Postfix patch from Dan Walsh.

2010-05-21 08:56:49 -04:00 · 2010-05-21 08:56:49 -04:00 · d9e4cbd2ce
commit d9e4cbd2ce
parent 9fe1b540b8
2 changed files with 209 additions and 33 deletions
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@ -46,6 +46,7 @@ template(`postfix_domain_template',`

 	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
 	read_files_pattern(postfix_$1_t, postfix_etc_t, postfix_etc_t)
+	read_lnk_files_pattern(postfix_$1_t, postfix_etc_t, postfix_etc_t)

 	can_exec(postfix_$1_t, postfix_$1_exec_t)

@ -79,6 +80,7 @@ template(`postfix_domain_template',`
 	files_read_usr_symlinks(postfix_$1_t)
 	files_search_spool(postfix_$1_t)
 	files_getattr_tmp_dirs(postfix_$1_t)
+	files_search_all_mountpoints(postfix_$1_t)

 	init_dontaudit_use_fds(postfix_$1_t)
 	init_sigchld(postfix_$1_t)
@ -110,11 +112,18 @@ template(`postfix_domain_template',`
 template(`postfix_server_domain_template',`
 	postfix_domain_template($1)

+	type postfix_$1_tmp_t;
+	files_tmp_file(postfix_$1_tmp_t)
+
 	allow postfix_$1_t self:capability { setuid setgid dac_override };
 	allow postfix_$1_t postfix_master_t:unix_stream_socket { connectto rw_stream_socket_perms };
 	allow postfix_$1_t self:tcp_socket create_socket_perms;
 	allow postfix_$1_t self:udp_socket create_socket_perms;

+	manage_dirs_pattern(postfix_$1_t, postfix_$1_tmp_t, postfix_$1_tmp_t)
+	manage_files_pattern(postfix_$1_t, postfix_$1_tmp_t, postfix_$1_tmp_t)
+	files_tmp_filetrans(postfix_$1_t, postfix_$1_tmp_t, { file dir })
+
 	domtrans_pattern(postfix_master_t, postfix_$1_exec_t, postfix_$1_t)

 	corenet_all_recvfrom_unlabeled(postfix_$1_t)
@ -174,9 +183,8 @@ interface(`postfix_read_config',`
 		type postfix_etc_t;
 	')

-	allow $1 postfix_etc_t:dir list_dir_perms;
-	allow $1 postfix_etc_t:file read_file_perms;
-	allow $1 postfix_etc_t:lnk_file read_lnk_file_perms;
+	read_files_pattern($1, postfix_etc_t, postfix_etc_t)
+	read_lnk_files_pattern($1, postfix_etc_t, postfix_etc_t)
 	files_search_etc($1)
 ')

@ -230,6 +238,25 @@ interface(`postfix_dontaudit_rw_local_tcp_sockets',`
 	dontaudit $1 postfix_local_t:tcp_socket { read write };
 ')

+########################################
+## <summary>
+##	Allow read/write postfix local pipes
+##	TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`postfix_rw_local_pipes',`
+	gen_require(`
+		type postfix_local_t;
+	')
+
+	allow $1 postfix_local_t:fifo_file rw_fifo_file_perms;
+')
+
 ########################################
 ## <summary>
 ##	Allow domain to read postfix local process state
@ -368,6 +395,81 @@ interface(`postfix_exec_master',`
 	can_exec($1, postfix_master_exec_t)
 ')

+#######################################
+## <summary>
+##	Connect to postfix master process using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`postfix_stream_connect_master',`
+	gen_require(`
+		type postfix_master_t, postfix_public_t;
+	')
+
+	stream_connect_pattern($1, postfix_public_t, postfix_public_t, postfix_master_t)
+')
+
+########################################
+## <summary>
+##	Execute the master postdrop in the
+##	postfix_postdrop domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`postfix_domtrans_postdrop',`
+	gen_require(`
+		type postfix_postdrop_t, postfix_postdrop_exec_t;
+	')
+
+	domtrans_pattern($1, postfix_postdrop_exec_t, postfix_postdrop_t)
+')
+
+########################################
+## <summary>
+##	Execute the master postqueue in the
+##	postfix_postqueue domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`postfix_domtrans_postqueue',`
+	gen_require(`
+		type postfix_postqueue_t, postfix_postqueue_exec_t;
+	')
+
+	domtrans_pattern($1, postfix_postqueue_exec_t, postfix_postqueue_t)
+')
+
+#######################################
+## <summary>
+##	Execute the master postqueue in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`posftix_exec_postqueue',`
+	gen_require(`
+		type postfix_postqueue_exec_t;
+	')
+
+	can_exec($1, postfix_postqueue_exec_t)
+')
+
 ########################################
 ## <summary>
 ##	Create a named socket in a postfix private directory.
@ -378,7 +480,7 @@ interface(`postfix_exec_master',`
 ##	</summary>
 ## </param>
 #
-interface(`postfix_create_pivate_sockets',`
+interface(`postfix_create_private_sockets',`
 	gen_require(`
 		type postfix_private_t;
 	')
@ -387,6 +489,25 @@ interface(`postfix_create_pivate_sockets',`
 	create_sock_files_pattern($1, postfix_private_t, postfix_private_t)
 ')

