policy_module(ut2004, 0.1.0)

require {
    type interwise_port_t;
}

# File context for the executable process
type ut2004_t;
type ut2004_exec_t;

type ut2004_rw_t;
files_type(ut2004_rw_t)

type ut2004_ro_t;
files_type(ut2004_ro_t)

#type ut2004_tmp_t;
#files_tmp_file(ut2004_tmp_t)

init_daemon_domain(ut2004_t, ut2004_exec_t)

corenet_udp_sendrecv_generic_port(ut2004_t)
corenet_udp_bind_generic_port(ut2004_t)
corenet_udp_bind_generic_node(ut2004_t)

allow ut2004_t ut2004_ro_t:dir list_dir_perms;
allow ut2004_t ut2004_ro_t:file read_file_perms;
#allow ut2004_t ut2004_tmp_t:file manage_file_perms;
#allow ut2004_t ut2004_tmp_t:dir manage_dir_perms;

manage_files_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)
manage_dirs_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)
setattr_files_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)

sysnet_dns_name_resolve(ut2004_t)
#files_tmp_filetrans(ut2004_t, ut2004_tmp_t, { file dir})

# The UT2004 default port is labelled interwise_port_t on some
# Fedora policies
allow ut2004_t interwise_port_t:udp_socket name_bind;