-policy_module(q3a, 0.1.14)
+policy_module(q3a, 0.1.25)
# File context for the executable process
type q3a_t;
type q3a_ro_t;
files_type(q3a_ro_t)
-type q3a_tmp_t;
-files_tmp_file(q3a_tmp_t)
+_sky_files_use_tmp(q3a_t, q3a_tmp_t)
+init_domain(q3a_t, q3a_exec_t)
init_daemon_domain(q3a_t, q3a_exec_t)
corenet_udp_sendrecv_generic_port(q3a_t)
corenet_udp_bind_generic_port(q3a_t)
corenet_udp_bind_generic_node(q3a_t)
+read_files_pattern(q3a_t, q3a_ro_t, q3a_ro_t)
+list_dirs_pattern(q3a_t, q3a_ro_t, q3a_ro_t)
+
allow q3a_t q3a_ro_t:dir list_dir_perms;
allow q3a_t q3a_ro_t:file read_file_perms;
-allow q3a_t q3a_tmp_t:file manage_file_perms;
-allow q3a_t q3a_tmp_t:dir manage_dir_perms;
manage_files_pattern(q3a_t, q3a_rw_t, q3a_rw_t)
manage_dirs_pattern(q3a_t, q3a_rw_t, q3a_rw_t)
setattr_files_pattern(q3a_t, q3a_rw_t, q3a_rw_t)
sysnet_dns_name_resolve(q3a_t)
-files_tmp_filetrans(q3a_t, q3a_tmp_t, { file dir})
+
+dev_read_urand(q3a_t)
+
+allow q3a_t self:process execmem;