From 7ddf20a71a910f0f2e892ce09d611e1af31738d9 Mon Sep 17 00:00:00 2001
From: Ralf Ertzinger <ralf@skytale.net>
Date: Fri, 14 Nov 2014 15:32:14 +0000
Subject: [PATCH] Add rules for UT2004

---
 ut2004/ut2004.fc |  4 ++++
 ut2004/ut2004.if |  1 +
 ut2004/ut2004.te | 40 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 45 insertions(+)
 create mode 100644 ut2004/ut2004.fc
 create mode 100644 ut2004/ut2004.if
 create mode 100644 ut2004/ut2004.te

diff --git a/ut2004/ut2004.fc b/ut2004/ut2004.fc
new file mode 100644
index 0000000..f287272
--- /dev/null
+++ b/ut2004/ut2004.fc
@@ -0,0 +1,4 @@
+/etank/games/ut2004/ut2004/System/(ucc-bin|ucc-bin-linux-amd64) -- gen_context(system_u:object_r:ut2004_exec_t,s0)
+/etank/games/ut2004/ut2004(/.*)?                                   gen_context(system_u:object_r:ut2004_ro_t,s0)
+/etank/games/ut2004/ut2004/System/UCC.log                          gen_context(system_u:object_r:ut2004_rw_t,s0)
+/etank/games/ut2004/ut2004/System/.*\.ini                          gen_context(system_u:object_r:ut2004_rw_t,s0)
diff --git a/ut2004/ut2004.if b/ut2004/ut2004.if
new file mode 100644
index 0000000..3eb6a30
--- /dev/null
+++ b/ut2004/ut2004.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/ut2004/ut2004.te b/ut2004/ut2004.te
new file mode 100644
index 0000000..82cbdaf
--- /dev/null
+++ b/ut2004/ut2004.te
@@ -0,0 +1,40 @@
+policy_module(ut2004, 0.1.0)
+
+require {
+    type interwise_port_t;
+}
+
+# File context for the executable process
+type ut2004_t;
+type ut2004_exec_t;
+
+type ut2004_rw_t;
+files_type(ut2004_rw_t)
+
+type ut2004_ro_t;
+files_type(ut2004_ro_t)
+
+#type ut2004_tmp_t;
+#files_tmp_file(ut2004_tmp_t)
+
+init_daemon_domain(ut2004_t, ut2004_exec_t)
+
+corenet_udp_sendrecv_generic_port(ut2004_t)
+corenet_udp_bind_generic_port(ut2004_t)
+corenet_udp_bind_generic_node(ut2004_t)
+
+allow ut2004_t ut2004_ro_t:dir list_dir_perms;
+allow ut2004_t ut2004_ro_t:file read_file_perms;
+#allow ut2004_t ut2004_tmp_t:file manage_file_perms;
+#allow ut2004_t ut2004_tmp_t:dir manage_dir_perms;
+
+manage_files_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)
+manage_dirs_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)
+setattr_files_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t)
+
+sysnet_dns_name_resolve(ut2004_t)
+#files_tmp_filetrans(ut2004_t, ut2004_tmp_t, { file dir})
+
+# The UT2004 default port is labelled interwise_port_t on some
+# Fedora policies
+allow ut2004_t interwise_port_t:udp_socket name_bind;
-- 
1.8.3.1