From bf6d46759c3ed88e350792850d61282c29100309 Mon Sep 17 00:00:00 2001
From: Ralf Ertzinger <ralf@skytale.net>
Date: Sat, 26 Apr 2014 21:05:29 +0000
Subject: [PATCH] Add q3a policy

---
 q3a/q3a.fc |  4 ++++
 q3a/q3a.if |  1 +
 q3a/q3a.te | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 q3a/q3a.fc
 create mode 100644 q3a/q3a.if
 create mode 100644 q3a/q3a.te

diff --git a/q3a/q3a.fc b/q3a/q3a.fc
new file mode 100644
index 0000000..93362c7
--- /dev/null
+++ b/q3a/q3a.fc
@@ -0,0 +1,4 @@
+/etank/games/q3a/q3ded                --      gen_context(system_u:object_r:q3a_exec_t,s0)
+/etank/games/q3a/.*/qagamei386.so     --      gen_context(system_u:object_r:q3a_exec_t,s0)
+/etank/games/q3a(/.*)?                        gen_context(system_u:object_r:q3a_ro_t,s0)
+/etank/games/q3a/.q3a(/.*)?                   gen_context(system_u:object_r:q3a_rw_t,s0)
diff --git a/q3a/q3a.if b/q3a/q3a.if
new file mode 100644
index 0000000..3eb6a30
--- /dev/null
+++ b/q3a/q3a.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/q3a/q3a.te b/q3a/q3a.te
new file mode 100644
index 0000000..a154cf9
--- /dev/null
+++ b/q3a/q3a.te
@@ -0,0 +1,32 @@
+policy_module(q3a, 0.1.13)
+
+# File context for the executable process
+type q3a_t;
+type q3a_exec_t;
+
+type q3a_rw_t;
+files_type(q3a_rw_t)
+
+type q3a_ro_t;
+files_type(q3a_ro_t)
+
+type q3a_tmp_t;
+files_tmp_file(q3a_tmp_t)
+
+init_daemon_domain(q3a_t, q3a_exec_t)
+
+corenet_udp_sendrecv_generic_port(q3a_t)
+corenet_udp_bind_generic_port(q3a_t)
+corenet_udp_bind_generic_node(q3a_t)
+
+allow q3a_t q3a_ro_t:dir list_dir_perms;
+allow q3a_t q3a_ro_t:file read_file_perms;
+allow q3a_t q3a_tmp_t:file manage_file_perms;
+allow q3a_t q3a_tmp_t:dir manage_dir_perms;
+
+manage_files_pattern(q3a_t, q3a_rw_t, q3a_rw_t)
+manage_dirs_pattern(q3a_t, q3a_rw_t, q3a_rw_t)
+setattr_files_pattern(q3a_t, q3a_rw_t, q3a_rw_t)
+
+sysnet_dns_name_resolve(q3a_t)
+files_tmp_filetrans(q3a_t, q3a_tmp_t, { file dir})
-- 
1.8.3.1