policy_module(phpfpm_additional, 0.0.2)

require {
  type phpfpm_t;
  type etc_t;
  type httpd_sys_content_t;
  type phpfpm_tmp_t;
  type usr_t;
}

allow phpfpm_t self:process sigkill;

miscfiles_read_all_certs(phpfpm_t)
miscfiles_read_fonts(phpfpm_t)

corenet_tcp_connect_pop_port(phpfpm_t)
corenet_tcp_connect_http_port(phpfpm_t)
corenet_tcp_connect_sieve_port(phpfpm_t)
corenet_tcp_connect_smtp_port(phpfpm_t)

files_tmp_filetrans(phpfpm_t, phpfpm_tmp_t, lnk_file)

apache_manage_sys_content(phpfpm_t)
fs_mmap_rw_hugetlbfs_files(phpfpm_t)

allow phpfpm_t etc_t:file map;
allow phpfpm_t httpd_sys_content_t:file map;
allow phpfpm_t phpfpm_tmp_t:file map;
allow phpfpm_t usr_t:file map;