Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/spamassassin.if
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/spamassassin.if')
-rw-r--r--policy/modules/contrib/spamassassin.if408
1 files changed, 0 insertions, 408 deletions
diff --git a/policy/modules/contrib/spamassassin.if b/policy/modules/contrib/spamassassin.if
deleted file mode 100644
index 1499b0bbf..000000000
--- a/policy/modules/contrib/spamassassin.if
+++ /dev/null
@@ -1,408 +0,0 @@
-## <summary>Filter used for removing unsolicited email.</summary>
-
-########################################
-## <summary>
-## Role access for spamassassin.
-## </summary>
-## <param name="role">
-## <summary>
-## Role allowed access.
-## </summary>
-## </param>
-## <param name="domain">
-## <summary>
-## User domain for the role.
-## </summary>
-## </param>
-#
-interface(`spamassassin_role',`
- gen_require(`
- type spamc_t, spamc_exec_t, spamc_tmp_t;
- type spamassassin_t, spamassassin_exec_t, spamd_home_t;
- type spamassassin_home_t, spamassassin_tmp_t;
- ')
-
- role $1 types { spamc_t spamassassin_t };
-
- domtrans_pattern($2, spamassassin_exec_t, spamassassin_t)
- domtrans_pattern($2, spamc_exec_t, spamc_t)
-
- allow $2 { spamc_t spamassassin_t}:process { ptrace signal_perms };
- ps_process_pattern($2, { spamc_t spamassassin_t })
-
- allow $2 { spamc_tmp_t spamd_home_t spamassassin_home_t spamassassin_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
- allow $2 { spamc_tmp_t spamd_home_t spamassassin_home_t spamassassin_tmp_t }:file { manage_file_perms relabel_file_perms };
- allow $2 { spamc_tmp_t spamd_home_t spamassassin_home_t spamassassin_tmp_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
- userdom_user_home_dir_filetrans($2, spamassassin_home_t, dir, ".spamassassin")
- userdom_user_home_dir_filetrans($2, spamd_home_t, dir, ".spamd")
-')
-
-########################################
-## <summary>
-## Execute the standalone spamassassin
-## program in the caller directory.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`spamassassin_exec',`
- gen_require(`
- type spamassassin_exec_t;
- ')
-
- corecmd_search_bin($1)
- can_exec($1, spamassassin_exec_t)
-')
-
-########################################
-## <summary>
-## Send generic signals to spamd.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`spamassassin_signal_spamd',`
- gen_require(`
- type spamd_t;
- ')
-
- allow $1 spamd_t:process signal;
-')
-
-########################################
-## <summary>
-## Execute spamd in the caller domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`spamassassin_exec_spamd',`
- gen_require(`
- type spamd_exec_t;
- ')
-
- corecmd_search_bin($1)
- can_exec($1, spamd_exec_t)
-')
-
-########################################
-## <summary>
-## Execute spamc in the spamc domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`spamassassin_domtrans_client',`
- gen_require(`
- type spamc_t, spamc_exec_t;
- ')
-
- corecmd_search_bin($1)
- domtrans_pattern($1, spamc_exec_t, spamc_t)
-')
-
-########################################
-## <summary>
-## Execute spamc in the caller domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`spamassassin_exec_client',`
- gen_require(`
- type spamc_exec_t;
- ')
-
- corecmd_search_bin($1)
- can_exec($1, spamc_exec_t)
-')
-
-########################################
-## <summary>
-## Send kill signals to spamc.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`spamassassin_kill_client',`
- gen_require(`
- type spamc_t;
- ')
-
- allow $1 spamc_t:process sigkill;
-')
-
-########################################
-## <summary>
-## Execute spamassassin standalone client
-## in the user spamassassin domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`spamassassin_domtrans_local_client',`
- gen_require(`
- type spamassassin_t, spamassassin_exec_t;
- ')
-
- corecmd_search_bin($1)
- domtrans_pattern($1, spamassassin_exec_t, spamassassin_t)
-')
-
-########################################
-## <summary>
-## Create, read, write, and delete
-## spamd home content.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`spamassassin_manage_spamd_home_content',`
- gen_require(`
- type spamd_home_t;
- ')
-
- userdom_search_user_home_dirs($1)
- allow $1 spamd_home_t:dir manage_dir_perms;
- allow $1 spamd_home_t:file manage_file_perms;
- allow $1 spamd_home_t:lnk_file manage_lnk_file_perms;
-')
-
-########################################
-## <summary>
-## Relabel spamd home content.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`spamassassin_relabel_spamd_home_content',`
- gen_require(`
- type spamd_home_t;
- ')
-
- userdom_search_user_home_dirs($1)
- allow $1 spamd_home_t:dir relabel_dir_perms;
- allow $1 spamd_home_t:file relabel_file_perms;
- allow $1 spamd_home_t:lnk_file relabel_lnk_file_perms;
-')
-
-########################################
-## <summary>
-## Create objects in user home
-## directories with the spamd home type.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-## <param name="object_class">
-## <summary>
-## Class of the object being created.
