policy_module(openca, 1.3.0)

########################################
#
# Declarations
#

type openca_ca_t;
type openca_ca_exec_t;
domain_type(openca_ca_t)
domain_entry_file(openca_ca_t, openca_ca_exec_t)
role system_r types openca_ca_t;

type openca_etc_t;
files_config_file(openca_etc_t)

type openca_etc_in_t;
files_type(openca_etc_in_t)

type openca_etc_writeable_t;
files_type(openca_etc_writeable_t)

type openca_usr_share_t;
files_type(openca_usr_share_t)

type openca_var_lib_t;
files_type(openca_var_lib_t)

type openca_var_lib_keys_t;
files_type(openca_var_lib_keys_t)

########################################
#
# Local policy
#

allow openca_ca_t openca_etc_t:dir list_dir_perms;
allow openca_ca_t openca_etc_t:file read_file_perms;
allow openca_ca_t openca_etc_t:lnk_file read_lnk_file_perms;

manage_dirs_pattern(openca_ca_t, openca_etc_writeable_t, openca_etc_writeable_t)
manage_files_pattern(openca_ca_t, openca_etc_writeable_t, openca_etc_writeable_t)

manage_dirs_pattern(openca_ca_t, openca_var_lib_t, openca_var_lib_t)
manage_files_pattern(openca_ca_t, openca_var_lib_t, openca_var_lib_t)

manage_dirs_pattern(openca_ca_t, openca_var_lib_keys_t, openca_var_lib_keys_t)
manage_files_pattern(openca_ca_t, openca_var_lib_keys_t, openca_var_lib_keys_t)

allow openca_ca_t openca_usr_share_t:dir list_dir_perms;
allow openca_ca_t openca_usr_share_t:file read_file_perms;
allow openca_ca_t openca_usr_share_t:lnk_file read_lnk_file_perms;

corecmd_exec_bin(openca_ca_t)

dev_read_rand(openca_ca_t)

files_list_default(openca_ca_t)

init_use_fds(openca_ca_t)
init_use_script_fds(openca_ca_t)

libs_exec_lib_files(openca_ca_t)

apache_append_log(openca_ca_t)
apache_rw_cache_files(openca_ca_t)