policy_module(rtorrent, 0.0.19)

require {
    type init_t;
    type public_content_t;
    type public_content_rw_t;
    type bin_t;
    type shell_exec_t;
    type fs_t;
}


# File context for the executable process
type rtorrent_t;
type rtorrent_exec_t;

type rtorrent_rw_t;
files_type(rtorrent_rw_t)

type rtorrent_ro_t;
files_type(rtorrent_ro_t)

# _sky_files_use_tmp(rtorrent_t, rtorrent_tmp_t)

init_daemon_domain(rtorrent_t, rtorrent_exec_t)

# corenet_udp_sendrecv_generic_port(rtorrent_t)
corenet_udp_bind_generic_port(rtorrent_t)
corenet_udp_bind_generic_node(rtorrent_t)
corenet_tcp_sendrecv_generic_port(rtorrent_t)
corenet_tcp_bind_generic_port(rtorrent_t)
corenet_tcp_bind_generic_node(rtorrent_t)

corenet_tcp_connect_all_unreserved_ports(rtorrent_t)
corenet_tcp_connect_all_ephemeral_ports(rtorrent_t)
corenet_tcp_connect_http_port(rtorrent_t)

allow rtorrent_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };

# Needed to start /bin/bash
#exec_files_pattern(rtorrent_t, bin_t, shell_exec_t)

# Needed to start java
# exec_files_pattern(rtorrent_t, bin_t, bin_t)
# _sky_java_process(rtorrent_t)

read_files_pattern(rtorrent_t, rtorrent_ro_t, rtorrent_ro_t)
read_lnk_files_pattern(rtorrent_t, rtorrent_ro_t, rtorrent_ro_t)
mmap_files_pattern(rtorrent_t, rtorrent_ro_t, rtorrent_ro_t)

read_files_pattern(rtorrent_t, public_content_t, public_content_t)
read_lnk_files_pattern(rtorrent_t, public_content_t, public_content_t)
mmap_files_pattern(rtorrent_t, public_content_t, public_content_t)

manage_files_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
manage_dirs_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
manage_lnk_files_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
mmap_files_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)

manage_files_pattern(rtorrent_t, public_content_rw_t, public_content_rw_t)
mmap_files_pattern(rtorrent_t, public_content_rw_t, public_content_rw_t)

sysnet_dns_name_resolve(rtorrent_t)

#sssd_read_public_files(rtorrent_t)

#dev_read_rand(rtorrent_t)
#dev_read_sysfs(rtorrent_t)

allow rtorrent_t fs_t:filesystem getattr;