diff options
Diffstat (limited to 'policy/modules/services/dspam.if')
-rw-r--r-- | policy/modules/services/dspam.if | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/policy/modules/services/dspam.if b/policy/modules/services/dspam.if new file mode 100644 index 000000000..969fd89d0 --- /dev/null +++ b/policy/modules/services/dspam.if @@ -0,0 +1,79 @@ +## <summary>Content-based spam filter designed for multi-user enterprise systems.</summary> + +######################################## +## <summary> +## Execute a domain transition to run dspam. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`dspam_domtrans',` + gen_require(` + type dspam_t, dspam_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, dspam_exec_t, dspam_t) +') + +####################################### +## <summary> +## Connect to dspam using a unix +## domain stream socket. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`dspam_stream_connect',` + gen_require(` + type dspam_t, dspam_var_run_t; + ') + + files_search_pids($1) + files_search_tmp($1) + stream_connect_pattern($1, dspam_var_run_t, dspam_var_run_t, dspam_t) +') + +######################################## +## <summary> +## All of the rules required to +## administrate an dspam environment. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`dspam_admin',` + gen_require(` + type dspam_t, dspam_initrc_exec_t, dspam_log_t; + type dspam_var_lib_t, dspam_var_run_t; + ') + + allow $1 dspam_t:process { ptrace signal_perms }; + ps_process_pattern($1, dspam_t) + + init_startstop_service($1, $2, dspam_t, dspam_initrc_exec_t) + + logging_search_logs($1) + admin_pattern($1, dspam_log_t) + + files_search_var_lib($1) + admin_pattern($1, dspam_var_lib_t) + + files_search_pids($1) + admin_pattern($1, dspam_var_run_t) +') |