minecraft.te 2.0 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970
  1. policy_module(minecraft, 1.1.8)
  2. ########################################
  3. #
  4. # Declarations
  5. #
  6. attribute_role minecraft_roles;
  7. type minecraft_t;
  8. type minecraft_exec_t;
  9. init_daemon_domain(minecraft_t, minecraft_exec_t)
  10. type minecraft_tmp_t;
  11. files_tmp_file(minecraft_tmp_t)
  12. type minecraft_opt_t;
  13. files_type(minecraft_opt_t)
  14. ########################################
  15. #
  16. # Local policy
  17. #
  18. allow minecraft_t self:process { execmem getsched };
  19. allow minecraft_t self:fifo_file { read write getattr };
  20. allow minecraft_t self:tcp_socket { create bind getattr setopt listen write read connect getopt accept};
  21. allow minecraft_t self:udp_socket { create ioctl write read getattr connect };
  22. allow minecraft_t self:netlink_route_socket { write getattr read bind create nlmsg_read };
  23. manage_dirs_pattern(minecraft_t, minecraft_opt_t, minecraft_opt_t)
  24. manage_files_pattern(minecraft_t, minecraft_opt_t, minecraft_opt_t)
  25. type_transition minecraft_t minecraft_opt_t:file minecraft_opt_t;
  26. type_transition minecraft_t minecraft_opt_t:dir minecraft_opt_t;
  27. manage_dirs_pattern(minecraft_t,minecraft_tmp_t,minecraft_tmp_t)
  28. manage_files_pattern(minecraft_t,minecraft_tmp_t,minecraft_tmp_t)
  29. allow minecraft_t minecraft_tmp_t:file execute;
  30. files_tmp_filetrans(minecraft_t,minecraft_tmp_t, { file dir })
  31. corecmd_exec_bin(minecraft_t)
  32. corecmd_exec_shell(minecraft_t)
  33. files_read_etc_files(minecraft_t)
  34. files_read_usr_files(minecraft_t)
  35. miscfiles_read_localization(minecraft_t)
  36. sysnet_read_config(minecraft_t)
  37. dev_read_urand(minecraft_t)
  38. dev_read_sysfs(minecraft_t)
  39. dev_read_rand(minecraft_t)
  40. kernel_read_vm_sysctls(minecraft_t)
  41. kernel_read_network_state(minecraft_t)
  42. kernel_read_system_state(minecraft_t)
  43. kernel_search_network_sysctl(minecraft_t)
  44. kernel_read_net_sysctls(minecraft_t)
  45. corenet_tcp_connect_http_port(minecraft_t)
  46. corenet_tcp_bind_all_unreserved_ports(minecraft_t)
  47. corenet_tcp_bind_generic_node(minecraft_t)
  48. optional_policy(`
  49. gen_require(`
  50. type supervisor_t;
  51. ')
  52. supervisor_service_domain(minecraft_t,minecraft_exec_t)
  53. allow supervisor_t minecraft_opt_t:dir search;
  54. ')