policy_module(mutt, 1.0.0) ############################ # # Declarations # type mutt_t; type mutt_exec_t; application_domain(mutt_t, mutt_exec_t) ubac_constrained(mutt_t) type mutt_conf_t; userdom_user_home_content(mutt_conf_t) type mutt_etc_t; files_config_file(mutt_etc_t) type mutt_home_t; userdom_user_home_content(mutt_home_t) type mutt_tmp_t; files_tmp_file(mutt_tmp_t) ubac_constrained(mutt_tmp_t) ############################ # # Local Policy Rules # allow mutt_t self:process signal_perms; allow mutt_t self:fifo_file rw_fifo_file_perms; manage_dirs_pattern(mutt_t, mutt_home_t, mutt_home_t) manage_files_pattern(mutt_t, mutt_home_t, mutt_home_t) userdom_user_home_dir_filetrans(mutt_t, mutt_home_t, { dir file }) manage_dirs_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t) manage_files_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t) files_tmp_filetrans(mutt_t, mutt_tmp_t, { file dir }) read_files_pattern(mutt_t, mutt_etc_t, mutt_etc_t) read_files_pattern(mutt_t, mutt_conf_t, mutt_conf_t) kernel_read_system_state(mutt_t) kernel_dontaudit_search_sysctl(mutt_t) corecmd_exec_bin(mutt_t) corecmd_exec_shell(mutt_t) corenet_all_recvfrom_netlabel(mutt_t) corenet_all_recvfrom_unlabeled(mutt_t) corenet_sendrecv_pop_client_packets(mutt_t) corenet_sendrecv_smtp_client_packets(mutt_t) corenet_tcp_bind_generic_node(mutt_t) corenet_tcp_connect_pop_port(mutt_t) corenet_tcp_connect_smtp_port(mutt_t) corenet_tcp_sendrecv_generic_if(mutt_t) corenet_tcp_sendrecv_generic_node(mutt_t) dev_read_rand(mutt_t) dev_read_urand(mutt_t) domain_use_interactive_fds(mutt_t) files_read_usr_files(mutt_t) auth_use_nsswitch(mutt_t) logging_send_syslog_msg(mutt_t) miscfiles_read_localization(mutt_t) userdom_search_user_home_content(mutt_t) userdom_use_user_terminals(mutt_t) userdom_user_content_access_template(mutt, mutt_t) optional_policy(` gpg_domtrans(mutt_t) ') optional_policy(` mta_manage_mail_home_rw_content(mutt_t) ') optional_policy(` xdg_manage_cache_home(mutt_t) # Save and send attachments xdg_manage_downloads_home(mutt_t) xdg_read_config_home_files(mutt_t) ')