From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 21 Aug 2008 10:06:48 -0400
Subject: [refpolicy] [patch 33/35] mailscanner policy addition
In-Reply-To: <20080804123739.984442576@hardeman.nu>
References: <20080804123456.679565839@hardeman.nu>
	<20080804123739.984442576@hardeman.nu>
Message-ID: <1219327608.16398.63.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2008-08-04 at 14:35 +0200, david at hardeman.nu wrote:
> plain text document attachment
> (policy_modules_services_mailscanner.patch)
> Adds a new mailscanner module from the RH patchset

This seems like an incomplete module, since it only has one file type
and no domain.

> Index: refpolicy/policy/modules/services/mailscanner.fc
> ===================================================================
> --- /dev/null	1970-01-01 00:00:00.000000000 +0000
> +++ refpolicy/policy/modules/services/mailscanner.fc	2008-08-03 22:09:51.000000000 +0200
> @@ -0,0 +1,2 @@
> +/var/spool/MailScanner(/.*)?	gen_context(system_u:object_r:mailscanner_spool_t,s0)
> +
> Index: refpolicy/policy/modules/services/mailscanner.if
> ===================================================================
> --- /dev/null	1970-01-01 00:00:00.000000000 +0000
> +++ refpolicy/policy/modules/services/mailscanner.if	2008-08-03 22:09:51.000000000 +0200
> @@ -0,0 +1,59 @@
> +## <summary>Anti-Virus and Anti-Spam Filter</summary>
> +
> +########################################
> +## <summary>
> +##	Search mailscanner spool directories.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`mailscanner_search_spool',`
> +	gen_require(`
> +		type mailscanner_spool_t;
> +	')
> +
> +	files_search_spool($1)
> +	allow $1 mailscanner_spool_t:dir search_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> +##	read mailscanner spool files.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`mailscanner_read_spool',`
> +	gen_require(`
> +		type mailscanner_spool_t;
> +	')
> +
> +	files_search_spool($1)
> +	read_files_pattern($1,mailscanner_spool_t,mailscanner_spool_t)
> +')
> +
> +########################################
> +## <summary>
> +##	Create, read, write, and delete
> +##	mailscanner spool files.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`mailscanner_manage_spool',`
> +	gen_require(`
> +		type mailscanner_spool_t;
> +	')
> +
> +	files_search_spool($1)
> +	manage_files_pattern($1,mailscanner_spool_t,mailscanner_spool_t)
> +')
> Index: refpolicy/policy/modules/services/mailscanner.te
> ===================================================================
> --- /dev/null	1970-01-01 00:00:00.000000000 +0000
> +++ refpolicy/policy/modules/services/mailscanner.te	2008-08-03 22:09:51.000000000 +0200
> @@ -0,0 +1,5 @@
> +
> +policy_module(mailscanner,1.0.0)
> +
> +type mailscanner_spool_t;
> +files_type(mailscanner_spool_t)
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150