Add bf1942

[selinux.git] / bf1942 / bf1942.te

diff --git a/bf1942/bf1942.te b/bf1942/bf1942.te
new file mode 100644 (file)
index 0000000..54b98fb
--- /dev/null
+++ b/bf1942/bf1942.te
@@ -0,0 +1,30 @@
+policy_module(bf1942, 0.1.4)
+
+# File context for the executable process
+type bf1942_t;
+type bf1942_exec_t;
+
+type bf1942_rw_t;
+files_type(bf1942_rw_t)
+
+type bf1942_ro_t;
+files_type(bf1942_ro_t)
+
+init_daemon_domain(bf1942_t, bf1942_exec_t)
+
+corenet_udp_sendrecv_generic_port(bf1942_t)
+corenet_udp_bind_generic_port(bf1942_t)
+corenet_udp_bind_generic_node(bf1942_t)
+
+read_files_pattern(bf1942_t, bf1942_ro_t, bf1942_ro_t)
+read_lnk_files_pattern(bf1942_t, bf1942_ro_t, bf1942_ro_t)
+list_dirs_pattern(bf1942_t, bf1942_ro_t, bf1942_ro_t)
+
+manage_files_pattern(bf1942_t, bf1942_rw_t, bf1942_rw_t)
+manage_dirs_pattern(bf1942_t, bf1942_rw_t, bf1942_rw_t)
+setattr_files_pattern(bf1942_t, bf1942_rw_t, bf1942_rw_t)
+
+sysnet_dns_name_resolve(bf1942_t)
+
+kernel_read_system_state(bf1942_t)
+allow bf1942_t self:process execmem;