|
 |
1ec3d1a |
|
|
|
1ec3d1a |
policy_module(dspam, 1.0.0)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
# Declarations
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type dspam_t;
|
|
|
1ec3d1a |
type dspam_exec_t;
|
|
|
1ec3d1a |
init_daemon_domain(dspam_t, dspam_exec_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type dspam_initrc_exec_t;
|
|
|
1ec3d1a |
init_script_file(dspam_initrc_exec_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type dspam_log_t;
|
|
|
1ec3d1a |
logging_log_file(dspam_log_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type dspam_var_lib_t;
|
|
|
1ec3d1a |
files_type(dspam_var_lib_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type dspam_var_run_t;
|
|
|
1ec3d1a |
files_pid_file(dspam_var_run_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
# FIXME
|
|
|
1ec3d1a |
# /tmp/dspam.sock
|
|
|
1ec3d1a |
type dspam_tmp_t;
|
|
|
1ec3d1a |
files_tmp_file(dspam_tmp_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
# dspam local policy
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow dspam_t self:capability net_admin;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow dspam_t self:process { signal };
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow dspam_t self:fifo_file rw_fifo_file_perms;
|
|
|
1ec3d1a |
allow dspam_t self:unix_stream_socket create_stream_socket_perms;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_dirs_pattern(dspam_t, dspam_log_t, dspam_log_t)
|
|
|
1ec3d1a |
manage_files_pattern(dspam_t, dspam_log_t, dspam_log_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_dirs_pattern(dspam_t, dspam_var_lib_t, dspam_var_lib_t)
|
|
|
1ec3d1a |
manage_files_pattern(dspam_t, dspam_var_lib_t, dspam_var_lib_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_dirs_pattern(dspam_t, dspam_var_run_t, dspam_var_run_t)
|
|
|
1ec3d1a |
manage_files_pattern(dspam_t, dspam_var_run_t, dspam_var_run_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
manage_sock_files_pattern(dspam_t, dspam_tmp_t, dspam_tmp_t)
|
|
|
1ec3d1a |
files_tmp_filetrans(dspam_t, dspam_tmp_t, { sock_file })
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
# need to add the port tcp/10026 to corenetwork.te.in
|
|
|
1ec3d1a |
#allow dspam_t port_t:tcp_socket name_connect;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
auth_use_nsswitch(dspam_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
# for RHEL5
|
|
|
1ec3d1a |
libs_use_ld_so(dspam_t)
|
|
|
1ec3d1a |
libs_use_shared_libs(dspam_t)
|
|
|
1ec3d1a |
libs_read_lib_files(dspam_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
logging_send_syslog_msg(dspam_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
miscfiles_read_localization(dspam_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
optional_policy(`
|
|
|
1ec3d1a |
mysql_tcp_connect(dspam_t)
|
|
|
1ec3d1a |
mysql_search_db(dspam_t)
|
|
|
1ec3d1a |
mysql_stream_connect(dspam_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
optional_policy(`
|
|
|
1ec3d1a |
postgresql_tcp_connect(dspam_t)
|
|
|
1ec3d1a |
postgresql_stream_connect(dspam_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
#######################################
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
# dspam web local policy.
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
optional_policy(`
|
|
|
1ec3d1a |
apache_content_template(dspam)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
list_dirs_pattern(dspam_t, httpd_dspam_content_t, httpd_dspam_content_t)
|
|
|
1ec3d1a |
manage_dirs_pattern(dspam_t, httpd_dspam_content_rw_t, httpd_dspam_content_rw_t)
|
|
|
1ec3d1a |
manage_files_pattern(dspam_t, httpd_dspam_content_rw_t, httpd_dspam_content_rw_t)
|
|
|
1ec3d1a |
')
|
|
|
1ec3d1a |
|