#DESC ddcprobe - output ddcprobe results from kudzu
#
# Author: dan walsh <dwalsh@redhat.com>
#

type ddcprobe_t, domain, privmem;
type ddcprobe_exec_t, file_type, exec_type, sysadmfile;

# Allow execution by the sysadm
role sysadm_r types ddcprobe_t;
role system_r types ddcprobe_t;
domain_auto_trans(sysadm_t, ddcprobe_exec_t, ddcprobe_t)

uses_shlib(ddcprobe_t)

# Allow terminal access
access_terminal(ddcprobe_t, sysadm)

# Allow ddcprobe to read /dev/mem
allow ddcprobe_t memory_device_t:chr_file read;
allow ddcprobe_t memory_device_t:chr_file { execute write };
allow ddcprobe_t self:process execmem;
allow ddcprobe_t zero_device_t:chr_file { execute read };

allow ddcprobe_t proc_t:dir search;
allow ddcprobe_t proc_t:file { getattr read };
can_exec(ddcprobe_t, sbin_t)
allow ddcprobe_t user_tty_type:chr_file rw_file_perms;
allow ddcprobe_t userdomain:fd use;
read_sysctl(ddcprobe_t)
allow ddcprobe_t urandom_device_t:chr_file { getattr read };
allow ddcprobe_t { bin_t sbin_t }:dir r_dir_perms;
allow ddcprobe_t self:capability { sys_rawio sys_admin };

allow ddcprobe_t { etc_t etc_runtime_t }:file { getattr read };
allow ddcprobe_t kudzu_exec_t:file getattr;
allow ddcprobe_t lib_t:file { getattr read };
read_locale(ddcprobe_t)
allow ddcprobe_t modules_object_t:dir search;
allow ddcprobe_t modules_dep_t:file { getattr read };
allow ddcprobe_t usr_t:file { getattr read };
allow ddcprobe_t kernel_t:system syslog_console;