From: Ralf Ertzinger <ralf@skytale.net>
Date: Sat, 26 Apr 2014 13:02:25 +0000 (+0000)
Subject: Add Call of Duty 4 policy
X-Git-Url: https://git.camperquake.de/gitweb.cgi?p=selinux.git;a=commitdiff_plain;h=1f1b238b667e901fa43a79d9e3e73d6e8e5eb7cd

Add Call of Duty 4 policy
---

diff --git a/cod4/cod4.fc b/cod4/cod4.fc
new file mode 100644
index 0000000..1028463
--- /dev/null
+++ b/cod4/cod4.fc
@@ -0,0 +1,6 @@
+# /opt/cod4/.+/log(/.*)?        gen_context(system_u:object_r:cod4_rw_t,s0)
+/etank/games/cod4/cod4_lnxded(-bin)?    --      gen_context(system_u:object_r:cod4_exec_t,s0)
+/etank/games/cod4/libstdc\+\+\.so\.6    --      gen_context(system_u:object_r:cod4_exec_t,s0)
+/etank/games/cod4/libgcc_s\.so\.1       --      gen_context(system_u:object_r:cod4_exec_t,s0)
+/etank/games/cod4(/.*)?                         gen_context(system_u:object_r:cod4_ro_t,s0)
+/etank/games/cod4/.callofduty4(/.*)?            gen_context(system_u:object_r:cod4_rw_t,s0)
diff --git a/cod4/cod4.if b/cod4/cod4.if
new file mode 100644
index 0000000..3eb6a30
--- /dev/null
+++ b/cod4/cod4.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/cod4/cod4.te b/cod4/cod4.te
new file mode 100644
index 0000000..9d9a7a3
--- /dev/null
+++ b/cod4/cod4.te
@@ -0,0 +1,26 @@
+policy_module(cod4, 0.1.13)
+
+# File context for the executable process
+type cod4_t;
+type cod4_exec_t;
+
+type cod4_rw_t;
+files_type(cod4_rw_t)
+
+type cod4_ro_t;
+files_type(cod4_ro_t)
+
+init_daemon_domain(cod4_t, cod4_exec_t)
+
+corenet_udp_sendrecv_generic_port(cod4_t)
+corenet_udp_bind_generic_port(cod4_t)
+corenet_udp_bind_generic_node(cod4_t)
+
+allow cod4_t cod4_ro_t:dir list_dir_perms;
+allow cod4_t cod4_ro_t:file read_file_perms;
+
+manage_files_pattern(cod4_t, cod4_rw_t, cod4_rw_t)
+manage_dirs_pattern(cod4_t, cod4_rw_t, cod4_rw_t)
+setattr_files_pattern(cod4_t, cod4_rw_t, cod4_rw_t)
+
+sysnet_dns_name_resolve(cod4_t)