module hermes-policy 1.0;

require {
	type http_port_t;
	type data_home_t;
	type initrc_tmp_t;
	type admin_home_t;
	type init_t;
	class file { append create execute execute_no_trans ioctl lock map open read rename setattr unlink write };
	class tcp_socket name_connect;
}

#============= init_t ==============
allow init_t admin_home_t:file { append create execute execute_no_trans ioctl lock open read rename setattr unlink write };

#!!!! This avc can be allowed using the boolean 'domain_can_mmap_files'
allow init_t admin_home_t:file map;
allow init_t data_home_t:file { execute execute_no_trans };

#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow init_t http_port_t:tcp_socket name_connect;
allow init_t initrc_tmp_t:file open;