Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/services/milter.if
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/services/milter.if')
-rw-r--r--policy/modules/services/milter.if117
1 files changed, 117 insertions, 0 deletions
diff --git a/policy/modules/services/milter.if b/policy/modules/services/milter.if
new file mode 100644
index 000000000..ffb58f9fa
--- /dev/null
+++ b/policy/modules/services/milter.if
@@ -0,0 +1,117 @@
+## <summary>Milter mail filters.</summary>
+
+#######################################
+## <summary>
+## The template to define a milter domain.
+## </summary>
+## <param name="domain_prefix">
+## <summary>
+## Domain prefix to be used.
+## </summary>
+## </param>
+#
+template(`milter_template',`
+ gen_require(`
+ attribute milter_data_type, milter_domains;
+ ')
+
+ ########################################
+ #
+ # Declarations
+ #
+
+ type $1_milter_t, milter_domains;
+ type $1_milter_exec_t;
+ init_daemon_domain($1_milter_t, $1_milter_exec_t)
+
+ type $1_milter_data_t, milter_data_type;
+ files_pid_file($1_milter_data_t)
+
+ ########################################
+ #
+ # Policy
+ #
+
+ manage_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
+ manage_sock_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
+
+ auth_use_nsswitch($1_milter_t)
+')
+
+########################################
+## <summary>
+## connect to all milter domains using
+## a unix domain stream socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`milter_stream_connect_all',`
+ gen_require(`
+ attribute milter_data_type, milter_domains;
+ ')
+
+ files_search_pids($1)
+ stream_connect_pattern($1, milter_data_type, milter_data_type, milter_domains)
+')
+
+########################################
+## <summary>
+## Get attributes of all milter sock files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`milter_getattr_all_sockets',`
+ gen_require(`
+ attribute milter_data_type;
+ ')
+
+ getattr_sock_files_pattern($1, milter_data_type, milter_data_type)
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## spamassissin milter data content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`milter_manage_spamass_state',`
+ gen_require(`
+ type spamass_milter_state_t;
+ ')
+
+ files_search_var_lib($1)
+ manage_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
+ manage_dirs_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
+ manage_lnk_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
+')
+
+########################################
+## <summary>
+## Get the attributes of the spamassissin milter data dir.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`milter_getattr_data_dir',`
+ gen_require(`
+ type spamass_milter_data_t;
+ ')
+
+ allow $1 spamass_milter_data_t:dir getattr;
+')