module localSrict 1.0;

require {
	type var_run_t;
	type fsadm_log_t;
	type apt_var_lib_t;
	type mount_t;
	type system_crond_t;
	type fsadm_t;
	type initrc_t;
	type user_t;
	type system_chkpwd_t;
	type logrotate_t;
	type crond_t;
	type var_t;
	type shlib_t;
	type security_t;
	class file { write rename getattr setattr read create ioctl };
	class fd use;
	class fifo_file { write read ioctl };
	class dir { write search remove_name add_name };
	class filesystem getattr;
}

#============= fsadm_t ==============
# src="fsadm_t" tgt="security_t" class="filesystem", perms="getattr"
# comm="fsck.ext3" exe="" path=""
allow fsadm_t security_t:filesystem getattr;

#============= initrc_t ==============
# src="initrc_t" tgt="crond_t" class="fifo_file", perms="{ read ioctl }"
# comm="sysklogd" exe="" path=""
allow initrc_t crond_t:fifo_file { read ioctl };
# src="initrc_t" tgt="fsadm_log_t" class="file", perms="write"
# comm="logsave" exe="" path=""
allow initrc_t fsadm_log_t:file write;
# src="initrc_t" tgt="system_crond_t" class="fd", perms="use"
# comm="sysklogd" exe="" path=""
allow initrc_t system_crond_t:fd use;
# src="initrc_t" tgt="system_crond_t" class="fifo_file", perms="write"
# comm="sysklogd" exe="" path=""
allow initrc_t system_crond_t:fifo_file write;

#============= logrotate_t ==============
# src="logrotate_t" tgt="var_t" class="dir", perms="{ write remove_name add_name }"
# comm="mv" exe="" path=""
allow logrotate_t var_t:dir { write remove_name add_name };
# src="logrotate_t" tgt="var_t" class="file", perms="{ rename getattr }"
# comm="savelog" exe="" path=""
allow logrotate_t var_t:file { rename getattr };

#============= mount_t ==============
# src="mount_t" tgt="security_t" class="filesystem", perms="getattr"
# comm="mount" exe="" path=""
allow mount_t security_t:filesystem getattr;

#============= system_chkpwd_t ==============
# src="system_chkpwd_t" tgt="security_t" class="filesystem", perms="getattr"
# comm="unix_chkpwd" exe="" path=""
allow system_chkpwd_t security_t:filesystem getattr;
# src="system_chkpwd_t" tgt="var_run_t" class="dir", perms="search"
# comm="unix_chkpwd" exe="" path=""
allow system_chkpwd_t var_run_t:dir search;

#============= system_crond_t ==============
# src="system_crond_t" tgt="apt_var_lib_t" class="file", perms="read"
# comm="cp" exe="" path=""
allow system_crond_t apt_var_lib_t:file read;
# src="system_crond_t" tgt="var_t" class="dir", perms="{ write add_name }"
# comm="cp" exe="" path=""
allow system_crond_t var_t:dir { write add_name };
# src="system_crond_t" tgt="var_t" class="file", perms="{ write create setattr }"
# comm="cp" exe="" path=""
allow system_crond_t var_t:file { write create setattr };

#============= user_t ==============
# src="user_t" tgt="shlib_t" class="file", perms="ioctl"
# comm="ld" exe="" path=""
allow user_t shlib_t:file ioctl;