policy_module(sigrok, 1.0.1)

########################################
#
# Declarations
#

attribute_role sigrok_roles;
roleattribute system_r sigrok_roles;

type sigrok_t;
type sigrok_exec_t;
userdom_user_application_domain(sigrok_t, sigrok_exec_t)
role sigrok_roles types sigrok_t;

########################################
#
# Local policy
#

allow sigrok_t self:fifo_file rw_fifo_file_perms;
allow sigrok_t self:netlink_kobject_uevent_socket create_socket_perms;
allow sigrok_t self:tcp_socket create_socket_perms;

corenet_tcp_connect_all_unreserved_ports(sigrok_t)

dev_getattr_sysfs_dirs(sigrok_t)
dev_read_sysfs(sigrok_t)
dev_rw_generic_usb_dev(sigrok_t)

files_read_etc_files(sigrok_t)

term_use_unallocated_ttys(sigrok_t)

userdom_use_user_ptys(sigrok_t)

optional_policy(`
	udev_read_runtime_files(sigrok_t)
')