Postfix patch from Dan Walsh.

policy/modules/services/postfix.if

@@ -46,6 +46,7 @@ template(`postfix_domain_template',`
 
 	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
 	read_files_pattern(postfix_$1_t, postfix_etc_t, postfix_etc_t)
+	read_lnk_files_pattern(postfix_$1_t, postfix_etc_t, postfix_etc_t)
 
 	can_exec(postfix_$1_t, postfix_$1_exec_t)
 
@@ -79,6 +80,7 @@ template(`postfix_domain_template',`
 	files_read_usr_symlinks(postfix_$1_t)
 	files_search_spool(postfix_$1_t)
 	files_getattr_tmp_dirs(postfix_$1_t)
+	files_search_all_mountpoints(postfix_$1_t)
 
 	init_dontaudit_use_fds(postfix_$1_t)
 	init_sigchld(postfix_$1_t)
@@ -110,11 +112,18 @@ template(`postfix_domain_template',`
 template(`postfix_server_domain_template',`
 	postfix_domain_template($1)
 
+	type postfix_$1_tmp_t;
+	files_tmp_file(postfix_$1_tmp_t)
+
 	allow postfix_$1_t self:capability { setuid setgid dac_override };
 	allow postfix_$1_t postfix_master_t:unix_stream_socket { connectto rw_stream_socket_perms };
 	allow postfix_$1_t self:tcp_socket create_socket_perms;
 	allow postfix_$1_t self:udp_socket create_socket_perms;
 
+	manage_dirs_pattern(postfix_$1_t, postfix_$1_tmp_t, postfix_$1_tmp_t)
+	manage_files_pattern(postfix_$1_t, postfix_$1_tmp_t, postfix_$1_tmp_t)
+	files_tmp_filetrans(postfix_$1_t, postfix_$1_tmp_t, { file dir })
+
 	domtrans_pattern(postfix_master_t, postfix_$1_exec_t, postfix_$1_t)
 
 	corenet_all_recvfrom_unlabeled(postfix_$1_t)
@@ -174,9 +183,8 @@ interface(`postfix_read_config',`
 		type postfix_etc_t;
 	')
 
-	allow $1 postfix_etc_t:dir list_dir_perms;
+	read_files_pattern($1, postfix_etc_t, postfix_etc_t)
-	allow $1 postfix_etc_t:file read_file_perms;
+	read_lnk_files_pattern($1, postfix_etc_t, postfix_etc_t)
-	allow $1 postfix_etc_t:lnk_file read_lnk_file_perms;
 	files_search_etc($1)
 ')
 
@@ -230,6 +238,25 @@ interface(`postfix_dontaudit_rw_local_tcp_sockets',`
 	dontaudit $1 postfix_local_t:tcp_socket { read write };
 ')
 
+########################################
+## <summary>
+##	Allow read/write postfix local pipes
+##	TCP sockets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`postfix_rw_local_pipes',`
+	gen_require(`
+		type postfix_local_t;
+	')
+
+	allow $1 postfix_local_t:fifo_file rw_fifo_file_perms;
+')
+
 ########################################
 ## <summary>
 ##	Allow domain to read postfix local process state
@@ -368,6 +395,81 @@ interface(`postfix_exec_master',`
 	can_exec($1, postfix_master_exec_t)
 ')
 
+#######################################
+## <summary>
+##	Connect to postfix master process using a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`postfix_stream_connect_master',`
+	gen_require(`
+		type postfix_master_t, postfix_public_t;
+	')
+
+	stream_connect_pattern($1, postfix_public_t, postfix_public_t, postfix_master_t)
+')
+
+########################################
+## <summary>
+##	Execute the master postdrop in the
+##	postfix_postdrop domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`postfix_domtrans_postdrop',`
+	gen_require(`
+		type postfix_postdrop_t, postfix_postdrop_exec_t;
+	')
+
+	domtrans_pattern($1, postfix_postdrop_exec_t, postfix_postdrop_t)
+')
+
+########################################
+## <summary>
+##	Execute the master postqueue in the
+##	postfix_postqueue domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`postfix_domtrans_postqueue',`
+	gen_require(`
+		type postfix_postqueue_t, postfix_postqueue_exec_t;
+	')
+
+	domtrans_pattern($1, postfix_postqueue_exec_t, postfix_postqueue_t)
+')
+
+#######################################
+## <summary>
+##	Execute the master postqueue in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`posftix_exec_postqueue',`
+	gen_require(`
+		type postfix_postqueue_exec_t;
+	')
+
+	can_exec($1, postfix_postqueue_exec_t)
+')
+
 ########################################
 ## <summary>
 ##	Create a named socket in a postfix private directory.
@@ -378,7 +480,7 @@ interface(`postfix_exec_master',`
 ##	</summary>
 ## </param>
 #
-interface(`postfix_create_pivate_sockets',`
+interface(`postfix_create_private_sockets',`
 	gen_require(`
 		type postfix_private_t;
 	')
@@ -387,6 +489,25 @@ interface(`postfix_create_pivate_sockets',`
 	create_sock_files_pattern($1, postfix_private_t, postfix_private_t)
 ')
 
