Chris PeBenito 17de1b
## <summary>Policy for sendmail.</summary>
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Sendmail stub interface.  No access allowed.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain" optional="true">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	N/A
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`sendmail_stub',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type sendmail_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Domain transition to sendmail.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`sendmail_domtrans',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type sendmail_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	mta_sendmail_domtrans($1,sendmail_t)
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	allow $1 sendmail_t:fd use;
Chris PeBenito 17de1b
	allow sendmail_t $1:fd use;
Chris PeBenito 17de1b
	allow sendmail_t $1:fifo_file rw_file_perms;
Chris PeBenito 17de1b
	allow sendmail_t $1:process sigchld;
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Read and write sendmail TCP sockets.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`sendmail_rw_tcp_sockets',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type sendmail_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	allow $1 sendmail_t:tcp_socket { read write };
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Read and write sendmail unix_stream_sockets.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`sendmail_rw_unix_stream_sockets',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type sendmail_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	allow $1 sendmail_t:unix_stream_socket { read write };
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito a39a93
##	Read sendmail logs.
Chris PeBenito a39a93
## </summary>
Chris PeBenito a39a93
## <param name="domain">
Chris PeBenito a39a93
##	<summary>
Chris PeBenito a39a93
##	Domain allowed access.
Chris PeBenito a39a93
##	</summary>
Chris PeBenito a39a93
## </param>
Chris PeBenito a39a93
## <rolecap/>
Chris PeBenito a39a93
#
Chris PeBenito a39a93
interface(`sendmail_read_log',`
Chris PeBenito a39a93
	gen_require(`
Chris PeBenito a39a93
		type sendmail_log_t;
Chris PeBenito a39a93
	')
Chris PeBenito a39a93
Chris PeBenito a39a93
	logging_search_logs($1)
Chris PeBenito a39a93
	read_files_pattern($1, sendmail_log_t, sendmail_log_t)
Chris PeBenito a39a93
')
Chris PeBenito a39a93
Chris PeBenito a39a93
########################################
Chris PeBenito a39a93
## <summary>
Chris PeBenito 17de1b
##	Create, read, write, and delete sendmail logs.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito bbcd3c
## <rolecap/>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`sendmail_manage_log',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type sendmail_log_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	logging_search_logs($1)
Chris PeBenito a39a93
	manage_files_pattern($1, sendmail_log_t, sendmail_log_t)
Chris PeBenito 17de1b
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
########################################
Chris PeBenito 17de1b
## <summary>
Chris PeBenito 17de1b
##	Create sendmail logs with the correct type.
Chris PeBenito 17de1b
## </summary>
Chris PeBenito 17de1b
## <param name="domain">
Chris PeBenito 17de1b
##	<summary>
Chris PeBenito 17de1b
##	Domain allowed access.
Chris PeBenito 17de1b
##	</summary>
Chris PeBenito 17de1b
## </param>
Chris PeBenito 17de1b
#
Chris PeBenito 17de1b
interface(`sendmail_create_log',`
Chris PeBenito 17de1b
	gen_require(`
Chris PeBenito 17de1b
		type sendmail_log_t;
Chris PeBenito 17de1b
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b
	logging_log_filetrans($1,sendmail_log_t,file)
Chris PeBenito 17de1b
')