selinux-refpolicy/policy/modules/services/milter.if
Chris PeBenito 0992763548 Update callers for "pid" to "runtime" interface rename.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
2020-06-28 16:03:45 -04:00

118 lines
2.5 KiB
Plaintext

## <summary>Milter mail filters.</summary>
#######################################
## <summary>
## The template to define a milter domain.
## </summary>
## <param name="domain_prefix">
## <summary>
## Domain prefix to be used.
## </summary>
## </param>
#
template(`milter_template',`
gen_require(`
attribute milter_data_type, milter_domains;
')
########################################
#
# Declarations
#
type $1_milter_t, milter_domains;
type $1_milter_exec_t;
init_daemon_domain($1_milter_t, $1_milter_exec_t)
type $1_milter_data_t, milter_data_type;
files_runtime_file($1_milter_data_t)
########################################
#
# Policy
#
manage_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
manage_sock_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
auth_use_nsswitch($1_milter_t)
')
########################################
## <summary>
## connect to all milter domains using
## a unix domain stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`milter_stream_connect_all',`
gen_require(`
attribute milter_data_type, milter_domains;
')
files_search_runtime($1)
stream_connect_pattern($1, milter_data_type, milter_data_type, milter_domains)
')
########################################
## <summary>
## Get attributes of all milter sock files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`milter_getattr_all_sockets',`
gen_require(`
attribute milter_data_type;
')
getattr_sock_files_pattern($1, milter_data_type, milter_data_type)
')
########################################
## <summary>
## Create, read, write, and delete
## spamassissin milter data content.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`milter_manage_spamass_state',`
gen_require(`
type spamass_milter_state_t;
')
files_search_var_lib($1)
manage_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
manage_dirs_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
manage_lnk_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
')
########################################
## <summary>
## Get the attributes of the spamassissin milter data dir.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`milter_getattr_data_dir',`
gen_require(`
type spamass_milter_data_t;
')
allow $1 spamass_milter_data_t:dir getattr;
')