]>
Commit | Line | Data |
---|---|---|
b9e5238a CP |
1 | ## <summary>Milter mail filters</summary> |
2 | ||
3 | ######################################## | |
4 | ## <summary> | |
5 | ## Create a set of derived types for various | |
6 | ## mail filter applications using the milter interface. | |
7 | ## </summary> | |
8 | ## <param name="milter_name"> | |
9 | ## <summary> | |
10 | ## The name to be used for deriving type names. | |
11 | ## </summary> | |
12 | ## </param> | |
13 | # | |
14 | template(`milter_template',` | |
15 | # attributes common to all milters | |
16 | gen_require(` | |
17 | attribute milter_data_type, milter_domains; | |
18 | ') | |
19 | ||
20 | type $1_milter_t, milter_domains; | |
21 | type $1_milter_exec_t; | |
22 | init_daemon_domain($1_milter_t, $1_milter_exec_t) | |
23 | role system_r types $1_milter_t; | |
24 | ||
25 | # Type for the milter data (e.g. the socket used to communicate with the MTA) | |
26 | type $1_milter_data_t, milter_data_type; | |
26410ddf | 27 | files_type($1_milter_data_t) |
b9e5238a CP |
28 | |
29 | allow $1_milter_t self:fifo_file rw_fifo_file_perms; | |
30 | ||
31 | # Allow communication with MTA over a unix-domain socket | |
32 | # Note: usage with TCP sockets requires additional policy | |
33 | manage_sock_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t) | |
34 | ||
35 | # Create other data files and directories in the data directory | |
36 | manage_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t) | |
37 | ||
0000b795 CP |
38 | files_read_etc_files($1_milter_t) |
39 | ||
3eaa9939 DW |
40 | kernel_dontaudit_read_system_state($1_milter_t) |
41 | ||
b9e5238a CP |
42 | miscfiles_read_localization($1_milter_t) |
43 | ||
44 | logging_send_syslog_msg($1_milter_t) | |
45 | ') | |
46 | ||
47 | ######################################## | |
48 | ## <summary> | |
49 | ## MTA communication with milter sockets | |
50 | ## </summary> | |
51 | ## <param name="domain"> | |
52 | ## <summary> | |
53 | ## Domain allowed access. | |
54 | ## </summary> | |
55 | ## </param> | |
56 | # | |
57 | interface(`milter_stream_connect_all',` | |
58 | gen_require(` | |
59 | attribute milter_data_type, milter_domains; | |
60 | ') | |
61 | ||
62 | getattr_dirs_pattern($1, milter_data_type, milter_data_type) | |
63 | stream_connect_pattern($1, milter_data_type, milter_data_type, milter_domains) | |
64 | ') | |
65 | ||
66 | ######################################## | |
67 | ## <summary> | |
68 | ## Allow getattr of milter sockets | |
69 | ## </summary> | |
70 | ## <param name="domain"> | |
71 | ## <summary> | |
72 | ## Domain allowed access. | |
73 | ## </summary> | |
74 | ## </param> | |
75 | # | |
76 | interface(`milter_getattr_all_sockets',` | |
77 | gen_require(` | |
78 | attribute milter_data_type; | |
79 | ') | |
80 | ||
81 | getattr_dirs_pattern($1, milter_data_type, milter_data_type) | |
82 | getattr_sock_files_pattern($1, milter_data_type, milter_data_type) | |
83 | ') | |
0cf1d560 | 84 | |
3eaa9939 DW |
85 | ######################################## |
86 | ## <summary> | |
87 | ## Allow setattr of milter dirs | |
88 | ## </summary> | |
89 | ## <param name="domain"> | |
90 | ## <summary> | |
91 | ## Domain allowed access. | |
92 | ## </summary> | |
93 | ## </param> | |
94 | # | |
95 | interface(`milter_setattr_all_dirs',` | |
96 | gen_require(` | |
97 | attribute milter_data_type; | |
98 | ') | |
99 | ||
100 | setattr_dirs_pattern($1, milter_data_type, milter_data_type) | |
101 | ') | |
102 | ||
0cf1d560 CP |
103 | ######################################## |
104 | ## <summary> | |
105 | ## Manage spamassassin milter state | |
106 | ## </summary> | |
107 | ## <param name="domain"> | |
108 | ## <summary> | |
109 | ## Domain allowed access. | |
110 | ## </summary> | |
111 | ## </param> | |
112 | # | |
113 | interface(`milter_manage_spamass_state',` | |
114 | gen_require(` | |
115 | type spamass_milter_state_t; | |
116 | ') | |
117 | ||
118 | files_search_var_lib($1) | |
119 | manage_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t) | |
120 | manage_dirs_pattern($1, spamass_milter_state_t, spamass_milter_state_t) | |
121 | manage_lnk_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t) | |
122 | ') | |
dfe675b8 DW |
123 | |
124 | ####################################### | |
125 | ## <summary> | |
126 | ## Delete dkim-milter PID files. | |
127 | ## </summary> | |
128 | ## <param name="domain"> | |
129 | ## <summary> | |
130 | ## Domain allowed access. | |
131 | ## </summary> | |
132 | ## </param> | |
133 | # | |
134 | interface(`milter_delete_dkim_pid_files',` | |
135 | gen_require(` | |
136 | type dkim_milter_data_t; | |
137 | ') | |
138 | ||
139 | files_search_pids($1) | |
140 | delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t) | |
141 | ') |