Add policy for teamspeak3

diff --git a/ts3/ts3.fc b/ts3/ts3.fc
new file mode 100644 (file)
index 0000000..67a8648
--- /dev/null
+++ b/ts3/ts3.fc
@@ -0,0 +1,4 @@
+/opt/teamspeak3(-server_linux-(amd64|x86))?/libts3db_(.+)\.so               -- gen_context(system_u:object_r:ts3_exec_t,s0)
+/opt/teamspeak3(-server_linux-(amd64|x86))?/ts3server_linux_(amd64|x86)     -- gen_context(system_u:object_r:ts3_exec_t,s0)
+/opt/teamspeak3(-server_linux-(amd64|x86))?/ts3server_minimal_runscript\.sh -- gen_context(system_u:object_r:ts3_exec_t,s0)
+/opt/teamspeak3(-server_linux-(amd64|x86))?(/.*)?                              gen_context(system_u:object_r:ts3_rw_t,s0)

diff --git a/ts3/ts3.if b/ts3/ts3.if
new file mode 100644 (file)
index 0000000..3eb6a30
--- /dev/null
+++ b/ts3/ts3.if
@@ -0,0 +1 @@
+## <summary></summary>

diff --git a/ts3/ts3.te b/ts3/ts3.te
new file mode 100644 (file)
index 0000000..4cf9e8e
--- /dev/null
+++ b/ts3/ts3.te
@@ -0,0 +1,39 @@
+policy_module(ts3, 0.1.21)
+
+# File context for the executable process
+type ts3_t;
+type ts3_exec_t;
+
+type ts3_rw_t;
+files_type(ts3_rw_t)
+
+type ts3_ro_t;
+files_type(ts3_ro_t)
+
+init_daemon_domain(ts3_t, ts3_exec_t)
+
+corenet_udp_sendrecv_generic_port(ts3_t)
+corenet_udp_bind_generic_port(ts3_t)
+corenet_udp_bind_generic_node(ts3_t)
+corenet_tcp_sendrecv_generic_port(ts3_t)
+corenet_tcp_bind_generic_port(ts3_t)
+corenet_tcp_bind_generic_node(ts3_t)
+
+allow ts3_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
+
+allow ts3_t ts3_ro_t:dir list_dir_perms;
+allow ts3_t ts3_ro_t:file read_file_perms;
+
+manage_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
+manage_dirs_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
+setattr_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
+
+sysnet_dns_name_resolve(ts3_t)
+
+# Needed to load shared libraries
+allow ts3_t ts3_exec_t:file execmod;
+
+dev_read_urand(ts3_t)
+
+fs_getattr_tmpfs(ts3_t)
+fs_manage_tmpfs_files(ts3_t)