[selinux-policy: 834/3172] more postfix work

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:17:11 UTC 2010 

commit 88dd3896953827e1533c08b8525f879598133a91
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Oct 25 00:00:50 2005 +0000

    more postfix work

 refpolicy/policy/modules/services/mta.if      |   29 +++++++++------
 refpolicy/policy/modules/services/mta.te      |   15 ++++++--
 refpolicy/policy/modules/services/postfix.if  |   47 +++++++++++++++++++++++++
 refpolicy/policy/modules/services/postfix.te  |    4 ++
 refpolicy/policy/modules/services/ppp.te      |    4 ++
 refpolicy/policy/modules/system/files.if      |    3 +-
 refpolicy/policy/modules/system/init.te       |    1 +
 refpolicy/policy/modules/system/unconfined.te |    4 ++
 refpolicy/policy/modules/system/userdomain.if |   33 +++++++++++++++++
 9 files changed, 122 insertions(+), 18 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 479e58d..20ecf47 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -114,6 +114,17 @@ template(`mta_per_userdomain_template',`
 	userdom_use_user_terminals($1,$1_mail_t)
 	# Write to the user domain tty. cjp: why?
 	userdom_use_user_terminals($1,mta_user_agent)
+	# Create dead.letter in user home directories.
+	userdom_manage_user_home_subdir_files($1,$1_mail_t)
+	userdom_create_user_home($1,$1_mail_t,file)
+	# for reading .forward - maybe we need a new type for it?
+	# also for delivering mail to maildir
+	userdom_manage_user_home_subdirs($1,mailserver_delivery)
+	userdom_manage_user_home_subdir_files($1,mailserver_delivery)
+	userdom_manage_user_home_subdir_symlinks($1,mailserver_delivery)
+	userdom_manage_user_home_subdir_pipes($1,mailserver_delivery)
+	userdom_manage_user_home_subdir_sockets($1,mailserver_delivery)
+	userdom_create_user_home($1,mailserver_delivery,{ dir file lnk_file fifo_file sock_file })
 
 	tunable_policy(`use_samba_home_dirs',`
 		fs_manage_cifs_files($1_mail_t)
@@ -153,16 +164,10 @@ template(`mta_per_userdomain_template',`
 	# Inherit and use descriptors from gnome-pty-helper.
 	ifdef(`gnome-pty-helper.te', `allow $1_mail_t $1_gph_t:fd use;')
 
-	# Create dead.letter in user home directories.
-	file_type_auto_trans($1_mail_t, $1_home_dir_t, $1_home_t, file)
 	# if you do not want to allow dead.letter then use the following instead
 	#allow $1_mail_t { $1_home_dir_t $1_home_t }:dir r_dir_perms;
 	#allow $1_mail_t $1_home_t:file r_file_perms;
 
-	# for reading .forward - maybe we need a new type for it?
-	# also for delivering mail to maildir
-	file_type_auto_trans(mailserver_delivery, $1_home_dir_t, $1_home_t)
-
 	ifdef(`qmail.te', `
 		allow $1_mail_t qmail_etc_t:dir search;
 		allow $1_mail_t qmail_etc_t:{ file lnk_file } read;
@@ -254,10 +259,15 @@ interface(`mta_mailserver_sender',`
 interface(`mta_mailserver_delivery',`
 	gen_require(`
 		attribute mailserver_delivery;
+		type mail_spool_t;
 	')
 
 	typeattribute $1 mailserver_delivery;
 
+	allow $1 mail_spool_t:dir ra_dir_perms;
+	allow $1 mail_spool_t:file { create ioctl read getattr lock append };
+	allow $1 mail_spool_t:lnk_file { create read getattr };
+
 	optional_policy(`dovecot.te',`
 		dovecot_manage_spool($1)
 	')
@@ -301,11 +311,8 @@ interface(`mta_mailserver_user_agent',`
 #
 interface(`mta_send_mail',`
 	gen_require(`
+		attribute mta_user_agent;
 		type system_mail_t, sendmail_exec_t;
-		class lnk_file r_file_perms;
-		class process sigchld;
-		class fd use;
-		class fifo_file rw_file_perms;
 	')
 
 	allow $1 sendmail_exec_t:lnk_file r_file_perms;
@@ -316,11 +323,9 @@ interface(`mta_send_mail',`
 	allow system_mail_t $1:fifo_file rw_file_perms;
 	allow system_mail_t $1:process sigchld;
 
