-policy_module(tf2, 0.1.24)
+policy_module(tf2, 0.1.28)
require {
type default_t;
files_type(tf2_ro_t)
+init_domain(tf2_t, tf2_exec_t)
init_daemon_domain(tf2_t, tf2_exec_t)
allow tf2_t self:process { setsched signal signull };
read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
read_lnk_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
list_dirs_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+mmap_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
dontaudit tf2_t default_t:dir read;
allow init_t tf2_t:process { noatsecure };
+allow tf2_t self:process execmem;