9127219358
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.
param with one space
and content inside with one tab
This was done with:
sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
s/^##[[:space:]]*/##\t/;
s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if
Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
322 lines
5.9 KiB
Plaintext
322 lines
5.9 KiB
Plaintext
## <summary>Mail transfer agent.</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute exim in the caller domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`exim_exec',`
|
|
gen_require(`
|
|
type exim_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
can_exec($1, exim_exec_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run exim.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`exim_domtrans',`
|
|
gen_require(`
|
|
type exim_t, exim_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
domtrans_pattern($1, exim_exec_t, exim_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute exim in the exim domain,
|
|
## and allow the specified role
|
|
## the exim domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`exim_run',`
|
|
gen_require(`
|
|
attribute_role exim_roles;
|
|
')
|
|
|
|
exim_domtrans($1)
|
|
roleattribute $2 exim_roles;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to read exim
|
|
## temporary tmp files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain to not audit.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`exim_dontaudit_read_tmp_files',`
|
|
gen_require(`
|
|
type exim_tmp_t;
|
|
')
|
|
|
|
dontaudit $1 exim_tmp_t:file read_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read exim temporary files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`exim_read_tmp_files',`
|
|
gen_require(`
|
|
type exim_tmp_t;
|
|
')
|
|
|
|
allow $1 exim_tmp_t:file read_file_perms;
|
|
files_search_tmp($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read exim pid files. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`exim_read_pid_files',`
|
|
refpolicywarn(`$0($*) has been deprecated.')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read exim log files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`exim_read_log',`
|
|
gen_require(`
|
|
type exim_log_t;
|
|
')
|
|
|
|
read_files_pattern($1, exim_log_t, exim_log_t)
|
|
logging_search_logs($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Append exim log files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`exim_append_log',`
|
|
gen_require(`
|
|
type exim_log_t;
|
|
')
|
|
|
|
append_files_pattern($1, exim_log_t, exim_log_t)
|
|
logging_search_logs($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete
|
|
## exim log files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`exim_manage_log',`
|
|
gen_require(`
|
|
type exim_log_t;
|
|
')
|
|
|
|
manage_files_pattern($1, exim_log_t, exim_log_t)
|
|
logging_search_logs($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete
|
|
## exim spool directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`exim_manage_spool_dirs',`
|
|
gen_require(`
|
|
type exim_spool_t;
|
|
')
|
|
|
|
manage_dirs_pattern($1, exim_spool_t, exim_spool_t)
|
|
files_search_spool($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read exim spool files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`exim_read_spool_files',`
|
|
gen_require(`
|
|
type exim_spool_t;
|
|
')
|
|
|
|
allow $1 exim_spool_t:file read_file_perms;
|
|
allow $1 exim_spool_t:dir list_dir_perms;
|
|
files_search_spool($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete
|
|
## exim spool files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`exim_manage_spool_files',`
|
|
gen_require(`
|
|
type exim_spool_t;
|
|
')
|
|
|
|
manage_files_pattern($1, exim_spool_t, exim_spool_t)
|
|
files_search_spool($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read exim var lib files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`exim_read_var_lib_files',`
|
|
gen_require(`
|
|
type exim_var_lib_t;
|
|
')
|
|
|
|
read_files_pattern($1, exim_var_lib_t, exim_var_lib_t)
|
|
files_search_var_lib($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, and write exim var lib files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`exim_manage_var_lib_files',`
|
|
gen_require(`
|
|
type exim_var_lib_t;
|
|
')
|
|
|
|
manage_files_pattern($1, exim_var_lib_t, exim_var_lib_t)
|
|
files_search_var_lib($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## All of the rules required to
|
|
## administrate an exim environment.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`exim_admin',`
|
|
gen_require(`
|
|
type exim_t, exim_spool_t, exim_log_t;
|
|
type exim_pid_t, exim_initrc_exec_t, exim_tmp_t;
|
|
type exim_keytab_t;
|
|
')
|
|
|
|
allow $1 exim_t:process { ptrace signal_perms };
|
|
ps_process_pattern($1, exim_t)
|
|
|
|
init_startstop_service($1, $2, exim_t, exim_initrc_exec_t)
|
|
|
|
files_search_etc($1)
|
|
admin_pattern($1, exim_keytab_t)
|
|
|
|
files_search_spool($1)
|
|
admin_pattern($1, exim_spool_t)
|
|
|
|
logging_search_logs($1)
|
|
admin_pattern($1, exim_log_t)
|
|
|
|
files_search_runtime($1)
|
|
admin_pattern($1, exim_pid_t)
|
|
|
|
files_search_tmp($1)
|
|
admin_pattern($1, exim_tmp_t)
|
|
')
|