|
|
@@ -0,0 +1,49 @@
|
|
|
+policy_module(overviewer, 0.1.2)
|
|
|
+
|
|
|
+#################################
|
|
|
+#
|
|
|
+# Declarations
|
|
|
+#
|
|
|
+
|
|
|
+type overviewer_t;
|
|
|
+type overviewer_exec_t;
|
|
|
+init_system_domain(overviewer_t, overviewer_exec_t)
|
|
|
+
|
|
|
+########################################
|
|
|
+#
|
|
|
+# Local policy
|
|
|
+#
|
|
|
+
|
|
|
+allow overviewer_t self:fifo_file { getattr ioctl read write };
|
|
|
+
|
|
|
+gen_require(`
|
|
|
+ type minecraft_opt_t;
|
|
|
+')
|
|
|
+search_dirs_pattern(overviewer_t, minecraft_opt_t, minecraft_opt_t)
|
|
|
+read_files_pattern(overviewer_t, minecraft_opt_t, minecraft_opt_t)
|
|
|
+allow overviewer_t minecraft_opt_t:dir read;
|
|
|
+
|
|
|
+apache_manage_sys_content(overviewer_t)
|
|
|
+
|
|
|
+corecmd_exec_all_executables(overviewer_t)
|
|
|
+corecmd_exec_shell(overviewer_t)
|
|
|
+
|
|
|
+files_read_etc_files(overviewer_t)
|
|
|
+files_manage_generic_tmp_files(overviewer_t)
|
|
|
+miscfiles_read_localization(overviewer_t)
|
|
|
+
|
|
|
+dev_read_urand(overviewer_t)
|
|
|
+
|
|
|
+gen_require(`
|
|
|
+ type tmp_t;
|
|
|
+')
|
|
|
+allow overviewer_t tmp_t:file execute;
|
|
|
+
|
|
|
+optional_policy(`
|
|
|
+ cron_system_entry(overviewer_t, overviewer_exec_t)
|
|
|
+')
|
|
|
+
|
|
|
+gen_require(`
|
|
|
+ type crond_tmp_t;
|
|
|
+')
|
|
|
+allow overviewer_t crond_tmp_t:file { read write ioctl getattr };
|
