policy_module(nats, 0.0.3)

########################################
#
# Declarations
#

type nats_t;
type nats_exec_t;
init_daemon_domain(nats_t, nats_exec_t)

type nats_etc_t;
files_config_file(nats_etc_t)

allow nats_t self:fifo_file { read write };
allow nats_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
allow nats_t self:process { getsched signal };
allow nats_t self:tcp_socket { accept bind create getattr listen read setopt write };
allow nats_t self:unix_dgram_socket { connect create getattr write };

logging_send_syslog_msg(nats_t)

read_files_pattern(nats_t, nats_etc_t, nats_etc_t)

miscfiles_read_localization(nats_t)
files_read_etc_files(nats_t)

corenet_tcp_bind_generic_node(nats_t)

kernel_read_net_sysctls(nats_t)

dev_read_sysfs(nats_t)

corenet_tcp_bind_all_unreserved_ports(nats_t)

optional_policy(`
  gen_require(`
    type supervisor_t;
  ')
  supervisor_service_domain(nats_t,nats_exec_t)
')