#

# Razor - Vipul's Razor is a distributed, collaborative, spam

#         detection and filtering network.

#

# Author:  David Hampton <hampton@employees.org>

#

# NOTE: This policy will work with either the ATrpms provided config

# file in /etc/razor, or with the default of dumping everything into

# $HOME/.razor.

##########

# Razor query application - from system_r applictions

##########

type razor_t, domain, privlog, daemon;

type razor_exec_t, file_type, sysadmfile, exec_type;

role system_r types razor_t;

razor_base_domain(razor)

# Razor config file directory.  When invoked as razor-admin, it can

# update files in this directory.

etcdir_domain(razor)

create_dir_file(razor_t, razor_etc_t);

# Shared razor files updated freuently

var_lib_domain(razor)

# Log files

log_domain(razor)

allow razor_t var_log_t:dir search;

ifdef(`logrotate.te', `

allow logrotate_t razor_log_t:file r_file_perms;

')

##########

##########

#

# Some spam filters executes the razor code directly.  Allow them access here.

#

define(`razor_access',`

r_dir_file($1, razor_etc_t)

allow $1 var_log_t:dir search;

allow $1 razor_log_t:file ra_file_perms;

r_dir_file($1, razor_var_lib_t)

r_dir_file($1, sysadm_razor_home_t)

can_network_client_tcp($1, razor_port_t)

allow $1 razor_port_t:tcp_socket name_connect;

')

ifdef(`spamd.te', `razor_access(spamd_t)');

ifdef(`amavis.te', `razor_access(amavisd_t)');