;; Copyright (C) 2025 John Turner

;; This program is free software: you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation, either version 3 of the License, or
;; (at your option) any later version.

;; This program is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;; GNU General Public License for more details.

;; You should have received a copy of the GNU General Public License
;; along with this program.  If not, see <https://www.gnu.org/licenses/>.

(in agent
    (block weechat

        (blockinherit .subj.common.template)
        (call subj.common.type (subj))

        (roletype .sys.role subj)

        (call exec.subj_type_transition (.sys.subj subj))
        (call exec.entrypoint_file_files (subj))
        (call exec.mapexecute_file_files (subj))
        (call exec.read_file_files (subj))

        ;; unix socket
        (allow subj self (unix_dgram_socket (create sendto read write)))

        ;; network
        (allow subj self create_tcp_socket)
        (call irc.nameconnect_port_tcp_sockets (subj))
        
        ;; use ssl certs
        (call .cert.search_file_dirs (subj))
        (call .cert.read_file_files (subj))

        ;; use terminal
        (call .sys.use_subj_fds (subj))
        (call .dev.readwriteinherited_file_chr_files (subj))
        (call .ptytermdev.readwriteinherited_all_chr_files (subj))

        ;; use pipes
        (call .sys.readwriteinherited_subj_fifo_files (subj))
        
        ;; read root
        (call .root.search_file_dirs (subj))

        ;; read /etc
        (call .conf.search_file_dirs (subj))
        (call .conf.read_file_files (subj))
        (call .conf.read_file_lnk_files (subj))
        
        ;; read /usr/share
        (call .data.search_file_dirs (subj))
        (call .data.read_file_files (subj))
        
        ;; access config stuff
        (call .home.search_file_dirs (subj))
        (call .user.home.search_file_dirs (subj))
        (call .user.home.create_file_dirs (subj))
        (call .agent.weechat.home.search_file_dirs (subj))
        (call .agent.weechat.home.readwrite_file_files (subj))

        ;; access /run/user
        (call .run.search_file_dirs (subj))
        (call .runuser.search_file_dirs (subj))
        (call .userrun.search_file_dirs (subj))
        (call .userrun.create_file_dirs (subj))
        (call .userrun.addname_file_dirs (subj))

        ;; access /run/user/${UID}/weechat
        (call .agent.weechat.run.search_file_dirs (subj))
        (call .agent.weechat.run.create_file_dirs (subj))
        (call .agent.weechat.run.write_file_dirs (subj))
        (call .agent.weechat.run.readwrite_file_files (subj))

        (block exec
            
            (filecon "/usr/bin/weechat" file file_context)

            (blockinherit .file.exec.template))

        (block home

            (filecon "HOME_DIR/\.config/weechat(/.*)?" any file_context)
            (filecon "HOME_DIR/\.local/share/weechat(/.*)?" any file_context)
            (filecon "HOME_DIR/\.local/state/weechat(/.*)?" any file_context)
            (filecon "HOME_DIR/\.cache/weechat(/.*)?" any file_context)

            (blockinherit .file.home.user.template))

        (block run
            (macro file_type_transition_file ((type ARG1) (class ARG2) (name ARG3))
                (call .userrun.file_type_transition (ARG1 file ARG2 ARG3)))
            
            (blockinherit .file.user.run.template)
            
            (filecon "/run/user/%{USERID}/weechat" dir file_context)
            (filecon "/run/user/%{USERID}/weechat/.*" any file_context))))

(call .agent.weechat.run.file_type_transition_file (.agent.weechat.subj dir "weechat"))
(call .agent.weechat.run.file_type_transition_file (.agent.weechat.subj file "*"))