1 files changed, 79 insertions, 0 deletions

diff --git a/policy/modules/services/dspam.if b/policy/modules/services/dspam.if
new file mode 100644
index 000000000..969fd89d0
--- /dev/null
+++ b/policy/modules/services/dspam.if
@@ -0,0 +1,79 @@
+## <summary>Content-based spam filter designed for multi-user enterprise systems.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run dspam.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dspam_domtrans',`
+	gen_require(`
+		type dspam_t, dspam_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, dspam_exec_t, dspam_t)
+')
+
+#######################################
+## <summary>
+##	Connect to dspam using a unix
+##	domain stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dspam_stream_connect',`
+	gen_require(`
+		type dspam_t, dspam_var_run_t;
+	')
+
+	files_search_pids($1)
+	files_search_tmp($1)
+	stream_connect_pattern($1, dspam_var_run_t, dspam_var_run_t, dspam_t)
+')
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an dspam environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`dspam_admin',`
+	gen_require(`
+		type dspam_t, dspam_initrc_exec_t, dspam_log_t;
+		type dspam_var_lib_t, dspam_var_run_t;
+	')
+
+	allow $1 dspam_t:process { ptrace signal_perms };
+	ps_process_pattern($1, dspam_t)
+
+	init_startstop_service($1, $2, dspam_t, dspam_initrc_exec_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, dspam_log_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, dspam_var_lib_t)
+
+	files_search_pids($1)
+	admin_pattern($1, dspam_var_run_t)
+')