diff options
Diffstat (limited to 'policy/modules/contrib/courier.if')
-rw-r--r-- | policy/modules/contrib/courier.if | 228 |
1 files changed, 0 insertions, 228 deletions
diff --git a/policy/modules/contrib/courier.if b/policy/modules/contrib/courier.if deleted file mode 100644 index 0705659e4..000000000 --- a/policy/modules/contrib/courier.if +++ /dev/null @@ -1,228 +0,0 @@ -## <summary>Courier IMAP and POP3 email servers.</summary> - -####################################### -## <summary> -## The template to define a courier domain. -## </summary> -## <param name="domain_prefix"> -## <summary> -## Domain prefix to be used. -## </summary> -## </param> -# -template(`courier_domain_template',` - gen_require(` - attribute courier_domain; - ') - - ######################################## - # - # Declarations - # - - type courier_$1_t, courier_domain; - type courier_$1_exec_t; - init_daemon_domain(courier_$1_t, courier_$1_exec_t) - - ######################################## - # - # Policy - # - - can_exec(courier_$1_t, courier_$1_exec_t) -') - -######################################## -## <summary> -## Execute the courier authentication -## daemon with a domain transition. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`courier_domtrans_authdaemon',` - gen_require(` - type courier_authdaemon_t, courier_authdaemon_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, courier_authdaemon_exec_t, courier_authdaemon_t) -') - -####################################### -## <summary> -## Connect to courier-authdaemon over -## a unix stream socket. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`courier_stream_connect_authdaemon',` - gen_require(` - type courier_authdaemon_t, courier_spool_t; - ') - - files_search_spool($1) - stream_connect_pattern($1, courier_spool_t, courier_spool_t, courier_authdaemon_t) -') - -######################################## -## <summary> -## Execute the courier POP3 and IMAP -## server with a domain transition. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`courier_domtrans_pop',` - gen_require(` - type courier_pop_t, courier_pop_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, courier_pop_exec_t, courier_pop_t) -') - -######################################## -## <summary> -## Read courier config files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`courier_read_config',` - gen_require(` - type courier_etc_t; - ') - - files_search_etc($1) - read_files_pattern($1, courier_etc_t, courier_etc_t) -') - -######################################## -## <summary> -## Create, read, write, and delete courier -## spool directories. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`courier_manage_spool_dirs',` - gen_require(` - type courier_spool_t; - ') - - files_search_var($1) - manage_dirs_pattern($1, courier_spool_t, courier_spool_t) -') - -######################################## -## <summary> -## Create, read, write, and delete courier -## spool files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`courier_manage_spool_files',` - gen_require(` - type courier_spool_t; - ') - - files_search_var($1) - manage_files_pattern($1, courier_spool_t, courier_spool_t) -') - -######################################## -## <summary> -## Read courier spool files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`courier_read_spool',` - gen_require(` - type courier_spool_t; - ') - - files_search_var($1) - read_files_pattern($1, courier_spool_t, courier_spool_t) -') - -######################################## -## <summary> -## Read and write courier spool pipes. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`courier_rw_spool_pipes',` - gen_require(` - type courier_spool_t; - ') - - files_search_var($1) - allow $1 courier_spool_t:fifo_file rw_fifo_file_perms; -') - -######################################## -## <summary> -## Allow read/write operations on an inherited stream socket -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`courier_authdaemon_rw_inherited_stream_sockets',` - gen_require(` - type courier_authdaemon_t; - ') - allow $1 courier_authdaemon_t:unix_stream_socket { read write }; -') - - -######################################## -## <summary> -## Connect to Authdaemon using a unix domain stream socket. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`courier_authdaemon_stream_connect',` - gen_require(` - type courier_authdaemon_t, courier_var_run_t; - ') - - stream_connect_pattern($1, courier_var_run_t, courier_var_run_t, courier_authdaemon_t) -') |