Chris PeBenito b9e523
## <summary>Milter mail filters</summary>
Chris PeBenito b9e523
Chris PeBenito b9e523
########################################
Chris PeBenito b9e523
## <summary>
Chris PeBenito b9e523
##	Create a set of derived types for various
Chris PeBenito b9e523
##	mail filter applications using the milter interface.
Chris PeBenito b9e523
## </summary>
Chris PeBenito b9e523
## <param name="milter_name">
Chris PeBenito b9e523
##	<summary>
Chris PeBenito b9e523
##	The name to be used for deriving type names.
Chris PeBenito b9e523
##	</summary>
Chris PeBenito b9e523
## </param>
Chris PeBenito b9e523
#
Chris PeBenito b9e523
template(`milter_template',`
Chris PeBenito b9e523
	# attributes common to all milters
Chris PeBenito b9e523
	gen_require(`
Chris PeBenito b9e523
		attribute milter_data_type, milter_domains;
Chris PeBenito b9e523
	')
Chris PeBenito b9e523
Chris PeBenito b9e523
	type $1_milter_t, milter_domains;
Chris PeBenito b9e523
	type $1_milter_exec_t;
Chris PeBenito b9e523
	init_daemon_domain($1_milter_t, $1_milter_exec_t)
Chris PeBenito b9e523
	role system_r types $1_milter_t;
Chris PeBenito b9e523
Chris PeBenito b9e523
	# Type for the milter data (e.g. the socket used to communicate with the MTA)
Chris PeBenito b9e523
	type $1_milter_data_t, milter_data_type;
Chris PeBenito b9e523
	files_type($1_milter_data_t);
Chris PeBenito b9e523
Chris PeBenito b9e523
	allow $1_milter_t self:fifo_file rw_fifo_file_perms;
Chris PeBenito b9e523
Chris PeBenito b9e523
	# Allow communication with MTA over a unix-domain socket
Chris PeBenito b9e523
	# Note: usage with TCP sockets requires additional policy
Chris PeBenito b9e523
	manage_sock_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
Chris PeBenito b9e523
Chris PeBenito b9e523
	# Create other data files and directories in the data directory
Chris PeBenito b9e523
	manage_files_pattern($1_milter_t, $1_milter_data_t, $1_milter_data_t)
Chris PeBenito b9e523
Chris PeBenito b9e523
	miscfiles_read_localization($1_milter_t)
Chris PeBenito b9e523
Chris PeBenito b9e523
	logging_send_syslog_msg($1_milter_t)
Chris PeBenito b9e523
')
Chris PeBenito b9e523
Chris PeBenito b9e523
########################################
Chris PeBenito b9e523
## <summary>
Chris PeBenito b9e523
##	MTA communication with milter sockets
Chris PeBenito b9e523
## </summary>
Chris PeBenito b9e523
## <param name="domain">
Chris PeBenito b9e523
##	<summary>
Chris PeBenito b9e523
##	Domain allowed access.
Chris PeBenito b9e523
##	</summary>
Chris PeBenito b9e523
## </param>
Chris PeBenito b9e523
#
Chris PeBenito b9e523
interface(`milter_stream_connect_all',`
Chris PeBenito b9e523
	gen_require(`
Chris PeBenito b9e523
		attribute milter_data_type, milter_domains;
Chris PeBenito b9e523
	')
Chris PeBenito b9e523
Chris PeBenito b9e523
	getattr_dirs_pattern($1, milter_data_type, milter_data_type)
Chris PeBenito b9e523
	stream_connect_pattern($1, milter_data_type, milter_data_type, milter_domains)
Chris PeBenito b9e523
')
Chris PeBenito b9e523
Chris PeBenito b9e523
########################################
Chris PeBenito b9e523
## <summary>
Chris PeBenito b9e523
##	Allow getattr of milter sockets
Chris PeBenito b9e523
## </summary>
Chris PeBenito b9e523
## <param name="domain">
Chris PeBenito b9e523
##	<summary>
Chris PeBenito b9e523
##	Domain allowed access.
Chris PeBenito b9e523
##	</summary>
Chris PeBenito b9e523
## </param>
Chris PeBenito b9e523
#
Chris PeBenito b9e523
interface(`milter_getattr_all_sockets',`
Chris PeBenito b9e523
	gen_require(`
Chris PeBenito b9e523
		attribute milter_data_type;
Chris PeBenito b9e523
	')
Chris PeBenito b9e523
Chris PeBenito b9e523
	getattr_dirs_pattern($1, milter_data_type, milter_data_type)
Chris PeBenito b9e523
	getattr_sock_files_pattern($1, milter_data_type, milter_data_type)
Chris PeBenito b9e523
')