+########################################
+## <summary>
+##	manage named socket in a postfix private directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`postfix_manage_private_sockets',`
+	gen_require(`
+		type postfix_private_t;
+	')
+
+	allow $1 postfix_private_t:dir list_dir_perms;
+	manage_sock_files_pattern($1, postfix_private_t, postfix_private_t)
+')
+
 ########################################
 ## <summary>
 ##	Execute the master postfix program in the

policy/modules/services/postfix.te

@@ -1,5 +1,5 @@
 
-policy_module(postfix, 1.11.0)
+policy_module(postfix, 1.11.1)
 
 ########################################
 #
@@ -19,7 +19,7 @@ files_type(postfix_spool_bounce_t)
 postfix_server_domain_template(cleanup)
 
 type postfix_etc_t;
-files_type(postfix_etc_t)
+files_config_file(postfix_etc_t)
 
 type postfix_exec_t;
 application_executable_file(postfix_exec_t)
@@ -27,13 +27,11 @@ application_executable_file(postfix_exec_t)
 postfix_server_domain_template(local)
 mta_mailserver_delivery(postfix_local_t)
 
-type postfix_local_tmp_t;
-files_tmp_file(postfix_local_tmp_t)
-
 # Program for creating database files
 type postfix_map_t;
 type postfix_map_exec_t;
 application_domain(postfix_map_t, postfix_map_exec_t)
+role system_r types postfix_map_t;
 
 type postfix_map_tmp_t;
 files_tmp_file(postfix_map_tmp_t)
@@ -90,9 +88,6 @@ files_type(postfix_data_t)
 postfix_server_domain_template(virtual)
 mta_mailserver_delivery(postfix_virtual_t)
 
-type postfix_virtual_tmp_t;
-files_tmp_file(postfix_virtual_tmp_t)
-
 ########################################
 #
 # Postfix master process local policy
@@ -103,6 +98,7 @@ allow postfix_master_t self:capability { chown dac_override kill setgid setuid n
 allow postfix_master_t self:fifo_file rw_fifo_file_perms;
 allow postfix_master_t self:tcp_socket create_stream_socket_perms;
 allow postfix_master_t self:udp_socket create_socket_perms;
+allow postfix_master_t self:process setrlimit;
 
 allow postfix_master_t postfix_etc_t:file rw_file_perms;
 
@@ -132,6 +128,7 @@ domtrans_pattern(postfix_master_t, postfix_showq_exec_t, postfix_showq_t)
 # allow access to deferred queue and allow removing bogus incoming entries
 manage_dirs_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
 manage_files_pattern(postfix_master_t, postfix_spool_t, postfix_spool_t)
+files_spool_filetrans(postfix_master_t, postfix_spool_t, dir)
 
 allow postfix_master_t postfix_spool_bounce_t:dir manage_dir_perms;
 allow postfix_master_t postfix_spool_bounce_t:file getattr;
@@ -142,6 +139,7 @@ manage_lnk_files_pattern(postfix_master_t, postfix_spool_flush_t, postfix_spool_
 
 delete_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
 rename_files_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
+setattr_dirs_pattern(postfix_master_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
 
 kernel_read_all_sysctls(postfix_master_t)
 
@@ -181,6 +179,7 @@ seutil_dontaudit_search_config(postfix_master_t)
 
 mta_rw_aliases(postfix_master_t)
 mta_read_sendmail_bin(postfix_master_t)
+mta_getattr_spool(postfix_master_t)
 
 ifdef(`distro_redhat',`
 	# for newer main.cf that uses /etc/aliases
@@ -192,6 +191,10 @@ optional_policy(`
 	cyrus_stream_connect(postfix_master_t)
 ')
 
+optional_policy(`
+	kerberos_keytab_template(postfix, postfix_t)
+')
+
 optional_policy(`
 #	for postalias
 	mailman_manage_data_files(postfix_master_t)
@@ -201,6 +204,10 @@ optional_policy(`
 	mysql_stream_connect(postfix_master_t)
 ')
 
