# ----------------------------------------------------------------------------
#
#	Copyright (C) 2000-2016 Synology Inc. All rights reserved.
#
# ----------------------------------------------------------------------------

#include <abstractions/authentication>
#include <abstractions/mydscenter>
#include <abstractions/nameservice>

network,
capability net_bind_service,
capability chown,
capability dac_override,
capability ipc_lock,
capability net_admin,
capability net_raw,
capability setuid,
capability setgid,
capability sys_module,
capability sys_ptrace,
/.system_info/Sone*																rwk,
/dev/net/tun																	rw,
/dev/tty																		rw,
/etc/.tc_cmd*																	rwk,
/etc/dhcpd/{,**}																rwk,
/usr/syno/{etc,etc.defaults}/synonet/{,**}										r,
/etc/group																		r,
/etc/iproute2/ematch_map														r,
/etc/nsswitch.conf																r,
/etc/synoautoblock.db*															rwk,
/etc/synoappprivilege.db*														rwk,
/etc/sysconfig/network-scripts/*												r,
/etc/ssl/openssl.cnf															r,
/etc/ipsec.d/{,**}																	rwk,
/etc/ipsec.conf																	rwk,
/etc/ipsec.secrets																rwk,
/lib/ld.so.1																	mr,
/lib/libc.so.6																	mr,
/lib/libcrypt.so.1																mr,
/lib/libdl.so.2																	mr,
/lib/libm.so.6																	mr,
/lib/libresolv.so.2																mr,
/lib/libsynocgi.so.6															mr,
/lib/libsynocore.so.5															mr,
/lib/libsynodb.so																mr,
/lib/libsynonetwork.so.5														mr,
/lib/libsynosdk.so.5															mr,
/sbin/tc																		ix,
/sbin/initctl																	ix,
/usr/sbin/ipsec																	rix,
/usr/syno/etc.defaults/iptables_chain_list										r,
/usr/syno/etc/packages/VPNPlusServer/db/										r,
/usr/syno/etc/packages/VPNPlusServer/db/synovpnplus.db*							rwk,
/usr/syno/etc/packages/VPNPlusServer/pptp/accel-pppd.conf						rwk,
/usr/syno/etc/packages/VPNPlusServer/l2tp/xl2tpd.conf							rwk,
/usr/syno/etc/packages/VPNPlusServer/l2tp/options.xl2tpd						rwk,
/usr/syno/etc/packages/VPNPlusServer/l2tp/ipsec*							rwk,
/usr/syno/etc/packages/VPNPlusServer/s2s/sites.conf*							rwk,
/usr/syno/etc/packages/VPNPlusServer/s2s/ipsec_*							rwk,
/usr/syno/etc/packages/VPNPlusServer/sslvpn/vpnserver.conf						rwk,
/usr/syno/etc/packages/VPNPlusServer/synotc/mark.json*							rwk,
/usr/syno/etc/packages/VPNPlusServer/synotc/tc.json*							rwk,
/usr/syno/etc/packages/VPNPlusServer/synovpnplus.conf							rwk,
/usr/syno/etc/packages/VPNPlusServer/vpnplus_objects.conf						rwk,
/usr/syno/etc/packages/VPNPlusServer/vpnplus_lease.conf							rwk,
/usr/syno/etc/private/smbpasswd*												r,
/usr/syno/etc/synoservice.d/winbindd.cfg										r,
/usr/syno/etc/synoservice.override/winbindd.cfg									r,
/usr/syno/etc/synotc/{,**}														rwk,
/usr/syno/lib/libsodium.so.18.1.1												mr,
/usr/syno/lib/libsynopki.so.5													mr,
/usr/syno/sbin/brctl															ix,
/usr/syno/sbin/synonetdtool														ix,
/usr/syno/pluto/libexec/ipsec/{,**}												rix,
/volume*/@appstore/VPNPlusServer/bin/*											rwk,
/volume*/@appstore/VPNPlusServer/tmp/{,**}										rwk,
/volume*/@appstore/VPNPlusServer/lib/**											mr,
/volume*/@appstore/VPNPlusServer/tool/*											rix,
/volume*/@appstore/VPNPlusServer/scripts/{,**}									rix,
/volume*/@appstore/VPNPlusServer/var/run/vpnplusd-*.sock						rwk,
/volume*/@appstore/VPNPlusServer/etc/s2s/ipsec_template.conf					r,
/volume*/@appstore/VPNPlusServer/etc/root_dnssec_key							r,

# vim:ft=apparmor
