[people/stevee/selinux-policy.git] / policy / modules / services / clamav.te

policy_module(clamav, 1.8.1)

## <desc>
## <p>
## Allow clamd to use JIT compiler
## </p>
## </desc>
gen_tunable(clamd_use_jit, false)

########################################
#
# Declarations
#

# Main clamd domain
type clamd_t;
type clamd_exec_t;
init_daemon_domain(clamd_t, clamd_exec_t)

# configuration files
type clamd_etc_t;
files_config_file(clamd_etc_t)

type clamd_initrc_exec_t;
init_script_file(clamd_initrc_exec_t)

# tmp files
type clamd_tmp_t;
files_tmp_file(clamd_tmp_t)

# log files
type clamd_var_log_t;
logging_log_file(clamd_var_log_t)

# var/lib files
type clamd_var_lib_t;
files_type(clamd_var_lib_t)

# pid files
type clamd_var_run_t;
files_pid_file(clamd_var_run_t)
typealias clamd_var_run_t alias clamd_sock_t;

type clamscan_t;
type clamscan_exec_t;
init_daemon_domain(clamscan_t, clamscan_exec_t)

# tmp files
type clamscan_tmp_t;
files_tmp_file(clamscan_tmp_t)

type freshclam_t;
type freshclam_exec_t;
init_daemon_domain(freshclam_t, freshclam_exec_t)

# log files
type freshclam_var_log_t;
logging_log_file(freshclam_var_log_t)

########################################
#
# clamd local policy
#

allow clamd_t self:capability { kill setgid setuid dac_override };
dontaudit clamd_t self:capability sys_tty_config;
allow clamd_t self:fifo_file rw_fifo_file_perms;
allow clamd_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow clamd_t self:unix_dgram_socket create_socket_perms;
allow clamd_t self:tcp_socket { listen accept };

# configuration files
allow clamd_t clamd_etc_t:dir list_dir_perms;
read_files_pattern(clamd_t, clamd_etc_t, clamd_etc_t)
read_lnk_files_pattern(clamd_t, clamd_etc_t, clamd_etc_t)

# tmp files
manage_dirs_pattern(clamd_t, clamd_tmp_t, clamd_tmp_t)
manage_files_pattern(clamd_t, clamd_tmp_t, clamd_tmp_t)
files_tmp_filetrans(clamd_t, clamd_tmp_t, { file dir })

# var/lib files for clamd
manage_sock_files_pattern(clamd_t, clamd_var_lib_t, clamd_var_lib_t)
manage_dirs_pattern(clamd_t, clamd_var_lib_t, clamd_var_lib_t)
manage_files_pattern(clamd_t, clamd_var_lib_t, clamd_var_lib_t)

# log files
manage_dirs_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t)
manage_files_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t)
logging_log_filetrans(clamd_t, clamd_var_log_t, { dir file })

# pid file
manage_dirs_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
manage_files_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
manage_sock_files_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
files_pid_filetrans(clamd_t, clamd_var_run_t, { sock_file file dir })

kernel_dontaudit_list_proc(clamd_t)
kernel_read_sysctl(clamd_t)
kernel_read_kernel_sysctls(clamd_t)
kernel_read_system_state(clamd_t)

corecmd_exec_shell(clamd_t)

corenet_all_recvfrom_unlabeled(clamd_t)
corenet_all_recvfrom_netlabel(clamd_t)
corenet_tcp_sendrecv_generic_if(clamd_t)
corenet_tcp_sendrecv_generic_node(clamd_t)
corenet_tcp_sendrecv_all_ports(clamd_t)
corenet_tcp_sendrecv_clamd_port(clamd_t)
corenet_tcp_bind_generic_node(clamd_t)
corenet_tcp_bind_clamd_port(clamd_t)
corenet_tcp_bind_generic_port(clamd_t)
corenet_tcp_connect_generic_port(clamd_t)
corenet_sendrecv_clamd_server_packets(clamd_t)

dev_read_rand(clamd_t)
dev_read_urand(clamd_t)

domain_use_interactive_fds(clamd_t)

files_read_etc_files(clamd_t)
files_read_etc_runtime_files(clamd_t)
files_search_spool(clamd_t)

auth_use_nsswitch(clamd_t)

logging_send_syslog_msg(clamd_t)

miscfiles_read_localization(clamd_t)

