| # Policy for usf daemons |
| type usf, domain; |
| type usf_exec, exec_type, file_type; |
| |
| # Started by init |
| init_daemon_domain(usf) |
| net_domain(usf) |
| |
| # Ultrasound device |
| allow usf usf_device:chr_file rw_file_perms; |
| |
| # Audio |
| allow usf audio_data_file:sock_file write; |
| allow usf mediaserver:unix_stream_socket connectto; |
| allow usf audio_data_file:dir r_dir_perms; |
| allow usf audio_device:chr_file rw_file_perms; |
| allow usf proc_audiod:file r_file_perms; |
| allow usf audio_device:dir r_dir_perms; |
| |
| # Data files and persist storage |
| allow usf usf_data_file:dir rw_dir_perms; |
| allow usf usf_data_file:{ file sock_file fifo_file } create_file_perms; |
| allow usf usf_data_file:lnk_file r_file_perms; |
| r_dir_file(usf, persist_file) |
| r_dir_file(usf, persist_usf_file) |
| |
| # Properties |
| allow usf { ctl_default_prop usf_prop }:property_service set; |
| |
| # Sockets |
| unix_socket_connect(usf, property, init); |