policy_module(transmission, 1.0.0)

########################################
#
# Declarations
#

## <desc>
## <p>
## Allow transmission to use DHT, uTP and LPD.
## The correspondig port must be transmission_peer_port_t.
## </p>
## </desc>
gen_tunable(transmission_use_udp, true)

## <desc>
## <p>
## Allow transmission to use RPC.
## The correspondig port must be transmission_rpc_port_t.
## </p>
## </desc>
gen_tunable(transmission_use_rpc, true)

type transmission_t;
type transmission_exec_t;
init_daemon_domain(transmission_t, transmission_exec_t)

#permissive transmission_t;

type transmission_log_t;
logging_log_file(transmission_log_t)

type transmission_var_lib_t;
files_type(transmission_var_lib_t)

type transmission_var_run_t;
files_pid_file(transmission_var_run_t)

type transmission_share_t;
files_type(transmission_share_t)

type transmission_peer_port_t;
corenet_port(transmission_peer_port_t)
#portcon tcp     51413   gen_context(system_u:object_r:transmission_peer_port_t,s0)
#portcon tcp     5413   gen_context(system_u:object_r:transmission_peer_port_t,s0)
#portcon tcp     6771   gen_context(system_u:object_r:transmission_peer_port_t,s0)

type transmission_rpc_port_t;
corenet_port(transmission_rpc_port_t)
#portcon tcp     9091   gen_context(system_u:object_r:transmission_rpc_port_t,s0)

########################################
#
# transmission local policy
#
allow transmission_t self:process { fork setrlimit };
allow transmission_t self:fifo_file rw_fifo_file_perms;
#allow transmission_t self:unix_stream_socket create_stream_socket_perms;
allow transmission_t self:tcp_socket { accept listen };

corenet_tcp_bind_transmission_peer_port(transmission_t)
corenet_tcp_bind_rtorrent_port(transmission_t)
corenet_tcp_bind_generic_node(transmission_t)
corenet_tcp_connect_all_ports(transmission_t)

kernel_read_kernel_sysctls(transmission_t)
kernel_read_network_state(transmission_t)

manage_dirs_pattern(transmission_t, transmission_log_t, transmission_log_t)
manage_files_pattern(transmission_t, transmission_log_t, transmission_log_t)
manage_lnk_files_pattern(transmission_t, transmission_log_t, transmission_log_t)
logging_log_filetrans(transmission_t, transmission_log_t, { dir file lnk_file })

manage_dirs_pattern(transmission_t, transmission_var_lib_t, transmission_var_lib_t)
manage_files_pattern(transmission_t, transmission_var_lib_t, transmission_var_lib_t)
manage_lnk_files_pattern(transmission_t, transmission_var_lib_t, transmission_var_lib_t)
files_var_lib_filetrans(transmission_t, transmission_var_lib_t, { dir file lnk_file })

read_files_pattern(transmission_t, transmission_share_t, transmission_share_t)

miscfiles_read_generic_certs(transmission_t)

fs_get_xattr_fs_quotas(transmission_t)
fs_getattr_xattr_fs(transmission_t)

transmission_pid_trans(transmission_t)

#domain_use_interactive_fds(transmission_t)

#files_read_etc_files(transmission_t)

auth_use_nsswitch(transmission_t)

logging_send_syslog_msg(transmission_t)

miscfiles_read_localization(transmission_t)

sysnet_dns_name_resolve(transmission_t)

tunable_policy(`transmission_use_udp',`
	corenet_udp_bind_transmission_peer_port(transmission_t)
	corenet_udp_bind_rtorrent_port(transmission_t)
	corenet_udp_bind_generic_node(transmission_t)
')

tunable_policy(`transmission_use_rpc',`
	corenet_tcp_bind_transmission_rpc_port(transmission_t)
')