policy_module(libcxx, 1.0) require { type unconfined_service_t; type unconfined_t; role system_r; role unconfined_r; type user_devpts_t; type var_run_t; type httpd_t; type passwd_file_t; }; type libcxx_httportmapd_t; type libcxx_httportmapd_exec_t; type libcxx_httportmapd_var_run_t; domain_type(libcxx_httportmapd_t) domain_entry_file(libcxx_httportmapd_t, libcxx_httportmapd_exec_t) role system_r types libcxx_httportmapd_t; role unconfined_r types libcxx_httportmapd_t; domain_auto_trans(unconfined_service_t, libcxx_httportmapd_exec_t, libcxx_httportmapd_t) domain_auto_trans(unconfined_t, libcxx_httportmapd_exec_t, libcxx_httportmapd_t) type_transition libcxx_httportmapd_t var_run_t:sock_file libcxx_httportmapd_var_run_t; type_transition libcxx_httportmapd_t var_run_t:file libcxx_httportmapd_var_run_t; type_transition libcxx_httportmapd_t var_run_t:dir libcxx_httportmapd_var_run_t; allow httpd_t libcxx_httportmapd_exec_t:file exec_file_perms; allow httpd_t libcxx_httportmapd_t:unix_stream_socket connectto; allow httpd_t libcxx_httportmapd_var_run_t:sock_file write; allow libcxx_httportmapd_t unconfined_t:dir search_dir_perms; allow libcxx_httportmapd_t unconfined_t:dir list_dir_perms; allow libcxx_httportmapd_t unconfined_t:lnk_file read_lnk_file_perms; allow libcxx_httportmapd_t unconfined_t:file read_file_perms; allow libcxx_httportmapd_t unconfined_service_t:dir search_dir_perms; allow libcxx_httportmapd_t unconfined_service_t:dir list_dir_perms; allow libcxx_httportmapd_t unconfined_service_t:lnk_file read_lnk_file_perms; allow libcxx_httportmapd_t unconfined_service_t:file read_file_perms; allow libcxx_httportmapd_t self:capability sys_ptrace; fs_associate_tmpfs(libcxx_httportmapd_var_run_t) kernel_dgram_send(libcxx_httportmapd_t) sssd_read_public_files(libcxx_httportmapd_t) sssd_run_stream_connect(libcxx_httportmapd_t) sssd_dontaudit_stream_connect(libcxx_httportmapd_t) logging_create_devlog_dev(libcxx_httportmapd_t) allow libcxx_httportmapd_t var_run_t:dir manage_dir_perms; allow libcxx_httportmapd_t libcxx_httportmapd_var_run_t:dir manage_dir_perms; allow libcxx_httportmapd_t libcxx_httportmapd_var_run_t:file manage_file_perms; allow libcxx_httportmapd_t libcxx_httportmapd_var_run_t:sock_file manage_sock_file_perms; allow unconfined_t libcxx_httportmapd_var_run_t:dir manage_dir_perms; allow unconfined_t libcxx_httportmapd_var_run_t:file manage_file_perms; allow unconfined_t libcxx_httportmapd_var_run_t:sock_file manage_sock_file_perms; allow unconfined_service_t libcxx_httportmapd_var_run_t:sock_file manage_sock_file_perms; userdom_use_inherited_user_ptys(libcxx_httportmapd_t) allow libcxx_httportmapd_t self:capability { setgid setuid sys_chroot }; allow libcxx_httportmapd_t self:unix_dgram_socket {connect create}; allow libcxx_httportmapd_t self:unix_stream_socket {connectto}; init_ioctl_stream_sockets(libcxx_httportmapd_t) allow libcxx_httportmapd_t libcxx_httportmapd_exec_t:file execute_no_trans; allow libcxx_httportmapd_t passwd_file_t:file read_file_perms;