cron_use_fds(clamd_t)
cron_use_system_job_fds(clamd_t)
cron_rw_pipes(clamd_t)

mta_read_config(clamd_t)
mta_send_mail(clamd_t)

optional_policy(`
	amavis_read_lib_files(clamd_t)
	amavis_read_spool_files(clamd_t)
	amavis_spool_filetrans(clamd_t, clamd_var_run_t, sock_file)
	amavis_create_pid_files(clamd_t)
')

optional_policy(`
	exim_read_spool_files(clamd_t)
')

tunable_policy(`clamd_use_jit',`
	allow clamd_t self:process execmem;
	allow clamscan_t self:process execmem;
', `
	dontaudit clamd_t self:process execmem;
	dontaudit clamscan_t self:process execmem;
')

########################################
#
# Freshclam local policy
#

allow freshclam_t self:capability { setgid setuid dac_override };
allow freshclam_t self:fifo_file rw_fifo_file_perms;
allow freshclam_t self:unix_stream_socket create_stream_socket_perms;
allow freshclam_t self:unix_dgram_socket create_socket_perms;
allow freshclam_t self:tcp_socket { listen accept };

# configuration files
allow freshclam_t clamd_etc_t:dir list_dir_perms;
read_files_pattern(freshclam_t, clamd_etc_t, clamd_etc_t)
read_lnk_files_pattern(freshclam_t, clamd_etc_t, clamd_etc_t)

# var/lib files together with clamd
manage_dirs_pattern(freshclam_t, clamd_var_lib_t, clamd_var_lib_t)
manage_files_pattern(freshclam_t, clamd_var_lib_t, clamd_var_lib_t)

# pidfiles- var/run together with clamd
manage_files_pattern(freshclam_t, clamd_var_run_t, clamd_var_run_t)
manage_sock_files_pattern(freshclam_t, clamd_var_run_t, clamd_var_run_t)
files_pid_filetrans(freshclam_t, clamd_var_run_t, file)

# log files (own logfiles only)
manage_files_pattern(freshclam_t, freshclam_var_log_t, freshclam_var_log_t)
allow freshclam_t freshclam_var_log_t:dir setattr;
read_files_pattern(freshclam_t, clamd_var_log_t, clamd_var_log_t)
logging_log_filetrans(freshclam_t, freshclam_var_log_t, file)

kernel_read_kernel_sysctls(freshclam_t)
kernel_read_system_state(freshclam_t)

corecmd_exec_shell(freshclam_t)
corecmd_exec_bin(freshclam_t)

corenet_all_recvfrom_unlabeled(freshclam_t)
corenet_all_recvfrom_netlabel(freshclam_t)
corenet_tcp_sendrecv_generic_if(freshclam_t)
corenet_tcp_sendrecv_generic_node(freshclam_t)
corenet_tcp_sendrecv_all_ports(freshclam_t)
corenet_tcp_sendrecv_clamd_port(freshclam_t)
corenet_tcp_connect_http_port(freshclam_t)
corenet_tcp_connect_clamd_port(freshclam_t)
corenet_sendrecv_http_client_packets(freshclam_t)

dev_read_rand(freshclam_t)
dev_read_urand(freshclam_t)

domain_use_interactive_fds(freshclam_t)

files_read_etc_files(freshclam_t)
files_read_etc_runtime_files(freshclam_t)

auth_use_nsswitch(freshclam_t)

logging_send_syslog_msg(freshclam_t)

miscfiles_read_localization(freshclam_t)

clamav_stream_connect(freshclam_t)

userdom_stream_connect(freshclam_t)

optional_policy(`
	cron_system_entry(freshclam_t, freshclam_exec_t)
')

tunable_policy(`clamd_use_jit',`
	allow freshclam_t self:process execmem;
', `
	dontaudit freshclam_t self:process execmem;
')

########################################
#
# clamscam local policy
#

allow clamscan_t self:capability { setgid setuid dac_override };
allow clamscan_t self:fifo_file rw_file_perms;
allow clamscan_t self:unix_stream_socket create_stream_socket_perms;
allow clamscan_t self:unix_dgram_socket create_socket_perms;
allow clamscan_t self:tcp_socket create_stream_socket_perms;