+########################################
+## <summary>
+##	manage named socket in a postfix private directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`postfix_manage_private_sockets',`
+	gen_require(`
+		type postfix_private_t;
+	')
+
+	allow $1 postfix_private_t:dir list_dir_perms;
+	manage_sock_files_pattern($1, postfix_private_t, postfix_private_t)
+')
+
 ########################################
 ## <summary>
 ##	Execute the master postfix program in the
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@ -1,5 +1,5 @@

-policy_module(postfix, 1.11.0)
+policy_module(postfix, 1.11.1)

 ########################################
 #
@ -19,7 +19,7 @@ files_type(postfix_spool_bounce_t)
 postfix_server_domain_template(cleanup)

 type postfix_etc_t;
-files_type(postfix_etc_t)
+files_config_file(postfix_etc_t)

 type postfix_exec_t;
 application_executable_file(postfix_exec_t)
@ -27,13 +27,11 @@ application_executable_file(postfix_exec_t)
 postfix_server_domain_template(local)
 mta_mailserver_delivery(postfix_local_t)

-type postfix_local_tmp_t;
-files_tmp_file(postfix_local_tmp_t)
-
 # Program for creating database files
 type postfix_map_t;
 type postfix_map_exec_t;
 application_domain(postfix_map_t, postfix_map_exec_t)
+role system_r types postfix_map_t;

 type postfix_map_tmp_t;
 files_tmp_file(postfix_map_tmp_t)
@ -90,9 +88,6 @@ files_type(postfix_data_t)
 postfix_server_domain_template(virtual)
 mta_mailserver_delivery(postfix_virtual_t)

-type postfix_virtual_tmp_t;
-files_tmp_file(postfix_virtual_tmp_t)
-
 ########################################
 #
 # Postfix master process local policy
@ -103,6 +98,7 @@ allow postfix_master_t self:capability { chown dac_override kill setgid setuid n
 allow postfix_master_t self:fifo_file rw_fifo_file_perms;
 allow postfix_master_t self:tcp_socket create_stream_socket_perms;
 allow postfix_master_t self:udp_socket create_socket_perms;
+allow postfix_master_t self:process setrlimit;

 allow postfix_master_t postfix_etc_t:file rw_file_perms;

@ -132,6 +128,7 @@ domtrans_pattern(postfix_master_t, postfix_showq_exec_t, postfix_showq_t)
 # allow access to deferred queue and allow removing bogus incoming entries
 manage_dirs_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
 manage_files_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
+files_spool_filetrans(postfix_master_t, postfix_spool_t, dir)

 allow postfix_master_t postfix_spool_bounce_t:dir manage_dir_perms;
 allow postfix_master_t postfix_spool_bounce_t:file getattr;
@ -142,6 +139,7 @@ manage_lnk_files_pattern(postfix_master_t, postfix_spool_flush_t, postfix_spool_

 delete_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
 rename_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
+setattr_dirs_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)

 kernel_read_all_sysctls(postfix_master_t)

@ -181,6 +179,7 @@ seutil_dontaudit_search_config(postfix_master_t)

 mta_rw_aliases(postfix_master_t)
 mta_read_sendmail_bin(postfix_master_t)
+mta_getattr_spool(postfix_master_t)

 ifdef(`distro_redhat',`
 	# for newer main.cf that uses /etc/aliases
@ -192,6 +191,10 @@ optional_policy(`
 	cyrus_stream_connect(postfix_master_t)
 ')

+optional_policy(`
+	kerberos_keytab_template(postfix, postfix_t)
+')
+
 optional_policy(`
 #	for postalias
 	mailman_manage_data_files(postfix_master_t)
@ -201,6 +204,10 @@ optional_policy(`
 	mysql_stream_connect(postfix_master_t)
 ')

