-policy_module(tf2, 0.1.22)
+policy_module(tf2, 0.1.25)
require {
type default_t;
corenet_tcp_bind_generic_node(tf2_t)
read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+read_lnk_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+list_dirs_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
+mmap_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
# There's a lot of noise from these accesses
dontaudit tf2_t default_t:dir read;
+
+allow init_t tf2_t:process { noatsecure };