1 policy_module(tf2, 0.1.21)
7 # File context for the executable process
11 # File type for writable files
15 # File type for readable files
20 # files_tmp_file(tf2_tmp_t)
22 init_daemon_domain(tf2_t, tf2_exec_t)
24 allow tf2_t self:process { setsched signal signull };
25 allow tf2_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
27 corenet_udp_sendrecv_generic_port(tf2_t)
28 corenet_udp_bind_generic_port(tf2_t)
29 corenet_udp_bind_generic_node(tf2_t)
30 corenet_tcp_sendrecv_generic_port(tf2_t)
31 corenet_tcp_bind_generic_port(tf2_t)
32 corenet_tcp_bind_generic_node(tf2_t)
34 allow tf2_t tf2_ro_t:dir list_dir_perms;
35 allow tf2_t tf2_ro_t:file read_file_perms;
36 #allow tf2_t tf2_tmp_t:file manage_file_perms;
37 #allow tf2_t tf2_tmp_t:dir manage_dir_perms;
39 manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
40 manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
41 setattr_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
43 sysnet_dns_name_resolve(tf2_t)
44 # files_tmp_filetrans(tf2_t, tf2_tmp_t, { file dir})
46 # Needed to load shared libs
47 allow tf2_t tf2_exec_t:file execmod;
51 # TF2 wants to read /proc/cpuinfo
52 kernel_read_system_state(tf2_t)
53 # dev_read_sysfs(tf2_t)
55 # TF2 needs to read the network state
56 kernel_read_network_state(tf2_t)
58 # There's a lot of noise from these accesses
59 dontaudit tf2_t default_t:dir read;