policy_module(antivirus, 1.0.0)
########################################
#
# Declarations
#
## <desc>
## <p>
## Allow antivirus programs to read non security files on a system
## </p>
## </desc>
gen_tunable(antivirus_can_scan_system, false)
attribute antivirus_domain;
type antivirus_db_t;
files_type(antivirus_db_t)
########################################
#
# antivirus domain local policy
#
manage_files_pattern(antivirus_domain, antivirus_db_t, antivirus_db_t)
manage_dirs_pattern(antivirus_domain, antivirus_db_t, antivirus_db_t)
optional_policy(`
amavis_manage_spool_files(antivirus_domain)
')
tunable_policy(`antivirus_can_scan_system',`
files_read_non_security_files(antivirus_domain)
files_getattr_all_pipes(antivirus_domain)
files_getattr_all_sockets(antivirus_domain)
')