policy_module(mysqldump, 0.1.6)

#################################
#
# Declarations
#

type mysqldump_t;
type mysqldump_exec_t;
init_system_domain(mysqldump_t, mysqldump_exec_t)

type mysqldump_var_t;
files_type(mysqldump_var_t)


########################################
#
# Local policy
#

allow mysqldump_t self:fifo_file { read write getattr ioctl };
allow mysqldump_t self:process signal;

optional_policy(`
	mysql_stream_connect(mysqldump_t)
')

corecmd_exec_shell(mysqldump_t)
corecmd_exec_bin(mysqldump_t)
auth_use_nsswitch(mysqldump_t)
miscfiles_read_localization(mysqldump_t)
kernel_read_system_state(mysqldump_t)
fs_getattr_xattr_fs(mysqldump_t)

manage_dirs_pattern(mysqldump_t, mysqldump_var_t, mysqldump_var_t)
manage_files_pattern(mysqldump_t, mysqldump_var_t, mysqldump_var_t)
type_transition mysqldump_t mysqldump_var_t:file mysqldump_var_t;

optional_policy(`
	gen_require(`
		type mysqld_etc_t;
	')
	allow mysqldump_t mysqld_etc_t:dir { read open search getattr };
	allow mysqldump_t mysqld_etc_t:file { read getattr open };
	allow mysqldump_t mysqld_etc_t:lnk_file read;
')

optional_policy(`
	gen_require(`
		type crond_tmp_t;
	')
	allow mysqldump_t crond_tmp_t:file { read write ioctl };
')

optional_policy(`
	gen_require(`
		type usr_t;
	')
	allow mysqldump_t usr_t:file { read getattr open };
')

optional_policy(`
	gen_require(`
		type backup_store_t;
	')
	search_dirs_pattern(mysqldump_t, backup_store_t, backup_store_t)
')
cron_system_entry(mysqldump_t, mysqldump_exec_t)