Add noatsecure to programs using LD_PRELOAD (CoD4, TS3, TF2)

[selinux.git] / tf2 / tf2.te

diff --git a/tf2/tf2.te b/tf2/tf2.te
index d6db454..fd3f755 100644 (file)
--- a/tf2/tf2.te
+++ b/tf2/tf2.te
@@ -1,4 +1,4 @@
-policy_module(tf2, 0.1.21)
+policy_module(tf2, 0.1.22)
 
 require {
     type default_t;
@@ -16,8 +16,6 @@ files_type(tf2_rw_t)
 type tf2_ro_t;
 files_type(tf2_ro_t)
 
-# type tf2_tmp_t;
-# files_tmp_file(tf2_tmp_t)
 
 init_daemon_domain(tf2_t, tf2_exec_t)
 
@@ -31,17 +29,13 @@ corenet_tcp_sendrecv_generic_port(tf2_t)
 corenet_tcp_bind_generic_port(tf2_t)
 corenet_tcp_bind_generic_node(tf2_t)
 
-allow tf2_t tf2_ro_t:dir list_dir_perms;
-allow tf2_t tf2_ro_t:file read_file_perms;
-#allow tf2_t tf2_tmp_t:file manage_file_perms;
-#allow tf2_t tf2_tmp_t:dir manage_dir_perms;
+read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
 
 manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 setattr_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 
 sysnet_dns_name_resolve(tf2_t)
-# files_tmp_filetrans(tf2_t, tf2_tmp_t, { file dir})
 
 # Needed to load shared libs
 allow tf2_t tf2_exec_t:file execmod;
@@ -57,3 +51,5 @@ kernel_read_network_state(tf2_t)
 
 # There's a lot of noise from these accesses
 dontaudit tf2_t default_t:dir read;
+
+allow init_t tf2_t:process { noatsecure };