DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5688120843
From:   David Sugar <dsugar@tresys.com>
To:     "selinux-refpolicy@vger.kernel.org" 
        <selinux-refpolicy@vger.kernel.org>
Subject: [PATCH 1/1] Interface to allow reading of virus signature files.
Thread-Topic: [PATCH 1/1] Interface to allow reading of virus signature files.
Thread-Index: AQHUbhArY+4xz0l56UqouKIKLQYJEg==
Date:   Sat, 27 Oct 2018 16:14:42 +0000
Message-ID: <20181027161407.11324-1-dsugar@tresys.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;BN6PR15MB1425;6:gxc9OfBrO6moULgkr3GbZbwu0WLefgRojg662KekHcbMea1Khs00mNjKW3TZg7IMvAVmWY3GmkH47o4uLUFjeI3VFN4LR+8PWCQefJLJQMJ+7ZjfcmevjCHjh5gi8s5pEjSUl3EqeW3R/CSfBEVa+ti0j3qjpesoUpbxHmdkJTbCl/masrl3VYjQKHU3ZKxB1wV/QQrLwX5M8ie1JyOdFQe0hiRZaNpIZrNWR5NP1D2bRcsPP/eNNKGjvn8HGpOL5nC9Nw5hINkqHRlwShdJKVZdRNxLF1bFCtY++svgb9aPKPkH3P8TUDfJzGjpEXsX1nVkFJjvQTeX649U48q9dyiI4ggaAd9U3W3mrYM1XrMsaztW+S4i+0fyvqnZ1gVAL+BQJaG7DqgXw6dPk3MkNbrBAR06NhX0oZDyThAnJC42+i9MoXOm+LlD5WD3YE6LaYGoBRXxz1xhsvn29ZAMOQ==;5:Y2oZcjivFvtS3XVhY+9QIUDdlHS/bZitycLlgKrPd9f48ONmJcFf5MlfX7MwHZaQhdy6+A1e6XLlk4ldTH2bEiEd1ymA3vWZ4vHwsoWkmYuY7F48/fsBOe5hBESPYneVTR58T+53ZzQVLwyepHQh8Z/O6UK+WleSHMZpMnNTaR4=;7:giKVpZmoDxprGJ2UGy8qzNZL/hsf8MgRFh+U7c2dKBCUZhouCsI7zKgPdITWRKRNGe/IwYK8y7vDJKv0VfMPGLB5TI2daRGCmEMYBkwZTih2lZDth2iYZFn7TF+91QXLHuZZBFA4j9xsdlu/4uwkRg==
x-ms-office365-filtering-correlation-id: 9bb6d8e1-ad6d-4c8a-30bf-08d63c274d95
x-microsoft-antispam: BCL:0;PCL:0;RULEID:(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600074)(711020)(2017052603328)(7153060)(7193020);SRVR:BN6PR15MB1425;
x-ms-traffictypediagnostic: BN6PR15MB1425:
x-microsoft-antispam-prvs: <BN6PR15MB142577DAE84CC315E13A7699B9F10@BN6PR15MB1425.namprd15.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(269456686620040);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(3231382)(944501410)(52105095)(93006095)(93001095)(10201501046)(148016)(149066)(150057)(6041310)(20161123558120)(2016111802025)(20161123564045)(20161123562045)(20161123560045)(6043046)(201708071742011)(7699051)(76991095);SRVR:BN6PR15MB1425;BCL:0;PCL:0;RULEID:;SRVR:BN6PR15MB1425;
x-forefront-prvs: 08381C729B
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(396003)(39830400003)(366004)(376002)(136003)(346002)(189003)(199004)(52116002)(68736007)(6506007)(316002)(386003)(86362001)(105586002)(106356001)(6486002)(7736002)(2351001)(305945005)(66066001)(102836004)(2906002)(99286004)(8676002)(476003)(486006)(5250100002)(81156014)(66574009)(26005)(81166006)(2501003)(6512007)(2616005)(5660300001)(36756003)(5640700003)(6436002)(256004)(2900100001)(14444005)(1076002)(71200400001)(14454004)(97736004)(8936002)(186003)(6116002)(71190400001)(508600001)(3846002)(6916009)(53936002)(25786009);DIR:OUT;SFP:1102;SCL:1;SRVR:BN6PR15MB1425;H:BN6PR15MB1507.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;
received-spf: None (protection.outlook.com: tresys.com does not designate
 permitted sender hosts)
x-microsoft-antispam-message-info: +n4JISUxc8SOM+caogvXIjJ+NK+ZzzbQVo63dLpu2qaFwaZwRU+saCbfnW1NTTfLgjYwVYOxefUh3mVSutT+H+3l0rmMNOHCqt0fNIogEhTX9CKxYY2RaDnULroqoD3sbHu2tCS13b2KlITI/nhZ6oq0yiIBnaUx3TcOwYgaZs1OX9HDsfZyDuVBAhyPG8obGaGyauYwSattnLNxuDYo1/hQsGT2uVjQfcQjLxBsYhodiydivxN00v5fltuEHNYwbbx+3fQtuT7dHMgoHipiwr+kjMXwKRfACnj3kx9AQHvia4zjxdbkMwIYXsVhtaJgfRZJ8PLCxAar0hdSFk8Ea4/QCDlCZ1nQn9xplQH/d6A=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: tresys.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9bb6d8e1-ad6d-4c8a-30bf-08d63c274d95
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2018 16:14:42.6261
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a0d45667-6c07-4e88-868f-4ac9af95c7ed
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1425
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

Signed-off-by: Dave Sugar <dsugar@tresys.com>
---
 policy/modules/services/clamav.if | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/policy/modules/services/clamav.if b/policy/modules/services/cl=
amav.if
index 7ad8e800..80ac5c1e 100644
--- a/policy/modules/services/clamav.if
+++ b/policy/modules/services/clamav.if
@@ -177,6 +177,34 @@ interface(`clamav_read_state_clamd',`
 	read_lnk_files_pattern($1, clamd_t, clamd_t)
 ')
=20
+#######################################
+## <summary>
+##	Read clam virus signature files
+## </summary>
+## <desc>
+##	<p>
+##	Useful for when using things like 'sigtool'
+##	which provides useful information about
+##	ClamAV signature files.
+##	</p>
+## </desc>
+## <param name=3D"domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`clamav_read_signatures',`
+	gen_require(`
+		type clamd_var_lib_t;
+	')
+
+	clamav_search_lib($1)
+	allow $1 clamd_var_lib_t:dir list_dir_perms;
+	read_files_pattern($1, clamd_var_lib_t, clamd_var_lib_t)
+	read_lnk_files_pattern($1, clamd_var_lib_t, clamd_var_lib_t)
+')
+
 ########################################
 ## <summary>
 ##	All of the rules required to
--=20
2.14.4