## <summary>A distributed, collaborative, spam detection and filtering network.</summary>

#######################################
## <summary>
##	The template to define a razor domain.
## </summary>
## <param name="domain_prefix">
##	<summary>
##	Domain prefix to be used.
##	</summary>
## </param>
#
template(`razor_common_domain_template',`
	gen_require(`
		attribute razor_domain;
		type razor_exec_t;
	')

	########################################
	#
	# Declarations
	#

	type $1_t, razor_domain;
	domain_type($1_t)
	domain_entry_file($1_t, razor_exec_t)

	########################################
	#
	# Declarations
	#

	auth_use_nsswitch($1_t)
')

########################################
## <summary>
##	Role access for razor.
## </summary>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <param name="domain">
##	<summary>
##	User domain for the role.
##	</summary>
## </param>
#
interface(`razor_role',`
	gen_require(`
		attribute_role razor_roles;
		type razor_t, razor_exec_t, razor_home_t;
		type razor_tmp_t;
	')

	roleattribute $1 razor_roles;

	domtrans_pattern($2, razor_exec_t, razor_t)

	ps_process_pattern($2, razor_t)
	allow $2 razor_t:process signal;

	allow $2 { razor_home_t razor_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
	allow $2 { razor_home_t razor_tmp_t }:file { manage_file_perms relabel_file_perms };
	allow $2 razor_home_t:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };

	userdom_user_home_dir_filetrans($2, razor_home_t, dir, ".razor")
')

########################################
## <summary>
##	Execute razor in the system razor domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`razor_domtrans',`
	gen_require(`
		type system_razor_t, razor_exec_t;
	')

	corecmd_search_bin($1)
	domtrans_pattern($1, razor_exec_t, system_razor_t)
')

########################################
## <summary>
##	Create, read, write, and delete
##	razor home content.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`razor_manage_home_content',`
	gen_require(`
		type razor_home_t;
	')

	userdom_search_user_home_dirs($1)
	allow $1 razor_home_t:dir manage_dir_perms;
	allow $1 razor_home_t:file manage_file_perms;
	allow $1 razor_home_t:lnk_file manage_lnk_file_perms;
')

########################################
## <summary>
##	Read razor lib files.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`razor_read_lib_files',`
	gen_require(`
		type razor_var_lib_t;
	')

	files_search_var_lib($1)
	read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
')