+policy_module(gruntmasterd, 1.0)
+
+define(`read_file_perms', `{ getattr ioctl read lock open }')
+define(`read_dir_perms', `{ getattr ioctl read lock open search}')
+define(`everything_file_perms', `{ getattr ioctl read lock open unlink setattr write create rename link }')
+define(`everything_dir_perms', `{ getattr ioctl read lock open search unlink setattr write create rename link rmdir remove_name reparent add_name }')
+define(`gruntmaster_read', `allow gruntmasterd_t $1 : dir read_dir_perms; allow gruntmasterd_t $1 : file read_file_perms; allow gruntmasterd_t $1 : lnk_file read_file_perms;')
+define(`gruntmaster_everything', `allow gruntmasterd_t $1 : dir everything_dir_perms; allow gruntmasterd_t $1 : file everything_file_perms; allow gruntmasterd_t $1 : lnk_file everything_file_perms;')
+
+require{
+ type bin_t;
+ type httpd_sys_content_rw_t;
+ type httpd_sys_content_t;
+ type httpd_t;
+ type httpd_tmp_t;
+ type proc_t;
+ type urandom_device_t;
+}