-## </summary>
-## </param>
-## <param name="name" optional="true">
-## <summary>
-## The name of the object being created.
-## </summary>
-## </param>
-#
-interface(`spamassassin_home_filetrans_spamd_home',`
- gen_require(`
- type spamd_home_t;
- ')
-
- userdom_user_home_dir_filetrans($1, spamd_home_t, $2, $3)
-')
-
-########################################
-## <summary>
-## Read spamd lib files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`spamassassin_read_lib_files',`
- gen_require(`
- type spamd_var_lib_t;
- ')
-
- files_search_var_lib($1)
- read_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
-')
-
-########################################
-## <summary>
-## Create, read, write, and delete
-## spamd lib files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`spamassassin_manage_lib_files',`
- gen_require(`
- type spamd_var_lib_t;
- ')
-
- files_search_var_lib($1)
- manage_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
-')
-
-########################################
-## <summary>
-## Read spamd pid files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`spamassassin_read_spamd_pid_files',`
- gen_require(`
- type spamd_var_run_t;
- ')
-
- files_search_pids($1)
- read_files_pattern($1, spamd_var_run_t, spamd_var_run_t)
-')
-
-########################################
-## <summary>
-## Read temporary spamd files.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`spamassassin_read_spamd_tmp_files',`
- gen_require(`
- type spamd_tmp_t;
- ')
-
- allow $1 spamd_tmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-## Do not audit attempts to get
-## attributes of temporary spamd sockets.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain to not audit.
-## </summary>
-## </param>
-#
-interface(`spamassassin_dontaudit_getattr_spamd_tmp_sockets',`
- gen_require(`
- type spamd_tmp_t;
- ')
-
- dontaudit $1 spamd_tmp_t:sock_file getattr;
-')
-
-########################################
-## <summary>
-## Connect to spamd with a unix
-## domain stream socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`spamassassin_stream_connect_spamd',`
- gen_require(`
- type spamd_t, spamd_var_run_t;
- ')
-
- files_search_pids($1)
- stream_connect_pattern($1, spamd_var_run_t, spamd_var_run_t, spamd_t)
-')
-
-########################################
-## <summary>
-## All of the rules required to
-## administrate an spamassassin environment.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-## <param name="role">
-## <summary>
-## Role allowed access.
-## </summary>
-## </param>
-## <rolecap/>
-#
-interface(`spamassassin_admin',`
- gen_require(`
- type spamd_t, spamd_tmp_t, spamd_log_t;
- type spamd_spool_t, spamd_var_lib_t, spamd_var_run_t;
- type spamd_initrc_exec_t;
- ')
-
- allow $1 spamd_t:process { ptrace signal_perms };
- ps_process_pattern($1, spamd_t)
-
- init_labeled_script_domtrans($1, spamd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 spamd_initrc_exec_t system_r;
- allow $2 system_r;
-
- files_list_tmp($1)
- admin_pattern($1, spamd_tmp_t)
-
- logging_list_logs($1)
- admin_pattern($1, spamd_log_t)
-
- files_list_spool($1)
- admin_pattern($1, spamd_spool_t)
-
- files_list_var_lib($1)
- admin_pattern($1, spamd_var_lib_t)
-
- files_list_pids($1)
- admin_pattern($1, spamd_var_run_t)
-
- spamassassin_role($2, $1)
-')