X-Git-Url: https://git.camperquake.de/gitweb.cgi?a=blobdiff_plain;f=tf2%2Ftf2.te;h=bf69c5d3238e3ee4ffc1d2803f0d1327820869f8;hb=c226ce3ae21764ee6fabd754bc9a9cc567ba8b46;hp=1e08a9fff1bd148d8a302f266e28e9d839c3e9e0;hpb=43e7b988bc5243fb66e18a5171a48d8ade51b94f;p=selinux.git

diff --git a/tf2/tf2.te b/tf2/tf2.te
index 1e08a9f..bf69c5d 100644
--- a/tf2/tf2.te
+++ b/tf2/tf2.te
@@ -1,4 +1,4 @@
-policy_module(tf2, 0.1.22)
+policy_module(tf2, 0.1.25)
 
 require {
     type default_t;
@@ -30,6 +30,9 @@ corenet_tcp_bind_generic_port(tf2_t)
 corenet_tcp_bind_generic_node(tf2_t)
 
 read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+read_lnk_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+list_dirs_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+mmap_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
 
 manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
@@ -51,3 +54,5 @@ kernel_read_network_state(tf2_t)
 
 # There's a lot of noise from these accesses
 dontaudit tf2_t default_t:dir read;
+
+allow init_t tf2_t:process { noatsecure };