t)
+')
+
+########################################
+## <summary>
+##	Execute certwatch in the certwatch domain, and
+##	allow the specified role the certwatch domain,
+##	and use the caller's terminal. Has a sigchld
+##	backchannel.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`certwatch_run',`
+	gen_require(`
+		type certwatch_t;
+	')
+
+	certwatch_domtrans($1)
+	role $2 types certwatch_t;
+')
+
+########################################
+## <summary>
+##	Execute certwatch in the certwatch domain, and
+##	allow the specified role the certwatch domain,
+##	and use the caller's terminal. Has a sigchld
+##	backchannel.  (Deprecated)
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <param name="terminal">
+##	<summary>
+##	The type of the terminal allow the certwatch domain to use.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`certwatach_run',`
+	refpolicywarn(`$0($*) has been deprecated, please use certwatch_run() instead.')
+	certwatch_run($*)
+')