owncloud: extend policy with necessary permissions

owncloud.te

@@ -1,5 +1,8 @@
-policy_module(owncloud, 0.0.1)
+policy_module(owncloud, 0.0.3)
 
+require {
+  type httpd_sys_content_t;
+}
 ########################################
 #
 # Declarations
@@ -11,6 +14,31 @@ type owncloud_t;
 type owncloud_exec_t;
 init_system_domain(owncloud_t, owncloud_exec_t)
 
+allow owncloud_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
+allow owncloud_t self:tcp_socket { connect create getattr getopt read setopt shutdown write };
+allow owncloud_t self:udp_socket { connect create getattr read write };
+allow owncloud_t self:unix_stream_socket { connect create read write };
+
+corecmd_exec_bin(owncloud_t)
+corecmd_exec_shell(owncloud_t)
+
+files_read_etc_files(owncloud_t)
+files_manage_generic_tmp_dirs(owncloud_t)
+files_search_pids(owncloud_t)
+files_search_var(owncloud_t)
+
+corenet_tcp_connect_http_port(owncloud_t)
+corenet_tcp_connect_ldap_port(owncloud_t)
+
+apache_manage_sys_content(owncloud_t)
+allow owncloud_t httpd_sys_content_t:file map;
+
+miscfiles_read_localization(owncloud_t)
+
+mysql_stream_connect(owncloud_t)
+
+sysnet_read_config(owncloud_t)
+
 optional_policy(`
         cron_system_entry(owncloud_t, owncloud_exec_t)
 ')