X-Git-Url: https://git.camperquake.de/gitweb.cgi?a=blobdiff_plain;f=ts3%2Fts3.te;fp=ts3%2Fts3.te;h=4cf9e8e5aaaac1d69ffbf33017d2b28cb51f33f0;hb=fa638fc1c5d345a3ebedaa29c8b59f96786a35d2;hp=0000000000000000000000000000000000000000;hpb=c4c0773581a9e2a18f1946260355556216a65a4a;p=selinux.git

diff --git a/ts3/ts3.te b/ts3/ts3.te
new file mode 100644
index 0000000..4cf9e8e
--- /dev/null
+++ b/ts3/ts3.te
@@ -0,0 +1,39 @@
+policy_module(ts3, 0.1.21)
+
+# File context for the executable process
+type ts3_t;
+type ts3_exec_t;
+
+type ts3_rw_t;
+files_type(ts3_rw_t)
+
+type ts3_ro_t;
+files_type(ts3_ro_t)
+
+init_daemon_domain(ts3_t, ts3_exec_t)
+
+corenet_udp_sendrecv_generic_port(ts3_t)
+corenet_udp_bind_generic_port(ts3_t)
+corenet_udp_bind_generic_node(ts3_t)
+corenet_tcp_sendrecv_generic_port(ts3_t)
+corenet_tcp_bind_generic_port(ts3_t)
+corenet_tcp_bind_generic_node(ts3_t)
+
+allow ts3_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
+
+allow ts3_t ts3_ro_t:dir list_dir_perms;
+allow ts3_t ts3_ro_t:file read_file_perms;
+
+manage_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
+manage_dirs_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
+setattr_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
+
+sysnet_dns_name_resolve(ts3_t)
+
+# Needed to load shared libraries
+allow ts3_t ts3_exec_t:file execmod;
+
+dev_read_urand(ts3_t)
+
+fs_getattr_tmpfs(ts3_t)
+fs_manage_tmpfs_files(ts3_t)