git://git.camperquake.de / selinux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c62e181)
Add rules for UT2004
authorRalf Ertzinger <ralf@skytale.net>
Fri, 14 Nov 2014 15:32:14 +0000 (15:32 +0000)
committerRalf Ertzinger <ralf@skytale.net>
Fri, 14 Nov 2014 15:32:14 +0000 (15:32 +0000)
ut2004/ut2004.fc [new file with mode: 0644] patch | blob
ut2004/ut2004.if [new file with mode: 0644] patch | blob
ut2004/ut2004.te [new file with mode: 0644] patch | blob

diff --git a/ut2004/ut2004.fc b/ut2004/ut2004.fc
new file mode 100644 (file)
index 0000000..f287272
--- /dev/null
+++ b/ut2004/ut2004.fc
@@ -0,0 +1,4 @@
+/etank/games/ut2004/ut2004/System/(ucc-bin|ucc-bin-linux-amd64) -- gen_context(system_u:object_r:ut2004_exec_t,s0)
+/etank/games/ut2004/ut2004(/.*)?                                   gen_context(system_u:object_r:ut2004_ro_t,s0)
+/etank/games/ut2004/ut2004/System/UCC.log                          gen_context(system_u:object_r:ut2004_rw_t,s0)
+/etank/games/ut2004/ut2004/System/.*\.ini                          gen_context(system_u:object_r:ut2004_rw_t,s0)
diff --git a/ut2004/ut2004.if b/ut2004/ut2004.if
new file mode 100644 (file)
index 0000000..3eb6a30
--- /dev/null
+++ b/ut2004/ut2004.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/ut2004/ut2004.te b/ut2004/ut2004.te
new file mode 100644 (file)
index 0000000..82cbdaf
--- /dev/null
+++ b/ut2004/ut2004.te
@@ -0,0 +1,40 @@
+policy_module(ut2004, 0.1.0)
+
+require {
+    type interwise_port_t;
+}
+
+# File context for the executable process
+type ut2004_t;
+type ut2004_exec_t;
+
+type ut2004_rw_t;
+files_type(ut2004_rw_t)
+
+type ut2004_ro_t;
+files_type(ut2004_ro_t)
+
+#type ut2004_tmp_t;
+#files_tmp_file(ut2004_tmp_t)
+
+init_daemon_domain(ut2004_t, ut2004_exec_t)
+
+corenet_udp_sendrecv_generic_port(ut2004_t)
+corenet_udp_bind_generic_port(ut2004_t)
+corenet_udp_bind_generic_node(ut2004_t)
+
+allow ut2004_t ut2004_ro_t:dir list_dir_perms;
+allow ut2004_t ut2004_ro_t:file read_file_perms;
+#allow ut2004_t ut2004_tmp_t:file manage_file_perms;
+#allow ut2004_t ut2004_tmp_t:dir manage_dir_perms;
+
+manage_files_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)
+manage_dirs_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)
+setattr_files_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)
+
+sysnet_dns_name_resolve(ut2004_t)
+#files_tmp_filetrans(ut2004_t, ut2004_tmp_t, { file dir})
+
+# The UT2004 default port is labelled interwise_port_t on some
+# Fedora policies
+allow ut2004_t interwise_port_t:udp_socket name_bind;
Collection of selinux policy files