## <summary>SELinux MLS/MCS label translation service.</summary>

########################################
## <summary>
##	Execute setrans server in the setrans domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
#
interface(`setrans_initrc_domtrans',`
	gen_require(`
		type setrans_initrc_exec_t;
	')

	init_labeled_script_domtrans($1, setrans_initrc_exec_t)
')

#######################################
## <summary>
##	Allow a domain to translate contexts.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`setrans_translate_context',`
	gen_require(`
		type setrans_t, setrans_var_run_t;
	')

	allow $1 self:unix_stream_socket create_stream_socket_perms;
	stream_connect_pattern($1, setrans_var_run_t, setrans_var_run_t, setrans_t)
	files_list_runtime($1)
')

######################################
## <summary>
##	All of the rules required to
##	administrate an setrans environment.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
#
interface(`setrans_admin',`
	gen_require(`
		type setrans_t, setrans_initrc_exec_t;
		type setrans_runtime_t, setrans_unit_t;
	')

	allow $1 setrans_t:process { ptrace signal_perms };
	ps_process_pattern($1, setrans_t)

	init_startstop_service($1, $2, setrans_t, setrans_initrc_exec_t, setrans_unit_t)

	files_search_runtime($1)
	admin_pattern($1, setrans_runtime_t)
')