diff options
Diffstat (limited to 'policy/modules/contrib/exim.if')
-rw-r--r-- | policy/modules/contrib/exim.if | 268 |
1 files changed, 0 insertions, 268 deletions
diff --git a/policy/modules/contrib/exim.if b/policy/modules/contrib/exim.if deleted file mode 100644 index 60411132..00000000 --- a/policy/modules/contrib/exim.if +++ /dev/null @@ -1,268 +0,0 @@ -## <summary>Mail transfer agent.</summary> - -######################################## -## <summary> -## Execute a domain transition to run exim. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`exim_domtrans',` - gen_require(` - type exim_t, exim_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, exim_exec_t, exim_t) -') - -######################################## -## <summary> -## Execute exim in the exim domain, -## and allow the specified role -## the exim domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`exim_run',` - gen_require(` - attribute_role exim_roles; - ') - - exim_domtrans($1) - roleattribute $2 exim_roles; -') - -######################################## -## <summary> -## Do not audit attempts to read exim -## temporary tmp files. -## </summary> -## <param name="domain"> -## <summary> -## Domain to not audit. -## </summary> -## </param> -# -interface(`exim_dontaudit_read_tmp_files',` - gen_require(` - type exim_tmp_t; - ') - - dontaudit $1 exim_tmp_t:file read_file_perms; -') - -######################################## -## <summary> -## Read exim temporary files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`exim_read_tmp_files',` - gen_require(` - type exim_tmp_t; - ') - - allow $1 exim_tmp_t:file read_file_perms; - files_search_tmp($1) -') - -######################################## -## <summary> -## Read exim pid files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`exim_read_pid_files',` - gen_require(` - type exim_var_run_t; - ') - - allow $1 exim_var_run_t:file read_file_perms; - files_search_pids($1) -') - -######################################## -## <summary> -## Read exim log files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`exim_read_log',` - gen_require(` - type exim_log_t; - ') - - read_files_pattern($1, exim_log_t, exim_log_t) - logging_search_logs($1) -') - -######################################## -## <summary> -## Append exim log files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`exim_append_log',` - gen_require(` - type exim_log_t; - ') - - append_files_pattern($1, exim_log_t, exim_log_t) - logging_search_logs($1) -') - -######################################## -## <summary> -## Create, read, write, and delete -## exim log files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`exim_manage_log',` - gen_require(` - type exim_log_t; - ') - - manage_files_pattern($1, exim_log_t, exim_log_t) - logging_search_logs($1) -') - -######################################## -## <summary> -## Create, read, write, and delete -## exim spool directories. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`exim_manage_spool_dirs',` - gen_require(` - type exim_spool_t; - ') - - manage_dirs_pattern($1, exim_spool_t, exim_spool_t) - files_search_spool($1) -') - -######################################## -## <summary> -## Read exim spool files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`exim_read_spool_files',` - gen_require(` - type exim_spool_t; - ') - - allow $1 exim_spool_t:file read_file_perms; - allow $1 exim_spool_t:dir list_dir_perms; - files_search_spool($1) -') - -######################################## -## <summary> -## Create, read, write, and delete -## exim spool files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`exim_manage_spool_files',` - gen_require(` - type exim_spool_t; - ') - - manage_files_pattern($1, exim_spool_t, exim_spool_t) - files_search_spool($1) -') - -######################################## -## <summary> -## All of the rules required to -## administrate an exim environment. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`exim_admin',` - gen_require(` - type exim_t, exim_spool_t, exim_log_t; - type exim_var_run_t, exim_initrc_exec_t, exim_tmp_t; - ') - - allow $1 exim_t:process { ptrace signal_perms }; - ps_process_pattern($1, exim_t) - - init_labeled_script_domtrans($1, exim_initrc_exec_t) - domain_system_change_exemption($1) - role_transition $2 exim_initrc_exec_t system_r; - allow $2 system_r; - - files_search_spool($1) - admin_pattern($1, exim_spool_t) - - logging_search_logs($1) - admin_pattern($1, exim_log_t) - - files_search_pids($1) - admin_pattern($1, exim_var_run_t) - - files_search_tmp($1) - admin_pattern($1, exim_tmp_t) -') |