diff options
Diffstat (limited to 'policy/modules/contrib/spamassassin.if')
-rw-r--r-- | policy/modules/contrib/spamassassin.if | 408 |
1 files changed, 0 insertions, 408 deletions
diff --git a/policy/modules/contrib/spamassassin.if b/policy/modules/contrib/spamassassin.if deleted file mode 100644 index 1499b0bbf..000000000 --- a/policy/modules/contrib/spamassassin.if +++ /dev/null @@ -1,408 +0,0 @@ -## <summary>Filter used for removing unsolicited email.</summary> - -######################################## -## <summary> -## Role access for spamassassin. -## </summary> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <param name="domain"> -## <summary> -## User domain for the role. -## </summary> -## </param> -# -interface(`spamassassin_role',` - gen_require(` - type spamc_t, spamc_exec_t, spamc_tmp_t; - type spamassassin_t, spamassassin_exec_t, spamd_home_t; - type spamassassin_home_t, spamassassin_tmp_t; - ') - - role $1 types { spamc_t spamassassin_t }; - - domtrans_pattern($2, spamassassin_exec_t, spamassassin_t) - domtrans_pattern($2, spamc_exec_t, spamc_t) - - allow $2 { spamc_t spamassassin_t}:process { ptrace signal_perms }; - ps_process_pattern($2, { spamc_t spamassassin_t }) - - allow $2 { spamc_tmp_t spamd_home_t spamassassin_home_t spamassassin_tmp_t }:dir { manage_dir_perms relabel_dir_perms }; - allow $2 { spamc_tmp_t spamd_home_t spamassassin_home_t spamassassin_tmp_t }:file { manage_file_perms relabel_file_perms }; - allow $2 { spamc_tmp_t spamd_home_t spamassassin_home_t spamassassin_tmp_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms }; - userdom_user_home_dir_filetrans($2, spamassassin_home_t, dir, ".spamassassin") - userdom_user_home_dir_filetrans($2, spamd_home_t, dir, ".spamd") -') - -######################################## -## <summary> -## Execute the standalone spamassassin -## program in the caller directory. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`spamassassin_exec',` - gen_require(` - type spamassassin_exec_t; - ') - - corecmd_search_bin($1) - can_exec($1, spamassassin_exec_t) -') - -######################################## -## <summary> -## Send generic signals to spamd. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`spamassassin_signal_spamd',` - gen_require(` - type spamd_t; - ') - - allow $1 spamd_t:process signal; -') - -######################################## -## <summary> -## Execute spamd in the caller domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`spamassassin_exec_spamd',` - gen_require(` - type spamd_exec_t; - ') - - corecmd_search_bin($1) - can_exec($1, spamd_exec_t) -') - -######################################## -## <summary> -## Execute spamc in the spamc domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`spamassassin_domtrans_client',` - gen_require(` - type spamc_t, spamc_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, spamc_exec_t, spamc_t) -') - -######################################## -## <summary> -## Execute spamc in the caller domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`spamassassin_exec_client',` - gen_require(` - type spamc_exec_t; - ') - - corecmd_search_bin($1) - can_exec($1, spamc_exec_t) -') - -######################################## -## <summary> -## Send kill signals to spamc. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`spamassassin_kill_client',` - gen_require(` - type spamc_t; - ') - - allow $1 spamc_t:process sigkill; -') - -######################################## -## <summary> -## Execute spamassassin standalone client -## in the user spamassassin domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`spamassassin_domtrans_local_client',` - gen_require(` - type spamassassin_t, spamassassin_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, spamassassin_exec_t, spamassassin_t) -') - -######################################## -## <summary> -## Create, read, write, and delete -## spamd home content. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`spamassassin_manage_spamd_home_content',` - gen_require(` - type spamd_home_t; - ') - - userdom_search_user_home_dirs($1) - allow $1 spamd_home_t:dir manage_dir_perms; - allow $1 spamd_home_t:file manage_file_perms; - allow $1 spamd_home_t:lnk_file manage_lnk_file_perms; -') - -######################################## -## <summary> -## Relabel spamd home content. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`spamassassin_relabel_spamd_home_content',` - gen_require(` - type spamd_home_t; - ') - - userdom_search_user_home_dirs($1) - allow $1 spamd_home_t:dir relabel_dir_perms; - allow $1 spamd_home_t:file relabel_file_perms; - allow $1 spamd_home_t:lnk_file relabel_lnk_file_perms; -') - -######################################## -## <summary> -## Create objects in user home -## directories with the spamd home type. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="object_class"> -## <summary> -## Class of the object being created. -## </summary> -## </param> -## <param name="name" optional="true"> -## <summary> -## The name of the object being created. -## </summary> -## </param> -# -interface(`spamassassin_home_filetrans_spamd_home',` - gen_require(` - type spamd_home_t; - ') - - userdom_user_home_dir_filetrans($1, spamd_home_t, $2, $3) -') - -######################################## -## <summary> -## Read spamd lib files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`spamassassin_read_lib_files',` - gen_require(` - type spamd_var_lib_t; - ') - - files_search_var_lib($1) - read_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t) -') - -######################################## -## <summary> -## Create, read, write, and delete -## spamd lib files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`spamassassin_manage_lib_files',` - gen_require(` - type spamd_var_lib_t; - ') - - files_search_var_lib($1) - manage_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t) -') - -######################################## -## <summary> -## Read spamd pid files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`spamassassin_read_spamd_pid_files',` - gen_require(` - type spamd_var_run_t; - ') - - files_search_pids($1) - read_files_pattern($1, spamd_var_run_t, spamd_var_run_t) -') - -######################################## -## <summary> -## Read temporary spamd files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`spamassassin_read_spamd_tmp_files',` - gen_require(` - type spamd_tmp_t; - ') - - allow $1 spamd_tmp_t:file read_file_perms; -') - -######################################## -## <summary> -## Do not audit attempts to get -## attributes of temporary spamd sockets. -## </summary> -## <param name="domain"> -## <summary> -## Domain to not audit. -## </summary> -## </param> -# -interface(`spamassassin_dontaudit_getattr_spamd_tmp_sockets',` - gen_require(` - type spamd_tmp_t; - ') - - dontaudit $1 spamd_tmp_t:sock_file getattr; -') - -######################################## -## <summary> -## Connect to spamd with a unix -## domain stream socket. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`spamassassin_stream_connect_spamd',` - gen_require(` - type spamd_t, spamd_var_run_t; - ') - - files_search_pids($1) - stream_connect_pattern($1, spamd_var_run_t, spamd_var_run_t, spamd_t) -') - -######################################## -## <summary> -## All of the rules required to -## administrate an spamassassin environment. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`spamassassin_admin',` - gen_require(` - type spamd_t, spamd_tmp_t, spamd_log_t; - type spamd_spool_t, spamd_var_lib_t, spamd_var_run_t; - type spamd_initrc_exec_t; - ') - - allow $1 spamd_t:process { ptrace signal_perms }; - ps_process_pattern($1, spamd_t) - - init_labeled_script_domtrans($1, spamd_initrc_exec_t) - domain_system_change_exemption($1) - role_transition $2 spamd_initrc_exec_t system_r; - allow $2 system_r; - - files_list_tmp($1) - admin_pattern($1, spamd_tmp_t) - - logging_list_logs($1) - admin_pattern($1, spamd_log_t) - - files_list_spool($1) - admin_pattern($1, spamd_spool_t) - - files_list_var_lib($1) - admin_pattern($1, spamd_var_lib_t) - - files_list_pids($1) - admin_pattern($1, spamd_var_run_t) - - spamassassin_role($2, $1) -') |