selinux-policy/strict/macros/program/spamassassin_macros.te
2005-09-12 21:40:56 +00:00

129 lines
3.4 KiB
Plaintext

#
# Macros for spamassassin domains.
#
# Author: Colin Walters <walters@verbum.org>
# spamassassin_domain(domain_prefix)
#
# Define derived domains for various spamassassin tools when executed
# by a user domain.
#
# The type declarations for the executable types of these programs are
# provided separately in domains/program/spamassassin.te and
# domains/program/spamc.te.
#
undefine(`spamassassin_domain')
ifdef(`spamassassin.te', `define(`using_spamassassin', `')')
ifdef(`spamd.te', `define(`using_spamassassin', `')')
ifdef(`spamc.te', `define(`using_spamassassin', `')')
ifdef(`using_spamassassin',`
#######
# Macros used internally in these spamassassin macros.
#
###
# Define a domain for a spamassassin-like program (spamc/spamassassin).
#
# Note: most of this should really be in a generic macro like
# base_user_program($1, foo)
define(`spamassassin_program_domain',`
type $1_$2_t, domain, privlog $3;
domain_auto_trans($1_t, $2_exec_t, $1_$2_t)
role $1_r types $1_$2_t;
general_domain_access($1_$2_t)
base_file_read_access($1_$2_t)
r_dir_file($1_$2_t, etc_t)
ifdef(`sendmail.te', `
r_dir_file($1_$2_t, etc_mail_t)
')
allow $1_$2_t etc_runtime_t:file r_file_perms;
uses_shlib($1_$2_t)
read_locale($1_$2_t)
dontaudit $1_$2_t var_t:dir search;
tmp_domain($1_$2)
allow $1_$2_t privfd:fd use;
allow $1_$2_t userpty_type:chr_file rw_file_perms;
') dnl end spamassassin_program_domain
###
# Give privileges to a domain for accessing ~/.spamassassin
# and a few other misc things like /dev/random.
# This is granted to /usr/bin/spamassassin and
# /usr/sbin/spamd, but NOT spamc (because it does not need it).
#
define(`spamassassin_agent_privs',`
allow $1 home_root_t:dir r_dir_perms;
file_type_auto_trans($1, $2_home_dir_t, $2_spamassassin_home_t)
create_dir_file($1, $2_spamassassin_home_t)
allow $1 urandom_device_t:chr_file r_file_perms;
')
#######
# Define the main spamassassin macro. This itself creates a
# domain for /usr/bin/spamassassin, and also spamc/spamd if
# applicable.
#
define(`spamassassin_domain',`
spamassassin_program_domain($1, spamassassin)
# For perl libraries.
allow $1_spamassassin_t lib_t:file rx_file_perms;
# Ignore perl digging in /proc and /var.
dontaudit $1_spamassassin_t proc_t:dir search;
dontaudit $1_spamassassin_t proc_t:lnk_file read;
dontaudit $1_spamassassin_t { sysctl_t sysctl_kernel_t }:dir search;
# For ~/.spamassassin
home_domain($1, spamassassin)
file_type_auto_trans($1_spamassassin_t, $1_home_dir_t, $1_spamassassin_home_t, dir)
spamassassin_agent_privs($1_spamassassin_t, $1)
can_resolve($1_spamassassin_t)
# set tunable if you give spamassassin full network access.
if (spamassasin_can_network) {
can_network($1_spamassassin_t)
allow $1_spamassassin_t port_type:tcp_socket name_connect;
}
if (spamassasin_can_network && allow_ypbind) {
uncond_can_ypbind($1_spamassassin_t)
}
###
# Define the domain for /usr/bin/spamc
#
ifdef(`spamc.te',`
spamassassin_program_domain($1, spamc, `, nscd_client_domain')
can_network($1_spamc_t)
allow $1_spamc_t port_type:tcp_socket name_connect;
can_ypbind($1_spamc_t)
# Allow connecting to a local spamd
ifdef(`spamd.te',`
can_tcp_connect($1_spamc_t, spamd_t)
can_unix_connect($1_spamc_t, spamd_t)
allow $1_spamc_t spamd_tmp_t:sock_file rw_file_perms;
') dnl endif spamd.te
') dnl endif spamc.te
###
# Define the domain for /usr/sbin/spamd
#
ifdef(`spamd.te',`
spamassassin_agent_privs(spamd_t, $1)
') dnl endif spamd.te
') dnl end spamassassin_domain
', `
define(`spamassassin_domain',`')
')