policy_module(antivirus, 1.0.0)

########################################
#
# Declarations
#

## <desc>
##  <p>
##  Allow antivirus programs to read non security files on a system
##  </p>
## </desc>
gen_tunable(antivirus_can_scan_system, false)

attribute antivirus_domain;

type antivirus_db_t;
files_type(antivirus_db_t)

########################################
#
# antivirus domain local policy
#

manage_files_pattern(antivirus_domain, antivirus_db_t, antivirus_db_t)
manage_dirs_pattern(antivirus_domain, antivirus_db_t, antivirus_db_t)

optional_policy(`
	amavis_manage_spool_files(antivirus_domain)
')

tunable_policy(`antivirus_can_scan_system',`
        files_read_non_security_files(antivirus_domain)
        files_getattr_all_pipes(antivirus_domain)
        files_getattr_all_sockets(antivirus_domain)
')