# iddd daemon
type iddd, domain;

type iddd_exec, exec_type, file_type;
init_daemon_domain(iddd)

type_transition iddd system_data_file:file iddd_file;

allow iddd self:socket create_socket_perms;
allow iddd iddd_file:sock_file { create setattr unlink write };

allow iddd iddd_file:fifo_file rw_file_perms;
allow iddd iddd_file:file rw_file_perms;
allow iddd iddd_file:file { create rename unlink };
allow iddd iddd_file:dir rw_file_perms;
allow iddd iddd_file:dir { add_name create remove_name search };

# TODO: label the right way / Allow context change
allow iddd system_file:file execute_no_trans;
allow iddd iddd_exec:file execute_no_trans;

# Allow iddd send to logd
allow iddd logd:unix_stream_socket connectto;
allow iddd logdr_socket:sock_file write;

# Allow file system create (we use tmpfs now)
allow iddd tmpfs:lnk_file read;
allow iddd tmpfs:dir search;

# Allow proc socket search
allow iddd proc:file { getattr open read };