# configuration files
allow clamscan_t clamd_etc_t:dir list_dir_perms;
read_files_pattern(clamscan_t, clamd_etc_t, clamd_etc_t)
read_lnk_files_pattern(clamscan_t, clamd_etc_t, clamd_etc_t)

# tmp files
manage_dirs_pattern(clamscan_t, clamscan_tmp_t, clamscan_tmp_t)
manage_files_pattern(clamscan_t, clamscan_tmp_t, clamscan_tmp_t)
files_tmp_filetrans(clamscan_t, clamscan_tmp_t, { file dir })

# var/lib files together with clamd
manage_files_pattern(clamscan_t, clamd_var_lib_t, clamd_var_lib_t)
allow clamscan_t clamd_var_lib_t:dir list_dir_perms;

corenet_all_recvfrom_unlabeled(clamscan_t)
corenet_all_recvfrom_netlabel(clamscan_t)
corenet_tcp_sendrecv_generic_if(clamscan_t)
corenet_tcp_sendrecv_generic_node(clamscan_t)
corenet_tcp_sendrecv_all_ports(clamscan_t)
corenet_tcp_sendrecv_clamd_port(clamscan_t)
corenet_tcp_connect_clamd_port(clamscan_t)

kernel_read_kernel_sysctls(clamscan_t)
kernel_read_system_state(clamscan_t)

files_read_etc_files(clamscan_t)
files_read_etc_runtime_files(clamscan_t)
files_search_var_lib(clamscan_t)

init_read_utmp(clamscan_t)
init_dontaudit_write_utmp(clamscan_t)

miscfiles_read_localization(clamscan_t)
miscfiles_read_public_files(clamscan_t)

clamav_stream_connect(clamscan_t)

mta_send_mail(clamscan_t)

optional_policy(`
	amavis_read_spool_files(clamscan_t)
')

