module clamav-sudo 1.0;

require {
	type antivirus_t;
	type sudo_exec_t;
	type systemd_logind_var_run_t;
	type pidfs_t;
	type chkpwd_exec_t;
	type systemd_logind_t;
	class file { execute execute_no_trans map };
	class netlink_audit_socket { create nlmsg_relay read write };
	class capability { audit_write sys_resource };
	class process { setrlimit setsched };
	class sock_file write;
	class unix_stream_socket connectto;
	class filesystem getattr;
}

#============= antivirus_t ==============
allow antivirus_t chkpwd_exec_t:file { execute execute_no_trans };
allow antivirus_t pidfs_t:filesystem getattr;
allow antivirus_t self:capability { audit_write sys_resource };
allow antivirus_t self:netlink_audit_socket { create nlmsg_relay write };
allow antivirus_t self:netlink_audit_socket read;
allow antivirus_t self:process { setrlimit setsched };
allow antivirus_t sudo_exec_t:file map;
allow antivirus_t systemd_logind_t:unix_stream_socket connectto;
allow antivirus_t systemd_logind_var_run_t:sock_file write;