policy_module(ethereal, 1.5.0)

########################################
#
# Declarations
#

type ethereal_exec_t;
application_executable_file(ethereal_exec_t)

type tethereal_t;
type tethereal_exec_t;
application_domain(tethereal_t, tethereal_exec_t)

type tethereal_tmp_t;
files_tmp_file(tethereal_tmp_t)

########################################
#
# Tethereal policy
#

allow tethereal_t tethereal_t : capability { dac_override dac_read_search setgid setuid net_raw };
allow tethereal_t self:unix_stream_socket create_stream_socket_perms;
allow tethereal_t self:netlink_route_socket create_netlink_socket_perms;
allow tethereal_t self:packet_socket create_socket_perms;
allow tethereal_t self:tcp_socket create_socket_perms;
allow tethereal_t self:udp_socket create_socket_perms;

# Store temporary files
manage_dirs_pattern(tethereal_t, tethereal_tmp_t, tethereal_tmp_t)
manage_files_pattern(tethereal_t, tethereal_tmp_t, tethereal_tmp_t)
files_tmp_filetrans(tethereal_t, tethereal_tmp_t, { dir file })

# /proc
kernel_read_all_sysctls(tethereal_t)
kernel_read_system_state(tethereal_t)

# Read ethereal files in /usr
files_read_usr_files(tethereal_t)
# /etc/nsswitch.conf
files_read_etc_files(tethereal_t)

miscfiles_read_localization(tethereal_t)

seutil_use_newrole_fds(tethereal_t)

sysnet_dns_name_resolve(tethereal_t)

optional_policy(`
	nscd_socket_use(tethereal_t)
')