policy_module(bf1942, 0.1.7)

require {
    type games_data_t;
}

# File context for the executable process
type bf1942_t;
type bf1942_exec_t;

type bf1942_rw_t;
files_type(bf1942_rw_t)

type bf1942_ro_t;
files_type(bf1942_ro_t)

init_daemon_domain(bf1942_t, bf1942_exec_t)
init_nnp_daemon_domain(bf1942_t, bf1942_exec_t)

corenet_udp_sendrecv_generic_port(bf1942_t)
corenet_udp_bind_generic_port(bf1942_t)
corenet_udp_bind_generic_node(bf1942_t)

read_files_pattern(bf1942_t, bf1942_ro_t, bf1942_ro_t)
read_lnk_files_pattern(bf1942_t, bf1942_ro_t, bf1942_ro_t)
list_dirs_pattern(bf1942_t, bf1942_ro_t, bf1942_ro_t)

manage_files_pattern(bf1942_t, bf1942_rw_t, bf1942_rw_t)
manage_dirs_pattern(bf1942_t, bf1942_rw_t, bf1942_rw_t)
setattr_files_pattern(bf1942_t, bf1942_rw_t, bf1942_rw_t)

sysnet_dns_name_resolve(bf1942_t)

kernel_read_system_state(bf1942_t)
allow bf1942_t self:process execmem;

# The BF1942 binary executes itself
allow bf1942_t bf1942_exec_t:file execute_no_trans;

list_dirs_pattern(bf1942_t, games_data_t, games_data_t)