X-Git-Url: https://git.camperquake.de/gitweb.cgi?a=blobdiff_plain;f=tf2%2Ftf2.te;h=024594e5b1fd5145ca20b0cbfa81013b73e6a23d;hb=refs%2Fheads%2Fmaster;hp=5f89c83c4f286bbeaeaef2a712f6fc8752c02ec5;hpb=ae89f309b9a07add61906e04cb95a421dd76362c;p=selinux.git

diff --git a/tf2/tf2.te b/tf2/tf2.te
index 5f89c83..024594e 100644
--- a/tf2/tf2.te
+++ b/tf2/tf2.te
@@ -1,7 +1,8 @@
-policy_module(tf2, 0.1.23)
+policy_module(tf2, 0.1.30)
 
 require {
     type default_t;
+    type games_data_t;
 }
 
 # File context for the executable process
@@ -17,6 +18,7 @@ type tf2_ro_t;
 files_type(tf2_ro_t)
 
 
+init_domain(tf2_t, tf2_exec_t)
 init_daemon_domain(tf2_t, tf2_exec_t)
 
 allow tf2_t self:process { setsched signal signull };
@@ -30,12 +32,17 @@ corenet_tcp_bind_generic_port(tf2_t)
 corenet_tcp_bind_generic_node(tf2_t)
 
 read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+read_lnk_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
 list_dirs_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+mmap_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
 
 manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 setattr_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 
+# TF2 wants to create /tmp/dumps
+files_manage_generic_tmp_dirs(tf2_t)
+
 sysnet_dns_name_resolve(tf2_t)
 
 # Needed to load shared libs
@@ -54,3 +61,6 @@ kernel_read_network_state(tf2_t)
 dontaudit tf2_t default_t:dir read;
 
 allow init_t tf2_t:process { noatsecure };
+allow tf2_t self:process execmem;
+
+list_dirs_pattern(tf2_t, games_data_t, games_data_t)