From 43e7b988bc5243fb66e18a5171a48d8ade51b94f Mon Sep 17 00:00:00 2001
From: Ralf Ertzinger <ralf@skytale.net>
Date: Sun, 4 Dec 2016 18:47:20 +0000
Subject: [PATCH] Update cod4, q3a, quake2, tesseract, tf2, ts3 and ut2004 to
 new interfaces

---
 cod4/cod4.te           |  5 ++---
 q3a/q3a.if             |  2 +-
 q3a/q3a.te             | 10 ++++------
 quake2/quake2.if       |  2 +-
 quake2/quake2.te       | 11 +++--------
 tesseract/tesseract.if |  2 +-
 tesseract/tesseract.te | 15 ++-------------
 tf2/tf2.if             |  2 +-
 tf2/tf2.te             | 10 ++--------
 ts3/ts3.if             |  2 +-
 ts3/ts3.te             |  5 ++---
 ut2004/ut2004.if       |  2 +-
 ut2004/ut2004.te       | 10 ++--------
 13 files changed, 23 insertions(+), 55 deletions(-)
 mode change 100644 => 120000 q3a/q3a.if
 mode change 100644 => 120000 quake2/quake2.if
 mode change 100644 => 120000 tesseract/tesseract.if
 mode change 100644 => 120000 tf2/tf2.if
 mode change 100644 => 120000 ts3/ts3.if
 mode change 100644 => 120000 ut2004/ut2004.if

diff --git a/cod4/cod4.te b/cod4/cod4.te
index 1caf48e..6b0284d 100644
--- a/cod4/cod4.te
+++ b/cod4/cod4.te
@@ -1,4 +1,4 @@
-policy_module(cod4, 0.1.24)
+policy_module(cod4, 0.1.26)
 
 # File context for the executable process
 type cod4_t;
@@ -16,8 +16,7 @@ corenet_udp_sendrecv_generic_port(cod4_t)
 corenet_udp_bind_generic_port(cod4_t)
 corenet_udp_bind_generic_node(cod4_t)
 
-allow cod4_t cod4_ro_t:dir list_dir_perms;
-allow cod4_t cod4_ro_t:file read_file_perms;
+read_files_pattern(cod4_t, cod4_ro_t, cod4_ro_t)
 
 manage_files_pattern(cod4_t, cod4_rw_t, cod4_rw_t)
 manage_dirs_pattern(cod4_t, cod4_rw_t, cod4_rw_t)
diff --git a/q3a/q3a.if b/q3a/q3a.if
deleted file mode 100644
index 3eb6a30..0000000
--- a/q3a/q3a.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary></summary>
diff --git a/q3a/q3a.if b/q3a/q3a.if
new file mode 120000
index 0000000..196caaa
--- /dev/null
+++ b/q3a/q3a.if
@@ -0,0 +1 @@
+../include/_sky_.if
\ No newline at end of file
diff --git a/q3a/q3a.te b/q3a/q3a.te
index 371ef6b..ef9da68 100644
--- a/q3a/q3a.te
+++ b/q3a/q3a.te
@@ -1,4 +1,4 @@
-policy_module(q3a, 0.1.19)
+policy_module(q3a, 0.1.23)
 
 # File context for the executable process
 type q3a_t;
@@ -10,8 +10,7 @@ files_type(q3a_rw_t)
 type q3a_ro_t;
 files_type(q3a_ro_t)
 
-type q3a_tmp_t;
-files_tmp_file(q3a_tmp_t)
+_sky_files_use_tmp(q3a_t, q3a_tmp_t)
 
 init_daemon_domain(q3a_t, q3a_exec_t)
 
@@ -19,17 +18,16 @@ corenet_udp_sendrecv_generic_port(q3a_t)
 corenet_udp_bind_generic_port(q3a_t)
 corenet_udp_bind_generic_node(q3a_t)
 
+read_files_pattern(q3a_t, q3a_ro_t, q3a_ro_t)
+
 allow q3a_t q3a_ro_t:dir list_dir_perms;
 allow q3a_t q3a_ro_t:file read_file_perms;
-allow q3a_t q3a_tmp_t:file manage_file_perms;
-allow q3a_t q3a_tmp_t:dir manage_dir_perms;
 
 manage_files_pattern(q3a_t, q3a_rw_t, q3a_rw_t)
 manage_dirs_pattern(q3a_t, q3a_rw_t, q3a_rw_t)
 setattr_files_pattern(q3a_t, q3a_rw_t, q3a_rw_t)
 
 sysnet_dns_name_resolve(q3a_t)
-files_tmp_filetrans(q3a_t, q3a_tmp_t, { file dir})
 
 dev_read_urand(q3a_t)
 
diff --git a/quake2/quake2.if b/quake2/quake2.if
deleted file mode 100644
index 3eb6a30..0000000
--- a/quake2/quake2.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary></summary>
diff --git a/quake2/quake2.if b/quake2/quake2.if
new file mode 120000
index 0000000..196caaa
--- /dev/null
+++ b/quake2/quake2.if
@@ -0,0 +1 @@
+../include/_sky_.if
\ No newline at end of file
diff --git a/quake2/quake2.te b/quake2/quake2.te
index b1f62ec..8e980e5 100644
--- a/quake2/quake2.te
+++ b/quake2/quake2.te
@@ -1,4 +1,4 @@
-policy_module(quake2, 0.1.5)
+policy_module(quake2, 0.1.9)
 
