## <summary>Shibboleth authentication deamon</summary>

########################################
## <summary>
##	Allow your application domain to access
##	config files from shibboleth
## </summary>
## <param name="domain">
##	<summary>
##	The domain which should be enabled.
##	</summary>
## </param>
#
interface(`shibboleth_read_config',`
	gen_require(`
		type shibboleth_etc_t;
	')

	read_files_pattern($1, shibboleth_etc_t, shibboleth_etc_t)
')

########################################
## <summary>
##	Allow the specified domain to connect to shibboleth with a unix socket.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`shibboleth_stream_connect',`
	gen_require(`
		type shibboleth_t;
		type shibboleth_var_run_t;
	')

	stream_connect_pattern($1, shibboleth_var_run_t, shibboleth_var_run_t, shibboleth_t)
	files_search_pids($1)
')