+optional_policy(`
+	postgrey_search_spool(postfix_master_t)
+')
+
 optional_policy(`
 	sendmail_signal(postfix_master_t)
 ')
@ -219,6 +226,7 @@ allow postfix_bounce_t postfix_public_t:dir search;
 manage_dirs_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
 manage_files_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
 manage_lnk_files_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
+files_spool_filetrans(postfix_bounce_t, postfix_spool_t, dir)

 manage_dirs_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
 manage_files_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
@ -240,11 +248,18 @@ write_sock_files_pattern(postfix_cleanup_t, postfix_public_t, postfix_public_t)
 manage_dirs_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
 manage_files_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
 manage_lnk_files_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
+files_spool_filetrans(postfix_cleanup_t, postfix_spool_t, dir)

 allow postfix_cleanup_t postfix_spool_bounce_t:dir list_dir_perms;

 corecmd_exec_bin(postfix_cleanup_t)

+mta_read_aliases(postfix_cleanup_t)
+
+optional_policy(`
+	mailman_read_data_files(postfix_cleanup_t)
+')
+
 ########################################
 #
 # Postfix local local policy
@ -253,10 +268,6 @@ corecmd_exec_bin(postfix_cleanup_t)
 allow postfix_local_t self:fifo_file rw_fifo_file_perms;
 allow postfix_local_t self:process { setsched setrlimit };

-manage_dirs_pattern(postfix_local_t, postfix_local_tmp_t, postfix_local_tmp_t)
-manage_files_pattern(postfix_local_t, postfix_local_tmp_t, postfix_local_tmp_t)
-files_tmp_filetrans(postfix_local_t, postfix_local_tmp_t, { file dir })
-
 # connect to master process
 stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, postfix_master_t)

@ -270,18 +281,27 @@ corecmd_exec_bin(postfix_local_t)

 files_read_etc_files(postfix_local_t)

+logging_dontaudit_search_logs(postfix_local_t)
+
 mta_read_aliases(postfix_local_t)
 mta_delete_spool(postfix_local_t)
 # For reading spamassasin
 mta_read_config(postfix_local_t)

+domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
+# Might be a leak, but I need a postfix expert to explain
+allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
+
 optional_policy(`
 	clamav_search_lib(postfix_local_t)
+	clamav_exec_clamscan(postfix_local_t)
 ')

 optional_policy(`
 #	for postalias
 	mailman_manage_data_files(postfix_local_t)
+	mailman_append_log(postfix_local_t)
+	mailman_read_log(postfix_local_t)
 ')

 optional_policy(`
@ -292,8 +312,7 @@ optional_policy(`
 #
 # Postfix map local policy
 #
-
-allow postfix_map_t self:capability setgid;
+allow postfix_map_t self:capability { dac_override setgid setuid };
 allow postfix_map_t self:unix_stream_socket create_stream_socket_perms;
 allow postfix_map_t self:unix_dgram_socket create_socket_perms;
 allow postfix_map_t self:tcp_socket create_stream_socket_perms;
@ -340,14 +359,15 @@ logging_send_syslog_msg(postfix_map_t)

 miscfiles_read_localization(postfix_map_t)

-seutil_read_config(postfix_map_t)
-
-userdom_use_user_terminals(postfix_map_t)
-
 optional_policy(`
 	locallogin_dontaudit_use_fds(postfix_map_t)
 ')

+optional_policy(`
+#	for postalias
+	mailman_manage_data_files(postfix_map_t)
+')
+
 ########################################
 #
 # Postfix pickup local policy
@ -372,6 +392,7 @@ delete_files_pattern(postfix_pickup_t, postfix_spool_maildrop_t, postfix_spool_m
 #

 allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
+allow postfix_pipe_t self:process setrlimit;

 write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)

@ -379,6 +400,12 @@ write_fifo_files_pattern(postfix_pipe_t, postfix_public_t, postfix_public_t)

 rw_files_pattern(postfix_pipe_t, postfix_spool_t, postfix_spool_t)

+domtrans_pattern(postfix_pipe_t, postfix_postdrop_exec_t, postfix_postdrop_t)
+
+optional_policy(`
+	dovecot_domtrans_deliver(postfix_pipe_t)
+')
+
 optional_policy(`
 	procmail_domtrans(postfix_pipe_t)
 ')
@ -387,6 +414,15 @@ optional_policy(`
 	mailman_domtrans_queue(postfix_pipe_t)
 ')

+optional_policy(`
+	mta_manage_spool(postfix_pipe_t)
+	mta_send_mail(postfix_pipe_t)
+')
+
+optional_policy(`
+	spamassassin_domtrans_client(postfix_pipe_t)
+')
+
 optional_policy(`
 	uucp_domtrans_uux(postfix_pipe_t)
 ')
@ -414,6 +450,10 @@ term_dontaudit_use_all_ttys(postfix_postdrop_t)

 mta_rw_user_mail_stream_sockets(postfix_postdrop_t)

