## <summary>Policy common to all email tranfer agents.</summary>
#######################################
#
# Per user domain template for this module
#
# mta_per_userdomain_template(userdomain_prefix)
#
template(`mta_per_userdomain_template',`
type $1_mail_t; # , user_mail_domain
domain_type($1_mail_t)
role $1_r types $1_mail_t;
type $1_mail_tmp_t;
files_tmp_file($1_mail_tmp_t)
##############################
#
# $1_mail_t local policy
#
allow $1_mail_t self:capability { setuid setgid chown };
allow $1_mail_t self:process { signal_perms setrlimit };
# tcp networking
allow $1_mail_t self:tcp_socket create_socket_perms;
# re-exec itself
can_exec($1_mail_t, sendmail_exec_t)
allow $1_mail_t sendmail_exec_t:lnk_file r_file_perms;
# Transition from the user domain to the derived domain.
domain_auto_trans($1_t, sendmail_exec_t, $1_mail_t)
allow $1_t sendmail_exec_t:lnk_file { getattr read };
allow $1_t $1_mail_t:fd use;
allow $1_mail_t $1_t:fd use;
allow $1_mail_t $1_t:fifo_file rw_file_perms;
allow $1_mail_t $1_t:process sigchld;
kernel_read_kernel_sysctl($1_mail_t)
corenet_tcp_sendrecv_all_if($1_mail_t)
corenet_raw_sendrecv_all_if($1_mail_t)
corenet_tcp_sendrecv_all_nodes($1_mail_t)
corenet_raw_sendrecv_all_nodes($1_mail_t)
corenet_tcp_sendrecv_all_ports($1_mail_t)
corenet_tcp_bind_all_nodes($1_mail_t)
domain_use_wide_inherit_fd($1_mail_t)
libs_use_ld_so($1_mail_t)
libs_use_shared_libs($1_mail_t)
corecmd_exec_bin($1_mail_t)
corecmd_search_sbin($1_mail_t)
files_read_etc_files($1_mail_t)
files_search_spool($1_mail_t)
logging_send_syslog_msg($1_mail_t)
miscfiles_read_localization($1_mail_t)
sysnet_read_config($1_mail_t)
tunable_policy(`use_dns',`
allow $1_mail_t self:udp_socket create_socket_perms;
corenet_udp_sendrecv_all_if($1_mail_t)
corenet_udp_sendrecv_all_nodes($1_mail_t)
corenet_udp_bind_all_nodes($1_mail_t)
corenet_udp_sendrecv_dns_port($1_mail_t)
')
tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_files($1_mail_t)
fs_manage_cifs_symlinks($1_mail_t)
')
optional_policy(`nis.te',`
nis_use_ypbind($1_mail_t)
')
optional_policy(`nscd.te',`
nscd_use_socket($1_mail_t)
')
optional_policy(`procmail.te',`
procmail_execute($1_mail_t)
')
ifdef(`TODO',`
allow $1_mail_t device_t:dir search;
# It wants to check for nscd
dontaudit $1_mail_t var_run_t:dir search;
# For when the user wants to send mail via port 25 localhost
can_tcp_connect($1_t, mail_server_domain)
# Read user temporary files.
allow $1_mail_t $1_tmp_t:file r_file_perms;
dontaudit $1_mail_t $1_tmp_t:file append;
ifdef(`postfix.te',`
# postfix seems to need write access if the file handle is opened read/write
allow $1_mail_t $1_tmp_t:file write;
')
allow mta_user_agent $1_tmp_t:file r_file_perms;
# Write to the user domain tty.
allow mta_user_agent $1_tty_device_t:chr_file rw_file_perms;
allow mta_user_agent devpts_t:dir r_dir_perms;
allow mta_user_agent $1_devpts_t:chr_file rw_file_perms;
allow $1_mail_t $1_tty_device_t:chr_file rw_file_perms;
allow $1_mail_t devpts_t:dir r_dir_perms;
allow $1_mail_t $1_devpts_t:chr_file rw_file_perms;
# Inherit and use descriptors from gnome-pty-helper.
ifdef(`gnome-pty-helper.te', `allow $1_mail_t $1_gph_t:fd use;')
# Create dead.letter in user home directories.
file_type_auto_trans($1_mail_t, $1_home_dir_t, $1_home_t, file)
# if you do not want to allow dead.letter then use the following instead
#allow $1_mail_t { $1_home_dir_t $1_home_t }:dir r_dir_perms;
#allow $1_mail_t $1_home_t:file r_file_perms;
