-policy_module(tf2, 0.1.21)
+policy_module(tf2, 0.1.22)
require {
type default_t;
type tf2_ro_t;
files_type(tf2_ro_t)
-# type tf2_tmp_t;
-# files_tmp_file(tf2_tmp_t)
init_daemon_domain(tf2_t, tf2_exec_t)
corenet_tcp_bind_generic_port(tf2_t)
corenet_tcp_bind_generic_node(tf2_t)
-allow tf2_t tf2_ro_t:dir list_dir_perms;
-allow tf2_t tf2_ro_t:file read_file_perms;
-#allow tf2_t tf2_tmp_t:file manage_file_perms;
-#allow tf2_t tf2_tmp_t:dir manage_dir_perms;
+read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
setattr_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
sysnet_dns_name_resolve(tf2_t)
-# files_tmp_filetrans(tf2_t, tf2_tmp_t, { file dir})
# Needed to load shared libs
allow tf2_t tf2_exec_t:file execmod;