optional_policy(`
	apache_read_sys_content(clamscan_t)
')
Commit	Line	Data
29f3bfa4	1	policy_module(clamav, 1.8.1)
4804cd43 CP	2
	3	## <desc>
	4	## <p>
	5	## Allow clamd to use JIT compiler
	6	## </p>
	7	## </desc>
	8	gen_tunable(clamd_use_jit, false)
8a0a9944 CP	9
	10	########################################
	11	#
	12	# Declarations
	13	#
	14
	15	# Main clamd domain
	16	type clamd_t;
	17	type clamd_exec_t;
	18	init_daemon_domain(clamd_t, clamd_exec_t)
	19
	20	# configuration files
	21	type clamd_etc_t;
ad0aea53 CP	22	files_config_file(clamd_etc_t)
	23
	24	type clamd_initrc_exec_t;
	25	init_script_file(clamd_initrc_exec_t)
8a0a9944	26
8a0a9944 CP	27	# tmp files
	28	type clamd_tmp_t;
	29	files_tmp_file(clamd_tmp_t)
	30
	31	# log files
	32	type clamd_var_log_t;
	33	logging_log_file(clamd_var_log_t)
	34
	35	# var/lib files
	36	type clamd_var_lib_t;
	37	files_type(clamd_var_lib_t)
	38
	39	# pid files
	40	type clamd_var_run_t;
	41	files_pid_file(clamd_var_run_t)
46551033	42	typealias clamd_var_run_t alias clamd_sock_t;
8a0a9944	43
165b42d2 CP	44	type clamscan_t;
	45	type clamscan_exec_t;
	46	init_daemon_domain(clamscan_t, clamscan_exec_t)
	47
522b59bb CP	48	# tmp files
	49	type clamscan_tmp_t;
	50	files_tmp_file(clamscan_tmp_t)
	51
8a0a9944 CP	52	type freshclam_t;
	53	type freshclam_exec_t;
	54	init_daemon_domain(freshclam_t, freshclam_exec_t)
	55
	56	# log files
	57	type freshclam_var_log_t;
	58	logging_log_file(freshclam_var_log_t)
	59
	60	########################################
	61	#
	62	# clamd local policy
	63	#
	64
	65	allow clamd_t self:capability { kill setgid setuid dac_override };
4804cd43	66	dontaudit clamd_t self:capability sys_tty_config;
c0868a7a	67	allow clamd_t self:fifo_file rw_fifo_file_perms;
ad0aea53	68	allow clamd_t self:unix_stream_socket { create_stream_socket_perms connectto };
8a0a9944 CP	69	allow clamd_t self:unix_dgram_socket create_socket_perms;
	70	allow clamd_t self:tcp_socket { listen accept };
	71
	72	# configuration files
c0868a7a	73	allow clamd_t clamd_etc_t:dir list_dir_perms;
0bfccda4 CP	74	read_files_pattern(clamd_t, clamd_etc_t, clamd_etc_t)
0bfccda4 CP	75	read_lnk_files_pattern(clamd_t, clamd_etc_t, clamd_etc_t)
8a0a9944	76
8a0a9944	77	# tmp files
0bfccda4 CP	78	manage_dirs_pattern(clamd_t, clamd_tmp_t, clamd_tmp_t)
	79	manage_files_pattern(clamd_t, clamd_tmp_t, clamd_tmp_t)
	80	files_tmp_filetrans(clamd_t, clamd_tmp_t, { file dir })
8a0a9944 CP	81
8a0a9944 CP	82	# var/lib files for clamd
3eaa9939	83	manage_sock_files_pattern(clamd_t, clamd_var_lib_t, clamd_var_lib_t)
0bfccda4 CP	84	manage_dirs_pattern(clamd_t, clamd_var_lib_t, clamd_var_lib_t)
0bfccda4 CP	85	manage_files_pattern(clamd_t, clamd_var_lib_t, clamd_var_lib_t)
8a0a9944 CP	86
8a0a9944 CP	87	# log files
0bfccda4 CP	88	manage_dirs_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t)
	89	manage_files_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t)
	90	logging_log_filetrans(clamd_t, clamd_var_log_t, { dir file })
8a0a9944 CP	91
8a0a9944 CP	92	# pid file
08e567dc	93	manage_dirs_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
0bfccda4 CP	94	manage_files_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
0bfccda4 CP	95	manage_sock_files_pattern(clamd_t, clamd_var_run_t, clamd_var_run_t)
3eaa9939	96	files_pid_filetrans(clamd_t, clamd_var_run_t, { sock_file file dir })
8a0a9944 CP	97
8a0a9944 CP	98	kernel_dontaudit_list_proc(clamd_t)
d6d16b97	99	kernel_read_sysctl(clamd_t)
016e5c5c	100	kernel_read_kernel_sysctls(clamd_t)
ad0aea53 CP	101	kernel_read_system_state(clamd_t)
	102
	103	corecmd_exec_shell(clamd_t)
8a0a9944	104
19006686 CP	105	corenet_all_recvfrom_unlabeled(clamd_t)
