[selinux-policy: 167/3172] add more parts to send_mail and drop transition since its more then a transition

[Daniel J Walsh]

commit c6a3a22457e59c13ad09ca1332b9c1f4c20b8b8a
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri May 13 20:52:28 2005 +0000

    add more parts to send_mail and drop transition since its more then a transition

 refpolicy/policy/modules/services/mta.if |   15 +++++++++++----
 1 files changed, 11 insertions(+), 4 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 0200795..6f47072 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -165,22 +165,29 @@ type sendmail_exec_t;
 
 #######################################
 #
-# mta_send_mail_transition(domain)
+# mta_send_mail(domain)
 #
-define(`mta_send_mail_transition',`
+define(`mta_send_mail',`
 requires_block_template(`$0'_depend)
 allow $1 sendmail_exec_t:lnk_file { getattr read };
 allow $1 sendmail_exec_t:file { getattr read execute };
 allow $1 system_mail_t:process transition;
 type_transition $1 sendmail_exec_t:file system_mail_t;
 dontaudit $1 system_mail_t:process { noatsecure siginh rlimitinh };
+
+allow $1 system_mail_t:fd use;
+allow system_mail_t $1:process sigchld;
+allow system_mail_t $1:fd use;
+allow system_mail_t $1:fifo_file { ioctl read getattr lock write append };
 ')
 
-define(`mta_send_mail_transition_depend',`
+define(`mta_send_mail_depend',`
 type system_mail_t, sendmail_exec_t;
 class file { getattr read execute };
 class lnk_file { getattr read };
-class process { transition noatsecure siginh rlimitinh };
+class process { transition noatsecure siginh rlimitinh sigchld };
+class fd use;
+class fifo_file { ioctl read getattr lock write append };
 ')
 
 #######################################