Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/mutt.if
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/mutt.if')
-rw-r--r--policy/modules/contrib/mutt.if104
1 files changed, 104 insertions, 0 deletions
diff --git a/policy/modules/contrib/mutt.if b/policy/modules/contrib/mutt.if
new file mode 100644
index 00000000..5327f866
--- /dev/null
+++ b/policy/modules/contrib/mutt.if
@@ -0,0 +1,104 @@
+## <summary>Mutt e-mail client</summary>
+
+#######################################
+## <summary>
+## The role for using the mutt application.
+## </summary>
+## <param name="role">
+## <summary>
+## The role associated with the user domain.
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## The user domain.
+## </summary>
+## </param>
+#
+interface(`mutt_role',`
+ gen_require(`
+ type mutt_t, mutt_exec_t, mutt_home_t, mutt_conf_t, mutt_etc_t;
+ type mutt_tmp_t;
+ ')
+
+ role $1 types mutt_t;
+
+ domtrans_pattern($2, mutt_exec_t, mutt_t)
+
+ allow $2 mutt_t:process { ptrace signal_perms };
+
+ manage_dirs_pattern($2, mutt_home_t, mutt_home_t)
+ manage_files_pattern($2, mutt_home_t, mutt_home_t)
+
+ manage_dirs_pattern($2, mutt_conf_t, mutt_conf_t)
+ manage_files_pattern($2, mutt_conf_t, mutt_conf_t)
+
+ relabel_dirs_pattern($2, mutt_home_t, mutt_home_t)
+ relabel_files_pattern($2, mutt_home_t, mutt_home_t)
+
+ relabel_dirs_pattern($2, mutt_conf_t, mutt_conf_t)
+ relabel_files_pattern($2, mutt_conf_t, mutt_conf_t)
+
+ relabel_dirs_pattern($2, mutt_tmp_t, mutt_tmp_t)
+ relabel_files_pattern($2, mutt_tmp_t, mutt_tmp_t)
+
+ ps_process_pattern($2, mutt_t)
+')
+
+#######################################
+## <summary>
+## Allow other domains to read mutt's home files
+## </summary>
+## <param name="domain">
+## <summary>
+## The domain that is allowed read access to the mutt_home_t files
+## </summary>
+## </param>
+#
+interface(`mutt_read_home_files',`
+ gen_require(`
+ type mutt_home_t;
+ ')
+
+ read_files_pattern($1, mutt_home_t, mutt_home_t)
+')
+
+#######################################
+## <summary>
+## Allow other domains to read mutt's temporary files
+## </summary>
+## <param name="domain">
+## <summary>
+## The domain that is allowed read access to the temporary files
+## </summary>
+## </param>
+#
+interface(`mutt_read_tmp_files',`
+ gen_require(`
+ type mutt_tmp_t;
+ ')
+
+ read_files_pattern($1, mutt_tmp_t, mutt_tmp_t)
+')
+
+#######################################
+## <summary>
+## Allow other domains to handle mutt's temporary files (used for instance
+## for e-mail drafts)
+## </summary>
+## <param name="domain">
+## <summary>
+## The domain that is allowed read/write access to the temporary files
+## </summary>
+## </param>
+#
+interface(`mutt_rw_tmp_files',`
+ gen_require(`
+ type mutt_tmp_t;
+ ')
+
+ # The use of rw_files_pattern here is not needed, since this incurs the open privilege as well
+ allow $1 mutt_tmp_t:dir search_dir_perms;
+ allow $1 mutt_tmp_t:file { read write };
+ files_search_tmp($1)
+')