# for reading .forward - maybe we need a new type for it?
# also for delivering mail to maildir
file_type_auto_trans(mta_delivery_agent, $1_home_dir_t, $1_home_t)
ifdef(`qmail.te', `
allow $1_mail_t qmail_etc_t:dir search;
allow $1_mail_t qmail_etc_t:{ file lnk_file } read;
')
') dnl end TODO
')
#######################################
#
# mta_mailserver(domain,entrypointtype)
#
interface(`mta_mailserver',`
gen_require(`
attribute mailserver_domain;
')
init_daemon_domain($1,$2)
typeattribute $1 mailserver_domain;
')
########################################
## <summary>
## Modified mailserver interface for
## sendmail daemon use.
## </summary>
## <desc>
## <p>
## A modified MTA mail server interface for
## the sendmail program. It's design does
## not fit well with policy, and using the
## regular interface causes a type_transition
## conflict if direct running of init scripts
## is enabled.
## </p>
## <p>
## This interface should most likely only be used
## by the sendmail policy.
## </p>
## </desc>
## <param name="domain">
## The type to be used for the mail server.
## </param>
## <param name="entry_point">
## The type to be used for the domain entry point program.
## </param>
interface(`mta_sendmail_mailserver',`
gen_require(`
attribute mailserver_domain;
type sendmail_exec_t;
')
init_system_domain($1,sendmail_exec_t)
typeattribute $1 mailserver_domain;
')
#######################################
#
# mta_send_mail(domain)
#
interface(`mta_send_mail',`
gen_require(`
type system_mail_t, sendmail_exec_t;
class lnk_file r_file_perms;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
')
allow $1 sendmail_exec_t:lnk_file r_file_perms;
domain_auto_trans($1, sendmail_exec_t, system_mail_t)
allow $1 system_mail_t:fd use;
allow system_mail_t $1:fd use;
allow system_mail_t $1:fifo_file rw_file_perms;
allow system_mail_t $1:process sigchld;
')
#######################################
#
# mta_exec(domain)
#
interface(`mta_exec',`
gen_require(`
type sendmail_exec_t;
')
can_exec($1, sendmail_exec_t)
')
########################################
## <desc>
## Read mail address aliases.
## </desc>
## <param name="domain">
## The type of the process performing this action.
## </param>
#
interface(`mta_read_aliases',`
gen_require(`
type etc_aliases_t;
class file r_file_perms;
')
files_search_etc($1)
allow $1 etc_aliases_t:file r_file_perms;
')
#######################################
#
# mta_rw_aliases(domain)
#
interface(`mta_rw_aliases',`
gen_require(`
type etc_aliases_t;
class file { rw_file_perms setattr };
')
files_search_etc($1)
allow sendmail_t etc_aliases_t:file { rw_file_perms setattr };
')
#######################################
## <summary>
## Do not audit attempts to read a symlink
## in the mail spool.
## </summary>
## <param name="domain">
## Domain allowed access.
## </param>
#
interface(`mta_dontaudit_read_spool_symlink',`
gen_require(`
type mail_spool_t;
class lnk_file read;
')
dontaudit $1 mail_spool_t:lnk_file read;
')
#######################################
#
# mta_getattr_spool(domain)
#
interface(`mta_getattr_spool',`
gen_require(`
type mail_spool_t;
class dir r_dir_perms;
class file getattr;
class lnk_file read;
')
files_search_spool($1)
allow $1 mail_spool_t:dir r_dir_perms;
allow $1 mail_spool_t:lnk_file read;
allow $1 mail_spool_t:file getattr;
')
#######################################
#
# mta_rw_spool(domain)
#
interface(`mta_rw_spool',`
gen_require(`
type mail_spool_t;
class dir r_dir_perms;
class lnk_file { getattr read };
class file { rw_file_perms setattr };
')
files_search_spool($1)
allow $1 mail_spool_t:dir r_dir_perms;
allow $1 mail_spool_t:lnk_file { getattr read };
allow $1 mail_spool_t:file { rw_file_perms setattr };
')
#######################################
#
# mta_manage_spool(domain)
#
interface(`mta_manage_spool',`
gen_require(`
type mail_spool_t;
class dir rw_dir_perms;
class lnk_file { getattr read };
class file create_file_perms;
')
files_search_spool($1)
allow $1 mail_spool_t:dir rw_dir_perms;
allow $1 mail_spool_t:lnk_file { getattr read };
allow $1 mail_spool_t:file create_file_perms;
')
#######################################
#
# mta_manage_queue(domain)
#
interface(`mta_manage_queue',`
gen_require(`
type mqueue_spool_t;
class dir rw_dir_perms;
class file create_file_perms;
')
files_search_spool($1)
allow $1 mqueue_spool_t:dir rw_dir_perms;
allow $1 mqueue_spool_t:file create_file_perms;
')