+optional_policy(`
+	postgrey_search_spool(postfix_master_t)
+')
+
 optional_policy(`
 	sendmail_signal(postfix_master_t)
 ')
@@ -219,6 +226,7 @@ allow postfix_bounce_t postfix_public_t:dir search;
 manage_dirs_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
 manage_files_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
 manage_lnk_files_pattern(postfix_bounce_t, postfix_spool_t, postfix_spool_t)
+files_spool_filetrans(postfix_bounce_t, postfix_spool_t, dir)
 
 manage_dirs_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
 manage_files_pattern(postfix_bounce_t, postfix_spool_bounce_t, postfix_spool_bounce_t)
@@ -240,11 +248,18 @@ write_sock_files_pattern(postfix_cleanup_t, postfix_public_t, postfix_public_t)
 manage_dirs_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
 manage_files_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
 manage_lnk_files_pattern(postfix_cleanup_t, postfix_spool_t, postfix_spool_t)
+files_spool_filetrans(postfix_cleanup_t, postfix_spool_t, dir)
 
 allow postfix_cleanup_t postfix_spool_bounce_t:dir list_dir_perms;
 
 corecmd_exec_bin(postfix_cleanup_t)
 
+mta_read_aliases(postfix_cleanup_t)
+
+optional_policy(`
+	mailman_read_data_files(postfix_cleanup_t)
+')
+
 ########################################
 #
 # Postfix local local policy
@@ -253,10 +268,6 @@ corecmd_exec_bin(postfix_cleanup_t)
 allow postfix_local_t self:fifo_file rw_fifo_file_perms;
 allow postfix_local_t self:process { setsched setrlimit };
 
-manage_dirs_pattern(postfix_local_t, postfix_local_tmp_t, postfix_local_tmp_t)
-manage_files_pattern(postfix_local_t, postfix_local_tmp_t, postfix_local_tmp_t)
-files_tmp_filetrans(postfix_local_t, postfix_local_tmp_t, { file dir })
-
 # connect to master process
 stream_connect_pattern(postfix_local_t, postfix_public_t, postfix_public_t, postfix_master_t)
 
@@ -270,18 +281,27 @@ corecmd_exec_bin(postfix_local_t)
 
 files_read_etc_files(postfix_local_t)
 
+logging_dontaudit_search_logs(postfix_local_t)
+
 mta_read_aliases(postfix_local_t)
 mta_delete_spool(postfix_local_t)
 # For reading spamassasin
 mta_read_config(postfix_local_t)
 
+domtrans_pattern(postfix_local_t, postfix_postdrop_exec_t, postfix_postdrop_t)
+# Might be a leak, but I need a postfix expert to explain
+allow postfix_postdrop_t postfix_local_t:unix_stream_socket { read write };
+
 optional_policy(`
 	clamav_search_lib(postfix_local_t)
+	clamav_exec_clamscan(postfix_local_t)
 ')
 
 optional_policy(`
 #	for postalias
 	mailman_manage_data_files(postfix_local_t)
+	mailman_append_log(postfix_local_t)
+	mailman_read_log(postfix_local_t)
 ')
 
 optional_policy(`
@@ -292,8 +312,7 @@ optional_policy(`
 #
 # Postfix map local policy
 #
-
+allow postfix_map_t self:capability { dac_override setgid setuid };
-allow postfix_map_t self:capability setgid;
 allow postfix_map_t self:unix_stream_socket create_stream_socket_perms;
 allow postfix_map_t self:unix_dgram_socket create_socket_perms;
 allow postfix_map_t self:tcp_socket create_stream_socket_perms;
@@ -340,14 +359,15 @@ logging_send_syslog_msg(postfix_map_t)
 
 miscfiles_read_localization(postfix_map_t)
 
-seutil_read_config(postfix_map_t)
-
-userdom_use_user_terminals(postfix_map_t)
-
 optional_policy(`
 	locallogin_dontaudit_use_fds(postfix_map_t)
 ')
 
+optional_policy(`
+#	for postalias
+	mailman_manage_data_files(postfix_map_t)
+')
+
 ########################################
 #
 # Postfix pickup local policy
@@ -372,6 +392,7 @@ delete_files_pattern(postfix_pickup_t, postfix_spool_maildrop_t, postfix_spool_m
 #
 
 allow postfix_pipe_t self:fifo_file rw_fifo_file_perms;
+allow postfix_pipe_t self:process setrlimit;
 
 write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)
 
@@ -379,6 +400,12 @@ write_fifo_files_pattern(postfix_pipe_t, postfix_public_t, postfix_public_t)
 
 rw_files_pattern(postfix_pipe_t, postfix_spool_t, postfix_spool_t)
 
