1
# Macros for MTA domains.
5
# Author: Russell Coker <russell@coker.com.au>
6
# Based on the work of: Stephen Smalley <sds@epoch.ncsc.mil>
11
# mail_domain(domain_prefix)
13
# Define a derived domain for the sendmail program when executed by
14
# a user domain to send outgoing mail. These domains are separate and
15
# independent of the domain used for the sendmail daemon process.
17
# The type declaration for the executable type for this program is
18
# provided separately in domains/program/mta.te.
20
undefine(`mail_domain')
21
define(`mail_domain',`
22
# Derived domain based on the calling user domain and the program.
23
type $1_mail_t, domain, privlog, user_mail_domain;
25
ifdef(`sendmail.te', `
26
sendmail_user_domain($1)
29
can_exec($1_mail_t, sendmail_exec_t)
30
allow $1_mail_t sendmail_exec_t:lnk_file { getattr read };
32
# The user role is authorized for this domain.
33
role $1_r types $1_mail_t;
36
can_network($1_mail_t)
38
allow $1_mail_t self:unix_dgram_socket create_socket_perms;
39
allow $1_mail_t self:unix_stream_socket create_socket_perms;
41
read_locale($1_mail_t)
42
read_sysctl($1_mail_t)
43
allow $1_mail_t device_t:dir search;
44
allow $1_mail_t { var_t var_spool_t }:dir search;
45
allow $1_mail_t self:process { fork signal_perms setrlimit };
46
allow $1_mail_t sbin_t:dir search;
48
# It wants to check for nscd
49
dontaudit $1_mail_t var_run_t:dir search;
52
allow $1_mail_t self:capability { setuid setgid chown };
55
can_exec($1_mail_t, bin_t)
57
can_exec($1_mail_t, procmail_exec_t)')
59
ifelse(`$1', `system', `
60
# Transition from a system domain to the derived domain.
61
domain_auto_trans(privmail, sendmail_exec_t, system_mail_t)
62
allow privmail sendmail_exec_t:lnk_file { getattr read };
64
# Read cron temporary files.
65
allow system_mail_t system_crond_tmp_t:file { read getattr ioctl };
66
allow mta_user_agent system_crond_tmp_t:file { read getattr };
67
allow system_mail_t initrc_devpts_t:chr_file { read write getattr };
70
# For when the user wants to send mail via port 25 localhost
71
can_tcp_connect($1_t, mail_server_domain)
73
# Transition from the user domain to the derived domain.
74
domain_auto_trans($1_t, sendmail_exec_t, $1_mail_t)
75
allow $1_t sendmail_exec_t:lnk_file { getattr read };
77
# Read user temporary files.
78
allow $1_mail_t $1_tmp_t:file r_file_perms;
79
dontaudit $1_mail_t $1_tmp_t:file append;
81
# postfix seems to need write access if the file handle is opened read/write
82
allow $1_mail_t $1_tmp_t:file write;
85
allow mta_user_agent $1_tmp_t:file { read getattr };
87
allow mta_user_agent { $1_devpts_t $1_tty_device_t }:chr_file { getattr read write };
89
# Write to the user domain tty.
90
allow $1_mail_t { $1_tty_device_t $1_devpts_t devtty_t }:chr_file rw_file_perms;
92
# Inherit and use descriptors from gnome-pty-helper.
93
ifdef(`gnome-pty-helper.te', `allow $1_mail_t $1_gph_t:fd use;')
94
allow $1_mail_t { $1_t privfd }:fd use;
96
# Create dead.letter in user home directories.
97
file_type_auto_trans($1_mail_t, $1_home_dir_t, $1_home_t, file)
99
# if you do not want to allow dead.letter then use the following instead
100
#allow $1_mail_t { $1_home_dir_t $1_home_t }:dir r_dir_perms;
101
#allow $1_mail_t $1_home_t:file r_file_perms;
103
# for reading .forward - maybe we need a new type for it?
104
# also for delivering mail to maildir
105
file_type_auto_trans(mta_delivery_agent, $1_home_dir_t, $1_home_t)
108
allow $1_mail_t etc_t:file { getattr read };
110
allow $1_mail_t qmail_etc_t:dir search;
111
allow $1_mail_t qmail_etc_t:{ file lnk_file } read;