policy_module(logsentry, 0.2)

#######################################
#
# Declarations
#

type logsentry_t;
type logsentry_exec_t;
application_domain(logsentry_t, logsentry_exec_t)
role system_r types logsentry_t;

type logsentry_etc_t;
files_type(logsentry_etc_t)

type logsentry_tmp_t;
files_tmp_file(logsentry_tmp_t)

type logsentry_filter_t;
files_type(logsentry_filter_t)

#######################################
#
# Local Policy
#

allow logsentry_t self:fifo_file rw_inherited_fifo_file_perms;
allow logsentry_t self:capability { setuid setgid };
allow logsentry_t logsentry_exec_t:file execute_no_trans;

manage_dirs_pattern(logsentry_t, logsentry_tmp_t, logsentry_tmp_t)
manage_files_pattern(logsentry_t, logsentry_tmp_t, logsentry_tmp_t)

files_tmp_filetrans(logsentry_t, logsentry_tmp_t, file)

manage_files_pattern(logsentry_t, logsentry_filter_t, logsentry_filter_t)

files_read_etc_files(logsentry_t)

logging_search_logs(logsentry_t)
logging_manage_generic_logs(logsentry_t)

kernel_read_system_state(logsentry_t)

corecmd_exec_shell(logsentry_t)
corecmd_exec_bin(logsentry_t)

miscfiles_read_localization(logsentry_t)

mta_send_mail(logsentry_t)

userdom_dontaudit_search_user_home_dirs(logsentry_t)

optional_policy(`
  logging_manage_audit_log(logsentry_t)
')

optional_policy(`
  hostname_exec(logsentry_t)
')

optional_policy(`
  cron_system_entry(logsentry_t, logsentry_exec_t)
')