type timekeep, domain;
type timekeep_exec, exec_type, file_type;

# Started by init
init_daemon_domain(timekeep)

allow timekeep self:capability {
    fowner
    fsetid
    sys_time
    dac_override
    dac_read_search
};

allow timekeep time_data_file:file create_file_perms;
allow timekeep time_data_file:dir create_dir_perms;

set_prop(timekeep, timekeep_prop)