Add policy for teamspeak3

[selinux.git] / ts3 / ts3.te

diff --git a/ts3/ts3.te b/ts3/ts3.te
new file mode 100644 (file)
index 0000000..4cf9e8e
--- /dev/null
+++ b/ts3/ts3.te
@@ -0,0 +1,39 @@
+policy_module(ts3, 0.1.21)
+
+# File context for the executable process
+type ts3_t;
+type ts3_exec_t;
+
+type ts3_rw_t;
+files_type(ts3_rw_t)
+
+type ts3_ro_t;
+files_type(ts3_ro_t)
+
+init_daemon_domain(ts3_t, ts3_exec_t)
+
+corenet_udp_sendrecv_generic_port(ts3_t)
+corenet_udp_bind_generic_port(ts3_t)
+corenet_udp_bind_generic_node(ts3_t)
+corenet_tcp_sendrecv_generic_port(ts3_t)
+corenet_tcp_bind_generic_port(ts3_t)
+corenet_tcp_bind_generic_node(ts3_t)
+
+allow ts3_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
+
+allow ts3_t ts3_ro_t:dir list_dir_perms;
+allow ts3_t ts3_ro_t:file read_file_perms;
+
+manage_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
+manage_dirs_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
+setattr_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
+
+sysnet_dns_name_resolve(ts3_t)
+
+# Needed to load shared libraries
+allow ts3_t ts3_exec_t:file execmod;
+
+dev_read_urand(ts3_t)
+
+fs_getattr_tmpfs(ts3_t)
+fs_manage_tmpfs_files(ts3_t)