-policy_module(quake2, 0.1.1)
+policy_module(quake2, 0.1.12)
+
+require {
+ type games_data_t;
+}
# File context for the executable process
type quake2_t;
type quake2_ro_t;
files_type(quake2_ro_t)
-type quake2_tmp_t;
-files_tmp_file(quake2_tmp_t)
+_sky_files_use_tmp(quake2_t, quake2_tmp_t)
+init_domain(quake2_t, quake2_exec_t)
init_daemon_domain(quake2_t, quake2_exec_t)
corenet_udp_sendrecv_generic_port(quake2_t)
corenet_udp_bind_generic_port(quake2_t)
corenet_udp_bind_generic_node(quake2_t)
-allow quake2_t quake2_ro_t:dir list_dir_perms;
-allow quake2_t quake2_ro_t:file read_file_perms;
-#allow quake2_t quake2_tmp_t:file manage_file_perms;
-#allow quake2_t quake2_tmp_t:dir manage_dir_perms;
+read_files_pattern(quake2_t, quake2_ro_t, quake2_ro_t)
+list_dirs_pattern(quake2_t, quake2_ro_t, quake2_ro_t)
manage_files_pattern(quake2_t, quake2_rw_t, quake2_rw_t)
manage_dirs_pattern(quake2_t, quake2_rw_t, quake2_rw_t)
setattr_files_pattern(quake2_t, quake2_rw_t, quake2_rw_t)
sysnet_dns_name_resolve(quake2_t)
-files_tmp_filetrans(quake2_t, quake2_tmp_t, { file dir})
+
+allow quake2_t self:process execmem;
+
+list_dirs_pattern(quake2_t, games_data_t, games_data_t)