+optional_policy(`
+	apache_dontaudit_rw_fifo_file(postfix_postdrop_t)
+')
+
 optional_policy(`
 	cron_system_entry(postfix_postdrop_t, postfix_postdrop_exec_t)
 ')
@ -424,8 +464,11 @@ optional_policy(`
 ')

 optional_policy(`
-	ppp_use_fds(postfix_postqueue_t)
-	ppp_sigchld(postfix_postqueue_t)
+	sendmail_rw_unix_stream_sockets(postfix_postdrop_t)
+')
+
+optional_policy(`
+	uucp_manage_spool(postfix_postdrop_t)
 ')

 #######################################
@ -451,12 +494,21 @@ term_use_all_ttys(postfix_postqueue_t)
 init_sigchld_script(postfix_postqueue_t)
 init_use_script_fds(postfix_postqueue_t)

+optional_policy(`
+	cron_system_entry(postfix_postqueue_t, postfix_postqueue_exec_t)
+')
+
+optional_policy(`
+	ppp_use_fds(postfix_postqueue_t)
+	ppp_sigchld(postfix_postqueue_t)
+')
+
 ########################################
 #
 # Postfix qmgr local policy
 #

-stream_connect_pattern(postfix_qmgr_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t },postfix_master_t)
+stream_connect_pattern(postfix_qmgr_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)

 rw_fifo_files_pattern(postfix_qmgr_t, postfix_public_t, postfix_public_t)

@ -464,6 +516,7 @@ rw_fifo_files_pattern(postfix_qmgr_t, postfix_public_t, postfix_public_t)
 manage_dirs_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
 manage_files_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
 manage_lnk_files_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
+files_spool_filetrans(postfix_qmgr_t, postfix_spool_t, dir)

 allow postfix_qmgr_t postfix_spool_bounce_t:dir list_dir_perms;
 allow postfix_qmgr_t postfix_spool_bounce_t:file read_file_perms;
@ -499,13 +552,14 @@ term_use_all_ttys(postfix_showq_t)
 #

 # connect to master process
-stream_connect_pattern(postfix_smtp_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t },postfix_master_t)
+allow postfix_smtp_t self:capability sys_chroot;
+stream_connect_pattern(postfix_smtp_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)

 allow postfix_smtp_t postfix_prng_t:file rw_file_perms;

 allow postfix_smtp_t postfix_spool_t:file rw_file_perms;

-files_dontaudit_getattr_home_dir(postfix_smtp_t)
+files_search_all_mountpoints(postfix_smtp_t)

 optional_policy(`
 	cyrus_stream_connect(postfix_smtp_t)
@ -522,7 +576,7 @@ optional_policy(`
 allow postfix_smtpd_t postfix_master_t:tcp_socket rw_stream_socket_perms;

 # connect to master process
-stream_connect_pattern(postfix_smtpd_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t },postfix_master_t)
+stream_connect_pattern(postfix_smtpd_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)

 # Connect to policy server
 corenet_tcp_connect_postfix_policyd_port(postfix_smtpd_t)
@ -537,6 +591,10 @@ corecmd_exec_bin(postfix_smtpd_t)
 files_read_usr_files(postfix_smtpd_t)
 mta_read_aliases(postfix_smtpd_t)

+optional_policy(`
+	dovecot_stream_connect_auth(postfix_smtpd_t)
+')
+
 optional_policy(`
 	mailman_read_data_files(postfix_smtpd_t)
 ')
@ -559,17 +617,14 @@ allow postfix_virtual_t self:process { setsched setrlimit };

 allow postfix_virtual_t postfix_spool_t:file rw_file_perms;

-manage_dirs_pattern(postfix_virtual_t, postfix_virtual_tmp_t, postfix_virtual_tmp_t)
-manage_files_pattern(postfix_virtual_t, postfix_virtual_tmp_t, postfix_virtual_tmp_t)
-files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
-
 # connect to master process
-stream_connect_pattern(postfix_virtual_t, postfix_public_t, postfix_public_t, postfix_master_t)
+stream_connect_pattern(postfix_virtual_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)

 corecmd_exec_shell(postfix_virtual_t)
 corecmd_exec_bin(postfix_virtual_t)

 files_read_etc_files(postfix_virtual_t)
+files_read_usr_files(postfix_virtual_t)

 mta_read_aliases(postfix_virtual_t)
 mta_delete_spool(postfix_virtual_t)