module imunify360 1.0;

require {
    type init_t;
	type lib_t;
	type sshd_t;
	type usr_t;
	type var_t;
	type var_run_t;
	type httpd_t;
	type httpd_sys_script_t;
	type unconfined_service_t;
	class sock_file { write create setattr getattr unlink };
	class unix_dgram_socket sendto;
	class dir { write add_name remove_name create };
	class file { create open read write execute execute_no_trans append setattr ioctl lock unlink link };
}

#============= httpd_sys_script_t ==============

allow httpd_sys_script_t lib_t:sock_file write;

#============= httpd_t ==============

allow httpd_t unconfined_service_t:unix_dgram_socket sendto;
allow httpd_t var_run_t:sock_file write;

#============= sshd_t ==============

allow sshd_t usr_t:sock_file write;

#============= init_t ==============
allow init_t lib_t:dir { write add_name remove_name };
allow init_t lib_t:sock_file { create setattr unlink write };
allow init_t var_t:dir create;
allow init_t var_t:file { create open read write execute execute_no_trans append setattr ioctl lock unlink link };
allow init_t var_t:sock_file { create getattr setattr write unlink };