 # File context for the executable process
 type quake2_t;
@@ -10,8 +10,7 @@ files_type(quake2_rw_t)
 type quake2_ro_t;
 files_type(quake2_ro_t)
 
-type quake2_tmp_t;
-files_tmp_file(quake2_tmp_t)
+_sky_files_use_tmp(quake2_t, quake2_tmp_t)
 
 init_daemon_domain(quake2_t, quake2_exec_t)
 
@@ -19,16 +18,12 @@ corenet_udp_sendrecv_generic_port(quake2_t)
 corenet_udp_bind_generic_port(quake2_t)
 corenet_udp_bind_generic_node(quake2_t)
 
-allow quake2_t quake2_ro_t:dir list_dir_perms;
-allow quake2_t quake2_ro_t:file read_file_perms;
-#allow quake2_t quake2_tmp_t:file manage_file_perms;
-#allow quake2_t quake2_tmp_t:dir manage_dir_perms;
+read_files_pattern(quake2_t, quake2_ro_t, quake2_ro_t)
 
 manage_files_pattern(quake2_t, quake2_rw_t, quake2_rw_t)
 manage_dirs_pattern(quake2_t, quake2_rw_t, quake2_rw_t)
 setattr_files_pattern(quake2_t, quake2_rw_t, quake2_rw_t)
 
 sysnet_dns_name_resolve(quake2_t)
-files_tmp_filetrans(quake2_t, quake2_tmp_t, { file dir})
 
 allow quake2_t self:process execmem;
diff --git a/tesseract/tesseract.if b/tesseract/tesseract.if
deleted file mode 100644
index 3eb6a30..0000000
--- a/tesseract/tesseract.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary></summary>
diff --git a/tesseract/tesseract.if b/tesseract/tesseract.if
new file mode 120000
index 0000000..196caaa
--- /dev/null
+++ b/tesseract/tesseract.if
@@ -0,0 +1 @@
+../include/_sky_.if
\ No newline at end of file
diff --git a/tesseract/tesseract.te b/tesseract/tesseract.te
index 7add4f0..ee16447 100644
--- a/tesseract/tesseract.te
+++ b/tesseract/tesseract.te
@@ -1,4 +1,4 @@
-policy_module(tesseract, 0.1.1)
+policy_module(tesseract, 0.1.3)
 
 # File context for the executable process
 type tesseract_t;
@@ -10,23 +10,12 @@ files_type(tesseract_rw_t)
 type tesseract_ro_t;
 files_type(tesseract_ro_t)
 
-#type tesseract_tmp_t;
-#files_tmp_file(tesseract_tmp_t)
-
 init_daemon_domain(tesseract_t, tesseract_exec_t)
 
 corenet_udp_sendrecv_generic_port(tesseract_t)
 corenet_udp_bind_generic_port(tesseract_t)
 corenet_udp_bind_generic_node(tesseract_t)
 
-allow tesseract_t tesseract_ro_t:dir list_dir_perms;
-allow tesseract_t tesseract_ro_t:file read_file_perms;
-#allow tesseract_t tesseract_tmp_t:file manage_file_perms;
-#allow tesseract_t tesseract_tmp_t:dir manage_dir_perms;
-
-#manage_files_pattern(tesseract_t, tesseract_rw_t, tesseract_rw_t)
-#manage_dirs_pattern(tesseract_t, tesseract_rw_t, tesseract_rw_t)
-#setattr_files_pattern(tesseract_t, tesseract_rw_t, tesseract_rw_t)
+read_files_pattern(tesseract_t, tesseract_ro_t, tesseract_ro_t)
 
 sysnet_dns_name_resolve(tesseract_t)
-#files_tmp_filetrans(tesseract_t, tesseract_tmp_t, { file dir})
diff --git a/tf2/tf2.if b/tf2/tf2.if
deleted file mode 100644
index 3eb6a30..0000000
--- a/tf2/tf2.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary></summary>
diff --git a/tf2/tf2.if b/tf2/tf2.if
new file mode 120000
index 0000000..196caaa
--- /dev/null
+++ b/tf2/tf2.if
@@ -0,0 +1 @@
+../include/_sky_.if
\ No newline at end of file
diff --git a/tf2/tf2.te b/tf2/tf2.te
index d6db454..1e08a9f 100644
--- a/tf2/tf2.te
+++ b/tf2/tf2.te
@@ -1,4 +1,4 @@
-policy_module(tf2, 0.1.21)
+policy_module(tf2, 0.1.22)
 
 require {
     type default_t;
@@ -16,8 +16,6 @@ files_type(tf2_rw_t)
 type tf2_ro_t;
 files_type(tf2_ro_t)
 
