selinux-policy/policy/modules/services/razor.te
Dominick Grift 1e2abee10b Whitespace, newline and tab fixes.
Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.

Whitespace, newline and tab fixes.
2010-09-24 12:33:26 +02:00

145 lines
4.3 KiB
Plaintext

policy_module(razor, 2.1.1)
########################################
#
# Declarations
#
ifdef(`distro_redhat',`
gen_require(`
type spamc_t, spamc_exec_t, spamd_log_t;
type spamd_spool_t, spamd_var_lib_t, spamd_etc_t;
type spamc_home_t, spamc_tmp_t;
')
typealias spamc_t alias razor_t;
typealias spamc_exec_t alias razor_exec_t;
typealias spamd_log_t alias razor_log_t;
typealias spamd_var_lib_t alias razor_var_lib_t;
typealias spamd_etc_t alias razor_etc_t;
typealias spamc_home_t alias razor_home_t;
typealias spamc_home_t alias { user_razor_home_t staff_razor_home_t sysadm_razor_home_t };
typealias spamc_home_t alias { auditadm_razor_home_t secadm_razor_home_t };
typealias spamc_tmp_t alias { user_razor_tmp_t staff_razor_tmp_t sysadm_razor_tmp_t };
typealias spamc_tmp_t alias { auditadm_razor_tmp_t secadm_razor_tmp_t };
',`
type razor_exec_t;
corecmd_executable_file(razor_exec_t)
type razor_etc_t;
files_config_file(razor_etc_t)
type razor_home_t;
typealias razor_home_t alias { user_razor_home_t staff_razor_home_t sysadm_razor_home_t };
typealias razor_home_t alias { auditadm_razor_home_t secadm_razor_home_t };
files_poly_member(razor_home_t)
userdom_user_home_content(razor_home_t)
type razor_log_t;
logging_log_file(razor_log_t)
type razor_tmp_t;
typealias razor_tmp_t alias { user_razor_tmp_t staff_razor_tmp_t sysadm_razor_tmp_t };
typealias razor_tmp_t alias { auditadm_razor_tmp_t secadm_razor_tmp_t };
files_tmp_file(razor_tmp_t)
ubac_constrained(razor_tmp_t)
type razor_var_lib_t;
files_type(razor_var_lib_t)
# these are here due to ordering issues:
razor_common_domain_template(razor)
typealias razor_t alias { user_razor_t staff_razor_t sysadm_razor_t };
typealias razor_t alias { auditadm_razor_t secadm_razor_t };
ubac_constrained(razor_t)
razor_common_domain_template(system_razor)
role system_r types system_razor_t;
########################################
#
# System razor local policy
#
# this version of razor is invoked typically
# via the system spam filter
allow system_razor_t self:tcp_socket create_socket_perms;
manage_dirs_pattern(system_razor_t, razor_etc_t, razor_etc_t)
manage_files_pattern(system_razor_t, razor_etc_t, razor_etc_t)
manage_lnk_files_pattern(system_razor_t, razor_etc_t, razor_etc_t)
files_search_etc(system_razor_t)
allow system_razor_t razor_log_t:file manage_file_perms;
logging_log_filetrans(system_razor_t, razor_log_t, file)
manage_files_pattern(system_razor_t, razor_var_lib_t, razor_var_lib_t)
files_var_lib_filetrans(system_razor_t, razor_var_lib_t, file)
corenet_all_recvfrom_unlabeled(system_razor_t)
corenet_all_recvfrom_netlabel(system_razor_t)
corenet_tcp_sendrecv_generic_if(system_razor_t)
corenet_raw_sendrecv_generic_if(system_razor_t)
corenet_tcp_sendrecv_generic_node(system_razor_t)
corenet_raw_sendrecv_generic_node(system_razor_t)
corenet_tcp_sendrecv_razor_port(system_razor_t)
corenet_tcp_connect_razor_port(system_razor_t)
corenet_sendrecv_razor_client_packets(system_razor_t)
sysnet_read_config(system_razor_t)
# cjp: this shouldn't be needed
userdom_use_unpriv_users_fds(system_razor_t)
optional_policy(`
logging_send_syslog_msg(system_razor_t)
')
optional_policy(`
nscd_socket_use(system_razor_t)
')
########################################
#
# User razor local policy
#
# Allow razor to be run by hand. Needed by any action other than
# invocation from a spam filter.
allow razor_t self:unix_stream_socket create_stream_socket_perms;
manage_dirs_pattern(razor_t, razor_home_t, razor_home_t)
manage_files_pattern(razor_t, razor_home_t, razor_home_t)
manage_lnk_files_pattern(razor_t, razor_home_t, razor_home_t)
userdom_user_home_dir_filetrans(razor_t, razor_home_t, dir)
manage_dirs_pattern(razor_t, razor_tmp_t, razor_tmp_t)
manage_files_pattern(razor_t, razor_tmp_t, razor_tmp_t)
files_tmp_filetrans(razor_t, razor_tmp_t, { file dir })
auth_use_nsswitch(razor_t)
logging_send_syslog_msg(razor_t)
userdom_search_user_home_dirs(razor_t)
userdom_use_user_terminals(razor_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(razor_t)
fs_manage_nfs_files(razor_t)
fs_manage_nfs_symlinks(razor_t)
')
tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_dirs(razor_t)
fs_manage_cifs_files(razor_t)
fs_manage_cifs_symlinks(razor_t)
')
optional_policy(`
milter_manage_spamass_state(razor_t)
')
')