selinux-policy/strict/macros/program/mta_macros.te

# Macros for MTA domains.
#

#
# Author:   Russell Coker <russell@coker.com.au>
# Based on the work of: Stephen Smalley <sds@epoch.ncsc.mil>
#                       Timothy Fraser 
#

#
# mail_domain(domain_prefix)
#
# Define a derived domain for the sendmail program when executed by
# a user domain to send outgoing mail.  These domains are separate and
# independent of the domain used for the sendmail daemon process.
#
# The type declaration for the executable type for this program is
# provided separately in domains/program/mta.te. 
#
undefine(`mail_domain')
define(`mail_domain',`
# Derived domain based on the calling user domain and the program.
type $1_mail_t, domain, privlog, user_mail_domain, nscd_client_domain;

ifdef(`sendmail.te', `
sendmail_user_domain($1)
')

can_exec($1_mail_t, sendmail_exec_t)
allow $1_mail_t sendmail_exec_t:lnk_file { getattr read };

# The user role is authorized for this domain.
role $1_r types $1_mail_t;

uses_shlib($1_mail_t)
can_network_client_tcp($1_mail_t)
allow $1_mail_t port_type:tcp_socket name_connect;
can_resolve($1_mail_t)
can_ypbind($1_mail_t)
allow $1_mail_t self:unix_dgram_socket create_socket_perms;
allow $1_mail_t self:unix_stream_socket create_socket_perms;

read_locale($1_mail_t)
read_sysctl($1_mail_t)
allow $1_mail_t device_t:dir search;
allow $1_mail_t { var_t var_spool_t }:dir search;
allow $1_mail_t self:process { fork signal_perms setrlimit };
allow $1_mail_t sbin_t:dir search;

# It wants to check for nscd
dontaudit $1_mail_t var_run_t:dir search;

# Use capabilities
allow $1_mail_t self:capability { setuid setgid chown };

# Execute procmail.
can_exec($1_mail_t, bin_t)
ifdef(`procmail.te',`
can_exec($1_mail_t, procmail_exec_t)')

ifelse(`$1', `system', `
# Transition from a system domain to the derived domain.
domain_auto_trans(privmail, sendmail_exec_t, system_mail_t)
allow privmail sendmail_exec_t:lnk_file { getattr read };

ifdef(`crond.te', `
# Read cron temporary files.
allow system_mail_t system_crond_tmp_t:file { read getattr ioctl };
allow mta_user_agent system_crond_tmp_t:file { read getattr };
')
can_access_pty(system_mail_t, initrc)

', `
# For when the user wants to send mail via port 25 localhost
can_tcp_connect($1_t, mail_server_domain)

# Transition from the user domain to the derived domain.
domain_auto_trans($1_t, sendmail_exec_t, $1_mail_t)
allow $1_t sendmail_exec_t:lnk_file { getattr read };

# Read user temporary files.
allow $1_mail_t $1_tmp_t:file r_file_perms;
dontaudit $1_mail_t $1_tmp_t:file append;
ifdef(`postfix.te', `
# postfix seems to need write access if the file handle is opened read/write
allow $1_mail_t $1_tmp_t:file write;
')dnl end if postfix

allow mta_user_agent $1_tmp_t:file { read getattr };

# Write to the user domain tty.
access_terminal(mta_user_agent, $1)
access_terminal($1_mail_t, $1)

# Inherit and use descriptors from gnome-pty-helper.
ifdef(`gnome-pty-helper.te', `allow $1_mail_t $1_gph_t:fd use;')
allow $1_mail_t privfd:fd use;

# Create dead.letter in user home directories.
file_type_auto_trans($1_mail_t, $1_home_dir_t, $1_home_t, file)

if (use_samba_home_dirs) {
rw_dir_create_file($1_mail_t, cifs_t)
}

# if you do not want to allow dead.letter then use the following instead
#allow $1_mail_t { $1_home_dir_t $1_home_t }:dir r_dir_perms;
#allow $1_mail_t $1_home_t:file r_file_perms;

# for reading .forward - maybe we need a new type for it?
# also for delivering mail to maildir
file_type_auto_trans(mta_delivery_agent, $1_home_dir_t, $1_home_t)
')dnl end if system

allow $1_mail_t etc_t:file { getattr read };
ifdef(`qmail.te', `
allow $1_mail_t qmail_etc_t:dir search;
allow $1_mail_t qmail_etc_t:{ file lnk_file } read;
')dnl end if qmail

')