policy_module(ts3, 0.1.29)

# File context for the executable process
type ts3_t;
type ts3_exec_t;

type ts3_rw_t;
files_type(ts3_rw_t)

type ts3_ro_t;
files_type(ts3_ro_t)

init_domain(ts3_t, ts3_exec_t)
init_daemon_domain(ts3_t, ts3_exec_t)

corenet_udp_sendrecv_generic_port(ts3_t)
corenet_udp_bind_generic_port(ts3_t)
corenet_udp_bind_generic_node(ts3_t)
corenet_tcp_sendrecv_generic_port(ts3_t)
corenet_tcp_bind_generic_port(ts3_t)
corenet_tcp_bind_generic_node(ts3_t)

allow ts3_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };

read_files_pattern(ts3_t, ts3_ro_t, ts3_ro_t)
list_dirs_pattern(ts3_t, ts3_ro_t, ts3_ro_t)
mmap_exec_files_pattern(ts3_t, ts3_ro_t, ts3_ro_t)

manage_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
manage_dirs_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
mmap_exec_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
setattr_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)

mmap_exec_files_pattern(ts3_t, tmpfs_t, tmpfs_t)

sysnet_dns_name_resolve(ts3_t)

# Needed to load shared libraries
allow ts3_t ts3_exec_t:file execmod;

dev_read_urand(ts3_t)

fs_getattr_tmpfs(ts3_t)
fs_manage_tmpfs_files(ts3_t)

allow init_t ts3_t:process { noatsecure };