Home Explore Help
Sign In
Hoshpak
/
gentoo-selinux-policies
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

minecraft: add policy module

Helmut Pozimski 4 years ago
parent
a611f165b5
commit
9a663b4502
2 changed files with 75 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      minecraft.fc
  2. 73 0
      minecraft.te

+ 2 - 0
minecraft.fc
View File 

@@ -0,0 +1,2 @@
 
+/opt/minecraft/minecraft.sh	--	gen_context(system_u:object_r:minecraft_exec_t,s0)
 
+/opt/minecraft(/.*)?		gen_context(system_u:object_r:minecraft_opt_t,s0)

+ 73 - 0
minecraft.te
View File 

@@ -0,0 +1,73 @@
 
+policy_module(minecraft, 1.1.9)
 
+
 
+########################################
 
+#
 
+# Declarations
 
+#
 
+
 
+attribute_role minecraft_roles;
 
+
 
+type minecraft_t;
 
+type minecraft_exec_t;
 
+init_daemon_domain(minecraft_t, minecraft_exec_t)
 
+
 
+type minecraft_tmp_t;
 
+files_tmp_file(minecraft_tmp_t)
 
+
 
+type minecraft_opt_t;
 
+files_type(minecraft_opt_t)
 
+
 
+########################################
 
+#
 
+# Local policy
 
+#
 
+
 
+allow minecraft_t self:process { execmem getsched };
 
+allow minecraft_t self:fifo_file { read write getattr };
 
+allow minecraft_t self:tcp_socket { create bind getattr setopt listen write read connect getopt accept};
 
+allow minecraft_t self:udp_socket { create ioctl write read getattr connect };
 
+allow minecraft_t self:netlink_route_socket { write getattr read bind create nlmsg_read };
 
+
 
+manage_dirs_pattern(minecraft_t, minecraft_opt_t, minecraft_opt_t)
 
+manage_files_pattern(minecraft_t, minecraft_opt_t, minecraft_opt_t)
 
+type_transition minecraft_t minecraft_opt_t:file minecraft_opt_t;
 
+type_transition minecraft_t minecraft_opt_t:dir minecraft_opt_t;
 
+
 
+manage_dirs_pattern(minecraft_t,minecraft_tmp_t,minecraft_tmp_t)
 
+manage_files_pattern(minecraft_t,minecraft_tmp_t,minecraft_tmp_t)
 
+allow minecraft_t minecraft_tmp_t:file execute;
 
+files_tmp_filetrans(minecraft_t,minecraft_tmp_t, { file dir })
 
+
 
+corecmd_exec_bin(minecraft_t)
 
+corecmd_exec_shell(minecraft_t)
 
+
 
+files_read_etc_files(minecraft_t)
 
+files_read_usr_files(minecraft_t)
 
+
 
+miscfiles_read_localization(minecraft_t)
 
+sysnet_read_config(minecraft_t)
 
+
 
+dev_read_urand(minecraft_t)
 
+dev_read_sysfs(minecraft_t)
 
+dev_read_rand(minecraft_t)
 
+
 
+kernel_read_vm_sysctls(minecraft_t)
 
+kernel_read_network_state(minecraft_t)
 
+kernel_read_system_state(minecraft_t)
 
+kernel_search_network_sysctl(minecraft_t)
 
+kernel_read_net_sysctls(minecraft_t)
 
+kernel_read_vm_overcommit_sysctl(minecraft_t)
 
+
 
+corenet_tcp_connect_http_port(minecraft_t)
 
+corenet_tcp_bind_all_unreserved_ports(minecraft_t)
 
+corenet_tcp_bind_generic_node(minecraft_t)
 
+
 
+java_exec(minecraft_t)
 
+
 
+optional_policy(`
 
+  gen_require(`
 
+    type supervisor_t;
 
+  ')
 
+  supervisor_service_domain(minecraft_t,minecraft_exec_t)
 
+  allow supervisor_t minecraft_opt_t:dir search;
 
+')