policy_module(desktop-custom, 1.0.1)

gen_require(`
    type portage_t, portage_ebuild_t, cert_t;
')

####### Policy

#============= portage_t ==============
corenet_udp_bind_generic_node(portage_t)
kernel_mounton_proc(portage_t)
kernel_mount_proc(portage_t)
allow portage_t portage_ebuild_t:file map;
allow portage_t cert_t:file map;