| # Domain for webservd daemon. |
| type webservd, domain; |
| type webservd_exec, exec_type, file_type; |
| type webservd_data_file, file_type, data_file_type; |
| |
| brillo_domain(webservd) |
| net_domain(webservd) |
| |
| # Allow crash_reporter access to core dump files. |
| allow_crash_reporter(webservd) |
| |
| # Allow opening firewall ports to serve on. |
| allow_call_firewalld(webservd) |
| |
| allow webservd self:capability { net_bind_service }; |
| allow webservd webservd_data_file:dir rw_dir_perms; |
| allow webservd webservd_data_file:file create_file_perms; |
| allow webservd webservd_service:service_manager { add find }; |