## <summary>SASL authentication server</summary>

########################################

## <summary>

##	Connect to SASL.

## </summary>

## <param name="domain">

##	<summary>

##	Domain allowed access.

##	</summary>

## </param>

#

interface(`sasl_connect',`

	gen_require(`

		type saslauthd_t, saslauthd_var_run_t;

	')

	files_search_pids($1)

	stream_connect_pattern($1, saslauthd_var_run_t, saslauthd_var_run_t, saslauthd_t)

')

########################################

## <summary>

##	All of the rules required to administrate 

##	an sasl environment

## </summary>

## <param name="domain">

##	<summary>

##	Domain allowed access.

##	</summary>

## </param>

## <param name="role">

##	<summary>

##	Role allowed access.

##	</summary>

## </param>

## <rolecap/>

#

interface(`sasl_admin',`

	gen_require(`

		type saslauthd_t, saslauthd_var_run_t;

		type saslauthd_initrc_exec_t;

	')

	allow $1 saslauthd_t:process signal_perms;

	ps_process_pattern($1, saslauthd_t)

	tunable_policy(`deny_ptrace',`',`

		allow $1 saslauthd_t:process ptrace;

	')

	init_labeled_script_domtrans($1, saslauthd_initrc_exec_t)

	domain_system_change_exemption($1)

	role_transition $2 saslauthd_initrc_exec_t system_r;

	allow $2 system_r;

	files_list_pids($1)

	admin_pattern($1, saslauthd_var_run_t)

')