policy_module(hostapd, 1.0.0)

########################################
#
# Declarations
#

type hostapd_t;
type hostapd_exec_t;
init_daemon_domain(hostapd_t, hostapd_exec_t)

type hostapd_var_run_t;
files_pid_file(hostapd_var_run_t)

type hostapd_conf_t;
files_type(hostapd_conf_t)
########################################
#
# hostapd local policy
#
allow hostapd_t self:capability { fsetid chown net_admin net_raw dac_read_search dac_override };
allow hostapd_t self:fifo_file rw_fifo_file_perms;
allow hostapd_t self:unix_stream_socket create_stream_socket_perms;
allow hostapd_t self:netlink_socket create_socket_perms;
allow hostapd_t self:netlink_generic_socket create_socket_perms;
allow hostapd_t self:netlink_route_socket create_netlink_socket_perms;
allow hostapd_t self:packet_socket create_socket_perms;

manage_dirs_pattern(hostapd_t, hostapd_var_run_t, hostapd_var_run_t)
manage_files_pattern(hostapd_t, hostapd_var_run_t, hostapd_var_run_t)
manage_lnk_files_pattern(hostapd_t, hostapd_var_run_t, hostapd_var_run_t)
manage_sock_files_pattern(hostapd_t, hostapd_var_run_t, hostapd_var_run_t)
files_pid_filetrans(hostapd_t, hostapd_var_run_t, { dir file lnk_file sock_file })

read_files_pattern(hostapd_t, hostapd_conf_t, hostapd_conf_t)

kernel_read_system_state(hostapd_t)
kernel_read_network_state(hostapd_t)
kernel_request_load_module(hostapd_t)
kernel_rw_net_sysctls(hostapd_t)
dev_rw_sysfs(hostapd_t)

#allow initrc_t hostapd_conf_t:file read;

dev_read_rand(hostapd_t)
dev_read_urand(hostapd_t)
dev_read_sysfs(hostapd_t)
dev_rw_wireless(hostapd_t)

domain_use_interactive_fds(hostapd_t)

auth_use_nsswitch(hostapd_t)

logging_send_syslog_msg(hostapd_t)

miscfiles_read_localization(hostapd_t)