From 0e7657673c0fa43bd215b837243fac43800ed723 Mon Sep 17 00:00:00 2001
From: Ralf Ertzinger <ralf@skytale.net>
Date: Fri, 14 Nov 2014 15:32:56 +0000
Subject: [PATCH] Add rules for tesseract

---
 tesseract/tesseract.fc |  2 ++
 tesseract/tesseract.if |  1 +
 tesseract/tesseract.te | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 35 insertions(+)
 create mode 100644 tesseract/tesseract.fc
 create mode 100644 tesseract/tesseract.if
 create mode 100644 tesseract/tesseract.te

diff --git a/tesseract/tesseract.fc b/tesseract/tesseract.fc
new file mode 100644
index 0000000..0ac201e
--- /dev/null
+++ b/tesseract/tesseract.fc
@@ -0,0 +1,2 @@
+/etank/games/tesseract/tesseract/bin_unix/linux(_64)?_(server|client)  --  gen_context(system_u:object_r:tesseract_exec_t,s0)
+/etank/games/tesseract/tesseract(/.*)?                                     gen_context(system_u:object_r:tesseract_ro_t,s0)
diff --git a/tesseract/tesseract.if b/tesseract/tesseract.if
new file mode 100644
index 0000000..3eb6a30
--- /dev/null
+++ b/tesseract/tesseract.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/tesseract/tesseract.te b/tesseract/tesseract.te
new file mode 100644
index 0000000..1de962f
--- /dev/null
+++ b/tesseract/tesseract.te
@@ -0,0 +1,32 @@
+policy_module(tesseract, 0.1.0)
+
+# File context for the executable process
+type tesseract_t;
+type tesseract_exec_t;
+
+type tesseract_rw_t;
+files_type(tesseract_rw_t)
+
+type tesseract_ro_t;
+files_type(tesseract_ro_t)
+
+#type tesseract_tmp_t;
+#files_tmp_file(tesseract_tmp_t)
+
+init_daemon_domain(tesseract_t, tesseract_exec_t)
+
+corenet_udp_sendrecv_generic_port(tesseract_t)
+corenet_udp_bind_generic_port(tesseract_t)
+corenet_udp_bind_generic_node(tesseract_t)
+
+allow tesseract_t tesseract_ro_t:dir list_dir_perms;
+allow tesseract_t tesseract_ro_t:file read_file_perms;
+#allow tesseract_t tesseract_tmp_t:file manage_file_perms;
+#allow tesseract_t tesseract_tmp_t:dir manage_dir_perms;
+
+#manage_files_pattern(tesseract_t, tesseract_rw_t, tesseract_rw_t)
+#manage_dirs_pattern(tesseract_t, tesseract_rw_t, tesseract_rw_t)
+#setattr_files_pattern(tesseract_t, tesseract_rw_t, tesseract_rw_t)
+
+sysnet_dns_name_resolve(tesseract_t)
+#files_tmp_filetrans(tesseract_t, tesseract_tmp_t, { file dir})
-- 
1.8.3.1