-# type tf2_tmp_t;
-# files_tmp_file(tf2_tmp_t)
 
 init_daemon_domain(tf2_t, tf2_exec_t)
 
@@ -31,17 +29,13 @@ corenet_tcp_sendrecv_generic_port(tf2_t)
 corenet_tcp_bind_generic_port(tf2_t)
 corenet_tcp_bind_generic_node(tf2_t)
 
-allow tf2_t tf2_ro_t:dir list_dir_perms;
-allow tf2_t tf2_ro_t:file read_file_perms;
-#allow tf2_t tf2_tmp_t:file manage_file_perms;
-#allow tf2_t tf2_tmp_t:dir manage_dir_perms;
+read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t)
 
 manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 setattr_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t)
 
 sysnet_dns_name_resolve(tf2_t)
-# files_tmp_filetrans(tf2_t, tf2_tmp_t, { file dir})
 
 # Needed to load shared libs
 allow tf2_t tf2_exec_t:file execmod;
diff --git a/ts3/ts3.if b/ts3/ts3.if
deleted file mode 100644
index 3eb6a30..0000000
--- a/ts3/ts3.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary></summary>
diff --git a/ts3/ts3.if b/ts3/ts3.if
new file mode 120000
index 0000000..196caaa
--- /dev/null
+++ b/ts3/ts3.if
@@ -0,0 +1 @@
+../include/_sky_.if
\ No newline at end of file
diff --git a/ts3/ts3.te b/ts3/ts3.te
index 4cf9e8e..00a2ef2 100644
--- a/ts3/ts3.te
+++ b/ts3/ts3.te
@@ -1,4 +1,4 @@
-policy_module(ts3, 0.1.21)
+policy_module(ts3, 0.1.22)
 
 # File context for the executable process
 type ts3_t;
@@ -21,8 +21,7 @@ corenet_tcp_bind_generic_node(ts3_t)
 
 allow ts3_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms };
 
-allow ts3_t ts3_ro_t:dir list_dir_perms;
-allow ts3_t ts3_ro_t:file read_file_perms;
+read_files_pattern(ts3_t, ts3_ro_t, ts3_ro_t)
 
 manage_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
 manage_dirs_pattern(ts3_t, ts3_rw_t, ts3_rw_t)
diff --git a/ut2004/ut2004.if b/ut2004/ut2004.if
deleted file mode 100644
index 3eb6a30..0000000
--- a/ut2004/ut2004.if
+++ /dev/null
@@ -1 +0,0 @@
-## <summary></summary>
diff --git a/ut2004/ut2004.if b/ut2004/ut2004.if
new file mode 120000
index 0000000..196caaa
--- /dev/null
+++ b/ut2004/ut2004.if
@@ -0,0 +1 @@
+../include/_sky_.if
\ No newline at end of file
diff --git a/ut2004/ut2004.te b/ut2004/ut2004.te
index 08e9660..981c20a 100644
--- a/ut2004/ut2004.te
+++ b/ut2004/ut2004.te
@@ -1,4 +1,4 @@
-policy_module(ut2004, 0.1.1)
+policy_module(ut2004, 0.1.2)
 
 require {
     type interwise_port_t;
@@ -14,19 +14,13 @@ files_type(ut2004_rw_t)
 type ut2004_ro_t;
 files_type(ut2004_ro_t)
 
-#type ut2004_tmp_t;
-#files_tmp_file(ut2004_tmp_t)
-
 init_daemon_domain(ut2004_t, ut2004_exec_t)
 
 corenet_udp_sendrecv_generic_port(ut2004_t)
 corenet_udp_bind_generic_port(ut2004_t)
 corenet_udp_bind_generic_node(ut2004_t)
 
-allow ut2004_t ut2004_ro_t:dir list_dir_perms;
-allow ut2004_t ut2004_ro_t:file read_file_perms;
-#allow ut2004_t ut2004_tmp_t:file manage_file_perms;
-#allow ut2004_t ut2004_tmp_t:dir manage_dir_perms;
+read_files_pattern(ut2004_t, ut2004_ro_t, ut2004_ro_t)
 
 manage_files_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)
 manage_dirs_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)
-- 
1.8.3.1