From: Ralf Ertzinger <ralf@skytale.net>
Date: Sat, 16 Mar 2019 20:10:17 +0000 (+0000)
Subject: Add rtorrent
X-Git-Url: https://git.camperquake.de/gitweb.cgi?p=selinux.git;a=commitdiff_plain;h=242a02874965c75d922fd498fc9cf3d6943b5a3a

Add rtorrent
---

diff --git a/rtorrent/rtorrent.fc b/rtorrent/rtorrent.fc
new file mode 100644
index 0000000..b6a7646
--- /dev/null
+++ b/rtorrent/rtorrent.fc
@@ -0,0 +1,3 @@
+/usr/bin/rtorrent                            -- gen_context(system_u:object_r:rtorrent_exec_t,s0)
+/opt/rtorrent/data(/.*)?                        gen_context(system_u:object_r:rtorrent_rw_t,s0)
+/opt/rtorrent/.rtorrent.rc                      gen_context(system_u:object_r:rtorrent_ro_t,s0)
diff --git a/rtorrent/rtorrent.if b/rtorrent/rtorrent.if
new file mode 120000
index 0000000..196caaa
--- /dev/null
+++ b/rtorrent/rtorrent.if
@@ -0,0 +1 @@
+../include/_sky_.if
\ No newline at end of file
diff --git a/rtorrent/rtorrent.te b/rtorrent/rtorrent.te
new file mode 100644
index 0000000..c912c2c
--- /dev/null
+++ b/rtorrent/rtorrent.te
@@ -0,0 +1,70 @@
+policy_module(rtorrent, 0.0.19)
+
+require {
+    type init_t;
+    type public_content_t;
+    type public_content_rw_t;
+    type bin_t;
+    type shell_exec_t;
+    type fs_t;
+}
+
+
+# File context for the executable process
+type rtorrent_t;
+type rtorrent_exec_t;
+
+type rtorrent_rw_t;
+files_type(rtorrent_rw_t)
+
+type rtorrent_ro_t;
+files_type(rtorrent_ro_t)
+
+# _sky_files_use_tmp(rtorrent_t, rtorrent_tmp_t)
+
+init_daemon_domain(rtorrent_t, rtorrent_exec_t)
+
+# corenet_udp_sendrecv_generic_port(rtorrent_t)
+corenet_udp_bind_generic_port(rtorrent_t)
+corenet_udp_bind_generic_node(rtorrent_t)
+corenet_tcp_sendrecv_generic_port(rtorrent_t)
+corenet_tcp_bind_generic_port(rtorrent_t)
+corenet_tcp_bind_generic_node(rtorrent_t)
+
+corenet_tcp_connect_all_unreserved_ports(rtorrent_t)
+corenet_tcp_connect_all_ephemeral_ports(rtorrent_t)
+corenet_tcp_connect_http_port(rtorrent_t)
+
+allow rtorrent_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
+
+# Needed to start /bin/bash
+#exec_files_pattern(rtorrent_t, bin_t, shell_exec_t)
+
+# Needed to start java
+# exec_files_pattern(rtorrent_t, bin_t, bin_t)
+# _sky_java_process(rtorrent_t)
+
+read_files_pattern(rtorrent_t, rtorrent_ro_t, rtorrent_ro_t)
+read_lnk_files_pattern(rtorrent_t, rtorrent_ro_t, rtorrent_ro_t)
+mmap_files_pattern(rtorrent_t, rtorrent_ro_t, rtorrent_ro_t)
+
+read_files_pattern(rtorrent_t, public_content_t, public_content_t)
+read_lnk_files_pattern(rtorrent_t, public_content_t, public_content_t)
+mmap_files_pattern(rtorrent_t, public_content_t, public_content_t)
+
+manage_files_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
+manage_dirs_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
+manage_lnk_files_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
+mmap_files_pattern(rtorrent_t, rtorrent_rw_t, rtorrent_rw_t)
+
+manage_files_pattern(rtorrent_t, public_content_rw_t, public_content_rw_t)
+mmap_files_pattern(rtorrent_t, public_content_rw_t, public_content_rw_t)
+
+sysnet_dns_name_resolve(rtorrent_t)
+
+#sssd_read_public_files(rtorrent_t)
+
+#dev_read_rand(rtorrent_t)
+#dev_read_sysfs(rtorrent_t)
+
+allow rtorrent_t fs_t:filesystem getattr;