From 4ebaca99cf2410432f43b8bdb1511de169643e4e Mon Sep 17 00:00:00 2001
From: Ralf Ertzinger <ralf@skytale.net>
Date: Mon, 24 Aug 2015 17:52:26 +0000
Subject: [PATCH] q3a: Add support for ioquake binaries

---
 q3a/q3a.fc | 9 +++++----
 q3a/q3a.te | 6 +++++-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/q3a/q3a.fc b/q3a/q3a.fc
index 93362c7..a1c0178 100644
--- a/q3a/q3a.fc
+++ b/q3a/q3a.fc
@@ -1,4 +1,5 @@
-/etank/games/q3a/q3ded                --      gen_context(system_u:object_r:q3a_exec_t,s0)
-/etank/games/q3a/.*/qagamei386.so     --      gen_context(system_u:object_r:q3a_exec_t,s0)
-/etank/games/q3a(/.*)?                        gen_context(system_u:object_r:q3a_ro_t,s0)
-/etank/games/q3a/.q3a(/.*)?                   gen_context(system_u:object_r:q3a_rw_t,s0)
+/etank/games/q3a/q3ded                  --      gen_context(system_u:object_r:q3a_exec_t,s0)
+/etank/games/q3a/ioq3ded\.(x86_64|i386) --      gen_context(system_u:object_r:q3a_exec_t,s0)
+/etank/games/q3a/.*/qagamei386.so       --      gen_context(system_u:object_r:q3a_exec_t,s0)
+/etank/games/q3a(/.*)?                          gen_context(system_u:object_r:q3a_ro_t,s0)
+/etank/games/q3a/.q3a(/.*)?                     gen_context(system_u:object_r:q3a_rw_t,s0)
diff --git a/q3a/q3a.te b/q3a/q3a.te
index dc54c6a..371ef6b 100644
--- a/q3a/q3a.te
+++ b/q3a/q3a.te
@@ -1,4 +1,4 @@
-policy_module(q3a, 0.1.14)
+policy_module(q3a, 0.1.19)
 
 # File context for the executable process
 type q3a_t;
@@ -30,3 +30,7 @@ setattr_files_pattern(q3a_t, q3a_rw_t, q3a_rw_t)
 
 sysnet_dns_name_resolve(q3a_t)
 files_tmp_filetrans(q3a_t, q3a_tmp_t, { file dir})
+
+dev_read_urand(q3a_t)
+
+allow q3a_t self:process execmem;
-- 
1.8.3.1