-policy_module(tf2, 0.1.23)
+policy_module(tf2, 0.1.29)
require {
type default_t;
files_type(tf2_ro_t)
+init_domain(tf2_t, tf2_exec_t)
init_daemon_domain(tf2_t, tf2_exec_t)
allow tf2_t self:process { setsched signal signull };
corenet_tcp_bind_generic_node(tf2_t)
read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+read_lnk_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
list_dirs_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+mmap_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
setattr_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
+# TF2 wants to create /tmp/dumps
+files_manage_generic_tmp_dirs(tf2_t)
+
sysnet_dns_name_resolve(tf2_t)
# Needed to load shared libs
dontaudit tf2_t default_t:dir read;
allow init_t tf2_t:process { noatsecure };
+allow tf2_t self:process execmem;