## <summary>giFT peer to peer file sharing tool</summary>

############################################################
## <summary>
##	Role access for gift
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role
##	</summary>
## </param>
#
interface(`gift_role',`
	gen_require(`
		type gift_t, gift_exec_t;
		type giftd_t, giftd_exec_t;
		type gift_home_t;
	')

	role $1 types { gift_t giftd_t };

	# transition from user domain
	domtrans_pattern($2, gift_exec_t, gift_t)
	domtrans_pattern($2, giftd_exec_t, giftd_t)

	# user managed content
	manage_dirs_pattern($2, gift_home_t, gift_home_t)
	manage_files_pattern($2, gift_home_t, gift_home_t)
	manage_lnk_files_pattern($2, gift_home_t, gift_home_t)
	relabel_dirs_pattern($2, gift_home_t, gift_home_t)
	relabel_files_pattern($2, gift_home_t, gift_home_t)
	relabel_lnk_files_pattern($2, gift_home_t, gift_home_t)

	# Allow the user domain to signal/ps.
	ps_process_pattern($2, { gift_t giftd_t })
	allow $2 { gift_t giftd_t }:process signal_perms;
')