policy_module(overviewer, 0.1.2)

#################################
#
# Declarations
#

type overviewer_t;
type overviewer_exec_t;
init_system_domain(overviewer_t, overviewer_exec_t)

########################################
#
# Local policy
#

allow overviewer_t self:fifo_file { getattr ioctl read write };

gen_require(`
        type minecraft_opt_t;
')
search_dirs_pattern(overviewer_t, minecraft_opt_t, minecraft_opt_t)
read_files_pattern(overviewer_t, minecraft_opt_t, minecraft_opt_t)
allow overviewer_t minecraft_opt_t:dir read;

apache_manage_sys_content(overviewer_t)

corecmd_exec_all_executables(overviewer_t)
corecmd_exec_shell(overviewer_t)

files_read_etc_files(overviewer_t)
files_manage_generic_tmp_files(overviewer_t)
miscfiles_read_localization(overviewer_t)

dev_read_urand(overviewer_t)

gen_require(`
	type tmp_t;
')
allow overviewer_t tmp_t:file execute;

optional_policy(`
        cron_system_entry(overviewer_t, overviewer_exec_t)
')

gen_require(`
        type crond_tmp_t;
')
allow overviewer_t crond_tmp_t:file { read write ioctl getattr };