policy_module(mock, 0.7.1)

########################################
#
# Declarations
#

type mock_t;
domain_type(mock_t)

type mock_exec_t;
domain_entry_file(mock_t,mock_exec_t)

type mock_var_lib_t;
files_type(mock_var_lib_t)

########################################
#
# Local policy
#

ifdef(`targeted_policy',`

	# execheap & execmem are needed to run mono under mock
	# where no transition to mono_t will happen
	allow mock_t self:process { execheap execmem };
	unconfined_domain_noaudit(mock_t)
	role system_r types mock_t;

	# Old libraries may need execmod permission
	allow mock_t mock_var_lib_t:file execmod;

	# Transition to mock_t from unconfined_t
	mock_domtrans(unconfined_t)

')