1 policy_module(subsonic, 0.1.64)
6 type public_content_rw_t;
12 # File context for the executable process
17 files_type(subsonic_rw_t)
20 files_type(subsonic_ro_t)
22 _sky_files_use_tmp(subsonic_t, subsonic_tmp_t)
24 init_daemon_domain(subsonic_t, subsonic_exec_t)
26 # corenet_udp_sendrecv_generic_port(subsonic_t)
27 # corenet_udp_bind_generic_port(subsonic_t)
28 # corenet_udp_bind_generic_node(subsonic_t)
29 corenet_tcp_sendrecv_generic_port(subsonic_t)
30 corenet_tcp_bind_generic_port(subsonic_t)
31 corenet_tcp_bind_generic_node(subsonic_t)
33 corenet_tcp_connect_unreserved_ports(subsonic_t)
34 corenet_tcp_connect_http_port(subsonic_t)
36 allow subsonic_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
38 allow init_t subsonic_ro_t:lnk_file read;
40 # Needed to start /bin/bash
41 exec_files_pattern(subsonic_t, bin_t, shell_exec_t)
43 # Needed to start java
44 exec_files_pattern(subsonic_t, bin_t, bin_t)
45 _sky_java_process(subsonic_t)
47 read_files_pattern(subsonic_t, subsonic_ro_t, subsonic_ro_t)
48 read_lnk_files_pattern(subsonic_t, subsonic_ro_t, subsonic_ro_t)
49 read_files_pattern(subsonic_t, public_content_t, public_content_t)
50 read_lnk_files_pattern(subsonic_t, public_content_t, public_content_t)
52 manage_files_pattern(subsonic_t, subsonic_rw_t, subsonic_rw_t)
53 manage_lnk_files_pattern(subsonic_t, subsonic_rw_t, subsonic_rw_t)
54 manage_files_pattern(subsonic_t, public_content_rw_t, public_content_rw_t)
56 sysnet_dns_name_resolve(subsonic_t)
58 sssd_read_public_files(subsonic_t)
60 dev_read_rand(subsonic_t)