mpd_local.te

module mpd_local 1.0;

require {
	type alsa_home_t;
	type alsa_var_lib_t;
	type config_home_t;
	type mpd_home_t;
	type mpd_port_t;
	type mpd_t;
	type nfs_t;
	type unconfined_service_t;
	type user_home_dir_t;
	type var_run_t;
	class dir { search };
	class file { getattr open read };
	class sock_file write;
	class tcp_socket { listen name_bind name_connect accept create node_bind setopt bind getattr };
	class unix_stream_socket connectto;
}
#============= mpd_t ==============
allow mpd_t alsa_home_t:file { getattr open read };
allow mpd_t alsa_var_lib_t:dir search;
allow mpd_t config_home_t:dir search;
allow mpd_t mpd_port_t:tcp_socket name_connect;
allow mpd_t nfs_t:dir search;
allow mpd_t var_run_t:sock_file write;
allow mpd_t user_home_dir_t:dir search;
allow mpd_t unconfined_service_t:unix_stream_socket connectto;