19006686 CP	106	corenet_all_recvfrom_netlabel(clamd_t)
668b3093	107	corenet_tcp_sendrecv_generic_if(clamd_t)
c1262146	108	corenet_tcp_sendrecv_generic_node(clamd_t)
8a0a9944 CP	109	corenet_tcp_sendrecv_all_ports(clamd_t)
8a0a9944 CP	110	corenet_tcp_sendrecv_clamd_port(clamd_t)
c1262146	111	corenet_tcp_bind_generic_node(clamd_t)
141cffdd	112	corenet_tcp_bind_clamd_port(clamd_t)
ad0aea53 CP	113	corenet_tcp_bind_generic_port(clamd_t)
ad0aea53 CP	114	corenet_tcp_connect_generic_port(clamd_t)
141cffdd	115	corenet_sendrecv_clamd_server_packets(clamd_t)
8a0a9944 CP	116
	117	dev_read_rand(clamd_t)
	118	dev_read_urand(clamd_t)
	119
	120	domain_use_interactive_fds(clamd_t)
	121
	122	files_read_etc_files(clamd_t)
	123	files_read_etc_runtime_files(clamd_t)
522b59bb	124	files_search_spool(clamd_t)
8a0a9944	125
192fb874 CP	126	auth_use_nsswitch(clamd_t)
192fb874 CP	127
522b59bb CP	128	logging_send_syslog_msg(clamd_t)
522b59bb CP	129
8a0a9944 CP	130	miscfiles_read_localization(clamd_t)
8a0a9944 CP	131
8a0a9944 CP	132	cron_use_fds(clamd_t)
	133	cron_use_system_job_fds(clamd_t)
	134	cron_rw_pipes(clamd_t)
	135
ad0aea53 CP	136	mta_read_config(clamd_t)
	137	mta_send_mail(clamd_t)
	138
bb7170f6	139	optional_policy(`
8a0a9944	140	amavis_read_lib_files(clamd_t)
522b59bb	141	amavis_read_spool_files(clamd_t)
3f67f722	142	amavis_spool_filetrans(clamd_t, clamd_var_run_t, sock_file)
2c3ac47d	143	amavis_create_pid_files(clamd_t)
8a0a9944 CP	144	')
8a0a9944 CP	145
ad0aea53 CP	146	optional_policy(`
	147	exim_read_spool_files(clamd_t)
	148	')
	149
29f3bfa4 CP	150	tunable_policy(`clamd_use_jit',`
29f3bfa4 CP	151	allow clamd_t self:process execmem;
3eaa9939	152	allow clamscan_t self:process execmem;
29f3bfa4 CP	153	', `
29f3bfa4 CP	154	dontaudit clamd_t self:process execmem;
3eaa9939	155	dontaudit clamscan_t self:process execmem;
29f3bfa4 CP	156	')
29f3bfa4 CP	157
8a0a9944 CP	158	########################################
	159	#
	160	# Freshclam local policy
	161	#
	162
	163	allow freshclam_t self:capability { setgid setuid dac_override };
c0868a7a	164	allow freshclam_t self:fifo_file rw_fifo_file_perms;
8a0a9944 CP	165	allow freshclam_t self:unix_stream_socket create_stream_socket_perms;
	166	allow freshclam_t self:unix_dgram_socket create_socket_perms;
	167	allow freshclam_t self:tcp_socket { listen accept };
	168
	169	# configuration files
c0868a7a	170	allow freshclam_t clamd_etc_t:dir list_dir_perms;
0bfccda4 CP	171	read_files_pattern(freshclam_t, clamd_etc_t, clamd_etc_t)
0bfccda4 CP	172	read_lnk_files_pattern(freshclam_t, clamd_etc_t, clamd_etc_t)
8a0a9944 CP	173
8a0a9944 CP	174	# var/lib files together with clamd
0bfccda4 CP	175	manage_dirs_pattern(freshclam_t, clamd_var_lib_t, clamd_var_lib_t)
0bfccda4 CP	176	manage_files_pattern(freshclam_t, clamd_var_lib_t, clamd_var_lib_t)
8a0a9944 CP	177
8a0a9944 CP	178	# pidfiles- var/run together with clamd
0bfccda4 CP	179	manage_files_pattern(freshclam_t, clamd_var_run_t, clamd_var_run_t)
	180	manage_sock_files_pattern(freshclam_t, clamd_var_run_t, clamd_var_run_t)
	181	files_pid_filetrans(freshclam_t, clamd_var_run_t, file)
8a0a9944 CP	182
8a0a9944 CP	183	# log files (own logfiles only)
0bfccda4	184	manage_files_pattern(freshclam_t, freshclam_var_log_t, freshclam_var_log_t)
c0868a7a	185	allow freshclam_t freshclam_var_log_t:dir setattr;
f5b49a5e	186	read_files_pattern(freshclam_t, clamd_var_log_t, clamd_var_log_t)
0bfccda4	187	logging_log_filetrans(freshclam_t, freshclam_var_log_t, file)
8a0a9944	188
3eaa9939 DW	189	kernel_read_kernel_sysctls(freshclam_t)
	190	kernel_read_system_state(freshclam_t)
	191
f5b49a5e DW	192	corecmd_exec_shell(freshclam_t)
