From 1f1b238b667e901fa43a79d9e3e73d6e8e5eb7cd Mon Sep 17 00:00:00 2001 From: Ralf Ertzinger Date: Sat, 26 Apr 2014 13:02:25 +0000 Subject: [PATCH] Add Call of Duty 4 policy --- cod4/cod4.fc | 6 ++++++ cod4/cod4.if | 1 + cod4/cod4.te | 26 ++++++++++++++++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 cod4/cod4.fc create mode 100644 cod4/cod4.if create mode 100644 cod4/cod4.te diff --git a/cod4/cod4.fc b/cod4/cod4.fc new file mode 100644 index 0000000..1028463 --- /dev/null +++ b/cod4/cod4.fc @@ -0,0 +1,6 @@ +# /opt/cod4/.+/log(/.*)? gen_context(system_u:object_r:cod4_rw_t,s0) +/etank/games/cod4/cod4_lnxded(-bin)? -- gen_context(system_u:object_r:cod4_exec_t,s0) +/etank/games/cod4/libstdc\+\+\.so\.6 -- gen_context(system_u:object_r:cod4_exec_t,s0) +/etank/games/cod4/libgcc_s\.so\.1 -- gen_context(system_u:object_r:cod4_exec_t,s0) +/etank/games/cod4(/.*)? gen_context(system_u:object_r:cod4_ro_t,s0) +/etank/games/cod4/.callofduty4(/.*)? gen_context(system_u:object_r:cod4_rw_t,s0) diff --git a/cod4/cod4.if b/cod4/cod4.if new file mode 100644 index 0000000..3eb6a30 --- /dev/null +++ b/cod4/cod4.if @@ -0,0 +1 @@ +## diff --git a/cod4/cod4.te b/cod4/cod4.te new file mode 100644 index 0000000..9d9a7a3 --- /dev/null +++ b/cod4/cod4.te @@ -0,0 +1,26 @@ +policy_module(cod4, 0.1.13) + +# File context for the executable process +type cod4_t; +type cod4_exec_t; + +type cod4_rw_t; +files_type(cod4_rw_t) + +type cod4_ro_t; +files_type(cod4_ro_t) + +init_daemon_domain(cod4_t, cod4_exec_t) + +corenet_udp_sendrecv_generic_port(cod4_t) +corenet_udp_bind_generic_port(cod4_t) +corenet_udp_bind_generic_node(cod4_t) + +allow cod4_t cod4_ro_t:dir list_dir_perms; +allow cod4_t cod4_ro_t:file read_file_perms; + +manage_files_pattern(cod4_t, cod4_rw_t, cod4_rw_t) +manage_dirs_pattern(cod4_t, cod4_rw_t, cod4_rw_t) +setattr_files_pattern(cod4_t, cod4_rw_t, cod4_rw_t) + +sysnet_dns_name_resolve(cod4_t) -- 1.8.3.1