q3a: Add support for ioquake binaries

diff --git a/q3a/q3a.fc b/q3a/q3a.fc
index 93362c7..a1c0178 100644 (file)
--- a/q3a/q3a.fc
+++ b/q3a/q3a.fc
@@ -1,4 +1,5 @@
-/etank/games/q3a/q3ded                --      gen_context(system_u:object_r:q3a_exec_t,s0)
-/etank/games/q3a/.*/qagamei386.so     --      gen_context(system_u:object_r:q3a_exec_t,s0)
-/etank/games/q3a(/.*)?                        gen_context(system_u:object_r:q3a_ro_t,s0)
-/etank/games/q3a/.q3a(/.*)?                   gen_context(system_u:object_r:q3a_rw_t,s0)
+/etank/games/q3a/q3ded                  --      gen_context(system_u:object_r:q3a_exec_t,s0)
+/etank/games/q3a/ioq3ded\.(x86_64|i386) --      gen_context(system_u:object_r:q3a_exec_t,s0)
+/etank/games/q3a/.*/qagamei386.so       --      gen_context(system_u:object_r:q3a_exec_t,s0)
+/etank/games/q3a(/.*)?                          gen_context(system_u:object_r:q3a_ro_t,s0)
+/etank/games/q3a/.q3a(/.*)?                     gen_context(system_u:object_r:q3a_rw_t,s0)

diff --git a/q3a/q3a.te b/q3a/q3a.te
index dc54c6a..371ef6b 100644 (file)
--- a/q3a/q3a.te
+++ b/q3a/q3a.te
@@ -1,4 +1,4 @@
-policy_module(q3a, 0.1.14)
+policy_module(q3a, 0.1.19)
 
 # File context for the executable process
 type q3a_t;
@@ -30,3 +30,7 @@ setattr_files_pattern(q3a_t, q3a_rw_t, q3a_rw_t)
 
 sysnet_dns_name_resolve(q3a_t)
 files_tmp_filetrans(q3a_t, q3a_tmp_t, { file dir})
+
+dev_read_urand(q3a_t)
+
+allow q3a_t self:process execmem;