## <summary>Policy for Aimee OS utilities.</summary>

########################################
## <summary>
##	Execute system-update in the aimee_sysupdate_t
##	domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`aimee_os_system_update_domtrans',`
	gen_require(`
		type aimee_sysupdate_t, aimee_sysupdate_exec_t;
	')

	domtrans_pattern($1, aimee_sysupdate_exec_t, aimee_sysupdate_t)
')

########################################
## <summary>
##	Execute system-update in the aimee_sysupdate_t
##	domain, and allow the specified role the
##	aimee_sysupdate_t domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`aimee_os_run_system_update',`
	gen_require(`
		type aimee_sysupdate_t;
	')

	aimee_os_system_update_domtrans($1)
	role $2 types aimee_sysupdate_t;
')

########################################
## <summary>
##	Execute set-root-password in the
##	aimee_set_root_password_t domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
#
interface(`aimee_os_set_root_password_domtrans',`
	gen_require(`
		type aimee_set_root_password_t, aimee_set_root_password_exec_t;
	')

	domtrans_pattern($1, aimee_set_root_password_exec_t, aimee_set_root_password_t)
')

########################################
## <summary>
##	Execute set-root-password in the
##	aimee_set_root_password_t domain, and
##	allow the specified role the
##	aimee_set_root_password_t domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed to transition.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	Role allowed access.
##	</summary>
## </param>
## <rolecap/>
#
interface(`aimee_os_run_set_root_password',`
	gen_require(`
		type aimee_set_root_password_t;
	')

	aimee_os_set_root_password_domtrans($1)
	role $2 types aimee_set_root_password_t;
	mount_run(aimee_set_root_password_t, $2)
')

########################################
## <summary>
##	Execute set-root-password in the caller
##	domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`aimee_os_set_root_password_exec',`
	gen_require(`
		type aimee_set_root_password_exec_t;
	')

	corecmd_search_bin($1)
	can_exec($1, aimee_set_root_password_exec_t)
')

########################################
## <summary>
##	Create, read, write, and delete temporary
##	files used by Aimee OS set-root-password.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`aimee_os_manage_set_root_password_tmp_files',`
	gen_require(`
		type aimee_set_root_password_tmp_t;
	')

	manage_files_pattern($1, aimee_set_root_password_tmp_t, aimee_set_root_password_tmp_t)
	read_lnk_files_pattern($1, aimee_set_root_password_tmp_t, aimee_set_root_password_tmp_t)
')