	193	corecmd_exec_bin(freshclam_t)
	194
19006686 CP	195	corenet_all_recvfrom_unlabeled(freshclam_t)
19006686 CP	196	corenet_all_recvfrom_netlabel(freshclam_t)
668b3093	197	corenet_tcp_sendrecv_generic_if(freshclam_t)
c1262146	198	corenet_tcp_sendrecv_generic_node(freshclam_t)
8a0a9944 CP	199	corenet_tcp_sendrecv_all_ports(freshclam_t)
8a0a9944 CP	200	corenet_tcp_sendrecv_clamd_port(freshclam_t)
8a0a9944	201	corenet_tcp_connect_http_port(freshclam_t)
3eaa9939	202	corenet_tcp_connect_clamd_port(freshclam_t)
141cffdd	203	corenet_sendrecv_http_client_packets(freshclam_t)
8a0a9944 CP	204
	205	dev_read_rand(freshclam_t)
	206	dev_read_urand(freshclam_t)
	207
	208	domain_use_interactive_fds(freshclam_t)
	209
	210	files_read_etc_files(freshclam_t)
	211	files_read_etc_runtime_files(freshclam_t)
	212
192fb874	213	auth_use_nsswitch(freshclam_t)
8a0a9944	214
4804cd43 CP	215	logging_send_syslog_msg(freshclam_t)
4804cd43 CP	216
192fb874	217	miscfiles_read_localization(freshclam_t)
8a0a9944 CP	218
	219	clamav_stream_connect(freshclam_t)
	220
3eaa9939 DW	221	userdom_stream_connect(freshclam_t)
3eaa9939 DW	222
192fb874 CP	223	optional_policy(`
	224	cron_system_entry(freshclam_t, freshclam_exec_t)
	225	')
165b42d2	226
29f3bfa4 CP	227	tunable_policy(`clamd_use_jit',`
	228	allow freshclam_t self:process execmem;
	229	', `
	230	dontaudit freshclam_t self:process execmem;
	231	')
	232
165b42d2 CP	233	########################################
	234	#
	235	# clamscam local policy
	236	#
	237
	238	allow clamscan_t self:capability { setgid setuid dac_override };
	239	allow clamscan_t self:fifo_file rw_file_perms;
	240	allow clamscan_t self:unix_stream_socket create_stream_socket_perms;
	241	allow clamscan_t self:unix_dgram_socket create_socket_perms;
ad0aea53	242	allow clamscan_t self:tcp_socket create_stream_socket_perms;
165b42d2 CP	243
165b42d2 CP	244	# configuration files
c0868a7a	245	allow clamscan_t clamd_etc_t:dir list_dir_perms;
0bfccda4 CP	246	read_files_pattern(clamscan_t, clamd_etc_t, clamd_etc_t)
0bfccda4 CP	247	read_lnk_files_pattern(clamscan_t, clamd_etc_t, clamd_etc_t)
165b42d2	248
522b59bb	249	# tmp files
0bfccda4 CP	250	manage_dirs_pattern(clamscan_t, clamscan_tmp_t, clamscan_tmp_t)
	251	manage_files_pattern(clamscan_t, clamscan_tmp_t, clamscan_tmp_t)
	252	files_tmp_filetrans(clamscan_t, clamscan_tmp_t, { file dir })
522b59bb	253
165b42d2	254	# var/lib files together with clamd
0bfccda4	255	manage_files_pattern(clamscan_t, clamd_var_lib_t, clamd_var_lib_t)
c0868a7a	256	allow clamscan_t clamd_var_lib_t:dir list_dir_perms;
165b42d2	257
ad0aea53 CP	258	corenet_all_recvfrom_unlabeled(clamscan_t)
	259	corenet_all_recvfrom_netlabel(clamscan_t)
	260	corenet_tcp_sendrecv_generic_if(clamscan_t)
	261	corenet_tcp_sendrecv_generic_node(clamscan_t)
	262	corenet_tcp_sendrecv_all_ports(clamscan_t)
	263	corenet_tcp_sendrecv_clamd_port(clamscan_t)
	264	corenet_tcp_connect_clamd_port(clamscan_t)
	265
165b42d2	266	kernel_read_kernel_sysctls(clamscan_t)
3eaa9939	267	kernel_read_system_state(clamscan_t)
165b42d2 CP	268
	269	files_read_etc_files(clamscan_t)
	270	files_read_etc_runtime_files(clamscan_t)
	271	files_search_var_lib(clamscan_t)
	272
016e5c5c CP	273	init_read_utmp(clamscan_t)
	274	init_dontaudit_write_utmp(clamscan_t)
	275
165b42d2 CP	276	miscfiles_read_localization(clamscan_t)
	277	miscfiles_read_public_files(clamscan_t)
	278
	279	clamav_stream_connect(clamscan_t)
	280
ad0aea53 CP	281	mta_send_mail(clamscan_t)
ad0aea53 CP	282
192fb874 CP	283	optional_policy(`
	284	amavis_read_spool_files(clamscan_t)
	285	')
	286
165b42d2 CP	287	optional_policy(`
	288	apache_read_sys_content(clamscan_t)
	289	')