Move base directories to /var/games

[selinux.git] / ts3 / ts3.te

diff --git a/ts3/ts3.te b/ts3/ts3.te
index 4cf9e8e..4afdf06 100644 (file)
--- a/ts3/ts3.te
+++ b/ts3/ts3.te
@@ -1,4 +1,4 @@
-policy_module(ts3, 0.1.21)
+policy_module(ts3, 0.1.29)
 
 # File context for the executable process
 type ts3_t;
@@ -10,6 +10,7 @@ files_type(ts3_rw_t)
 type ts3_ro_t;
 files_type(ts3_ro_t)
 
+init_domain(ts3_t, ts3_exec_t)
 init_daemon_domain(ts3_t, ts3_exec_t)
 
 corenet_udp_sendrecv_generic_port(ts3_t)
@@ -21,13 +22,17 @@ corenet_tcp_bind_generic_node(ts3_t)
 
 allow ts3_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
 
-allow ts3_t ts3_ro_t:dir list_dir_perms;
-allow ts3_t ts3_ro_t:file read_file_perms;
+read_files_pattern(ts3_t, ts3_ro_t, ts3_ro_t)
+list_dirs_pattern(ts3_t, ts3_ro_t, ts3_ro_t)
+mmap_exec_files_pattern(ts3_t, ts3_ro_t, ts3_ro_t)
 
 manage_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
 manage_dirs_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
+mmap_exec_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
 setattr_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
 
+mmap_exec_files_pattern(ts3_t, tmpfs_t, tmpfs_t)
+
 sysnet_dns_name_resolve(ts3_t)
 
 # Needed to load shared libraries
@@ -37,3 +42,5 @@ dev_read_urand(ts3_t)
 
 fs_getattr_tmpfs(ts3_t)
 fs_manage_tmpfs_files(ts3_t)
+
+allow init_t ts3_t:process { noatsecure };