+domtrans_pattern(postfix_pipe_t, postfix_postdrop_exec_t, postfix_postdrop_t)
+
+optional_policy(`
+	dovecot_domtrans_deliver(postfix_pipe_t)
+')
+
 optional_policy(`
 	procmail_domtrans(postfix_pipe_t)
 ')
@@ -387,6 +414,15 @@ optional_policy(`
 	mailman_domtrans_queue(postfix_pipe_t)
 ')
 
+optional_policy(`
+	mta_manage_spool(postfix_pipe_t)
+	mta_send_mail(postfix_pipe_t)
+')
+
+optional_policy(`
+	spamassassin_domtrans_client(postfix_pipe_t)
+')
+
 optional_policy(`
 	uucp_domtrans_uux(postfix_pipe_t)
 ')
@@ -414,6 +450,10 @@ term_dontaudit_use_all_ttys(postfix_postdrop_t)
 
 mta_rw_user_mail_stream_sockets(postfix_postdrop_t)
 
+optional_policy(`
+	apache_dontaudit_rw_fifo_file(postfix_postdrop_t)
+')
+
 optional_policy(`
 	cron_system_entry(postfix_postdrop_t, postfix_postdrop_exec_t)
 ')
@@ -424,8 +464,11 @@ optional_policy(`
 ')
 
 optional_policy(`
-	ppp_use_fds(postfix_postqueue_t)
+	sendmail_rw_unix_stream_sockets(postfix_postdrop_t)
-	ppp_sigchld(postfix_postqueue_t)
+')
+
+optional_policy(`
+	uucp_manage_spool(postfix_postdrop_t)
 ')
 
 #######################################
@@ -451,6 +494,15 @@ term_use_all_ttys(postfix_postqueue_t)
 init_sigchld_script(postfix_postqueue_t)
 init_use_script_fds(postfix_postqueue_t)
 
+optional_policy(`
+	cron_system_entry(postfix_postqueue_t, postfix_postqueue_exec_t)
+')
+
+optional_policy(`
+	ppp_use_fds(postfix_postqueue_t)
+	ppp_sigchld(postfix_postqueue_t)
+')
+
 ########################################
 #
 # Postfix qmgr local policy
@@ -464,6 +516,7 @@ rw_fifo_files_pattern(postfix_qmgr_t, postfix_public_t, postfix_public_t)
 manage_dirs_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
 manage_files_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
 manage_lnk_files_pattern(postfix_qmgr_t, postfix_spool_t, postfix_spool_t)
+files_spool_filetrans(postfix_qmgr_t, postfix_spool_t, dir)
 
 allow postfix_qmgr_t postfix_spool_bounce_t:dir list_dir_perms;
 allow postfix_qmgr_t postfix_spool_bounce_t:file read_file_perms;
@@ -499,13 +552,14 @@ term_use_all_ttys(postfix_showq_t)
 #
 
 # connect to master process
+allow postfix_smtp_t self:capability sys_chroot;
 stream_connect_pattern(postfix_smtp_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
 
 allow postfix_smtp_t postfix_prng_t:file rw_file_perms;
 
 allow postfix_smtp_t postfix_spool_t:file rw_file_perms;
 
-files_dontaudit_getattr_home_dir(postfix_smtp_t)
+files_search_all_mountpoints(postfix_smtp_t)
 
 optional_policy(`
 	cyrus_stream_connect(postfix_smtp_t)
@@ -537,6 +591,10 @@ corecmd_exec_bin(postfix_smtpd_t)
 files_read_usr_files(postfix_smtpd_t)
 mta_read_aliases(postfix_smtpd_t)
 
+optional_policy(`
+	dovecot_stream_connect_auth(postfix_smtpd_t)
+')
+
 optional_policy(`
 	mailman_read_data_files(postfix_smtpd_t)
 ')
@@ -559,17 +617,14 @@ allow postfix_virtual_t self:process { setsched setrlimit };
 
 allow postfix_virtual_t postfix_spool_t:file rw_file_perms;
 
-manage_dirs_pattern(postfix_virtual_t, postfix_virtual_tmp_t, postfix_virtual_tmp_t)
-manage_files_pattern(postfix_virtual_t, postfix_virtual_tmp_t, postfix_virtual_tmp_t)
-files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
-
 # connect to master process
-stream_connect_pattern(postfix_virtual_t, postfix_public_t, postfix_public_t, postfix_master_t)
+stream_connect_pattern(postfix_virtual_t, { postfix_private_t postfix_public_t }, { postfix_private_t postfix_public_t }, postfix_master_t)
 
 corecmd_exec_shell(postfix_virtual_t)
 corecmd_exec_bin(postfix_virtual_t)
 
 files_read_etc_files(postfix_virtual_t)
+files_read_usr_files(postfix_virtual_t)
 
 mta_read_aliases(postfix_virtual_t)
 mta_delete_spool(postfix_virtual_t)