From: Ralf Ertzinger <ralf@skytale.net>
Date: Sat, 1 Oct 2022 13:02:29 +0000 (+0000)
Subject: Add bf1942
X-Git-Url: https://git.camperquake.de/gitweb.cgi?p=selinux.git;a=commitdiff_plain;h=e4b31b7b145561d40e7e5c2f1b357d72154a7ed5

Add bf1942
---

diff --git a/bf1942/bf1942.fc b/bf1942/bf1942.fc
new file mode 100644
index 0000000..f01b483
--- /dev/null
+++ b/bf1942/bf1942.fc
@@ -0,0 +1,5 @@
+/etank/games/bf1942/bf1942/serverfiles/bf1942_lnxded.*                 -- gen_context(system_u:object_r:bf1942_exec_t,s0)
+/etank/games/bf1942/bf1942(/.*)?                                          gen_context(system_u:object_r:bf1942_ro_t,s0)
+/etank/games/bf1942/bf1942/serverfiles/mods/[^/]+/settings                gen_context(system_u:object_r:bf1942_rw_t,s0)
+/etank/games/bf1942/bf1942/serverfiles/mods/[^/]+/logs(/.*)?              gen_context(system_u:object_r:bf1942_rw_t,s0)
+/etank/games/bf1942/bf1942/serverfiles/mods/[^/]+/settings/maplist.con    gen_context(system_u:object_r:bf1942_rw_t,s0)
diff --git a/bf1942/bf1942.if b/bf1942/bf1942.if
new file mode 120000
index 0000000..196caaa
--- /dev/null
+++ b/bf1942/bf1942.if
@@ -0,0 +1 @@
+../include/_sky_.if
\ No newline at end of file
diff --git a/bf1942/bf1942.te b/bf1942/bf1942.te
new file mode 100644
index 0000000..54b98fb
--- /dev/null
+++ b/bf1942/bf1942.te
@@ -0,0 +1,30 @@
+policy_module(bf1942, 0.1.4)
+
+# File context for the executable process
+type bf1942_t;
+type bf1942_exec_t;
+
+type bf1942_rw_t;
+files_type(bf1942_rw_t)
+
+type bf1942_ro_t;
+files_type(bf1942_ro_t)
+
+init_daemon_domain(bf1942_t, bf1942_exec_t)
+
+corenet_udp_sendrecv_generic_port(bf1942_t)
+corenet_udp_bind_generic_port(bf1942_t)
+corenet_udp_bind_generic_node(bf1942_t)
+
+read_files_pattern(bf1942_t, bf1942_ro_t, bf1942_ro_t)
+read_lnk_files_pattern(bf1942_t, bf1942_ro_t, bf1942_ro_t)
+list_dirs_pattern(bf1942_t, bf1942_ro_t, bf1942_ro_t)
+
+manage_files_pattern(bf1942_t, bf1942_rw_t, bf1942_rw_t)
+manage_dirs_pattern(bf1942_t, bf1942_rw_t, bf1942_rw_t)
+setattr_files_pattern(bf1942_t, bf1942_rw_t, bf1942_rw_t)
+
+sysnet_dns_name_resolve(bf1942_t)
+
+kernel_read_system_state(bf1942_t)
+allow bf1942_t self:process execmem;