-	ifdef(`TODO',`
 	allow mta_user_agent $1:fd use;
 	allow mta_user_agent $1:process sigchld;
 	allow mta_user_agent $1:fifo_file { read write };
-	')
 ')
 
 #######################################
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index 271ac25..634838c 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -28,7 +28,7 @@ files_type(mail_spool_t)
 type sendmail_exec_t;
 files_type(sendmail_exec_t)
 
-type system_mail_t;
+type system_mail_t, user_mail_domain;
 domain_type(system_mail_t)
 domain_entry_file(system_mail_t,sendmail_exec_t)
 role system_r types system_mail_t;
@@ -107,6 +107,16 @@ ifdef(`targeted_policy',`
 	allow system_mail_t mqueue_spool_t:file create_file_perms;
 	allow system_mail_t mqueue_spool_t:lnk_file create_lnk_perms;
 
+	# for reading .forward - maybe we need a new type for it?
+	# also for delivering mail to maildir
+	# cjp: fix this to generic_user interfaces
+	userdom_manage_user_home_subdirs(user,mailserver_delivery)
+	userdom_manage_user_home_subdir_files(user,mailserver_delivery)
+	userdom_manage_user_home_subdir_symlinks(user,mailserver_delivery)
+	userdom_manage_user_home_subdir_pipes(user,mailserver_delivery)
+	userdom_manage_user_home_subdir_sockets(user,mailserver_delivery)
+	userdom_create_user_home(user,mailserver_delivery,{ dir file lnk_file fifo_file sock_file })
+
 # cjp: another require-in-else to resolve
 #	optional_policy(`postfix.te',`',`
 		corecmd_exec_bin(system_mail_t)
@@ -201,9 +211,6 @@ ifdef(`targeted_policy',`
 	r_dir_file(sysadm_mail_t, user_home_type)
 ')
 
-allow system_mail_t privmail:fd use;
-allow system_mail_t privmail:process sigchld;
-allow system_mail_t privmail:fifo_file { read write };
 
 optional_policy(`qmail.te',`
 	allow system_mail_t qmail_etc_t:dir search;
diff --git a/refpolicy/policy/modules/services/postfix.if b/refpolicy/policy/modules/services/postfix.if
index 66fa2be..1a6a435 100644
--- a/refpolicy/policy/modules/services/postfix.if
+++ b/refpolicy/policy/modules/services/postfix.if
@@ -66,6 +66,7 @@ template(`postfix_domain_template',`
 
 	files_read_etc_files(postfix_$1_t)
 	files_read_etc_runtime_files(postfix_$1_t)
+	files_read_usr_symlinks(postfix_$1_t)
 	files_search_spool(postfix_$1_t)
 	files_getattr_tmp_dir(postfix_$1_t)
 
@@ -176,6 +177,52 @@ interface(`postfix_read_config',`
 
 ########################################
 ## <summary>
+##	Execute postfix_map in the postfix_map domain.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`postfix_domtrans_map',`
+	gen_require(`
+		type postfix_map_t, postfix_map_exec_t;
+	')
+
+	domain_auto_trans($1,postfix_map_exec_t,postfix_map_t)
+
+	allow $1 postfix_map_t:fd use;
+	allow postfix_map_t $1:fd use;
+	allow postfix_map_t $1:fifo_file rw_file_perms;
+	allow postfix_map_t $1:process sigchld;
+')
+
+########################################
+## <summary>
+##	Execute postfix_map in the postfix_map domain, and
+##	allow the specified role the postfix_map domain.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+## <param name="role">
+##	The role to be allowed the postfix_map domain.
+## </param>
+## <param name="terminal">
+##	The type of the terminal allow the postfix_map domain to use.
+## </param>
+#
+interface(`postfix_run_map',`
+	gen_require(`
+		type postfix_map_t;
+	')
+
+	postfix_domtrans_map($1)
+	role $2 types postfix_map_t;
+	allow postfix_map_t $3:chr_file rw_term_perms;
+')
+
+########################################
+## <summary>
 ##	Execute the master postfix program in the
 ##	postfix_master domain.
 ## </summary>
diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te
index a25e13f..8a2b38b 100644
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@@ -480,6 +480,10 @@ allow postfix_showq_t postfix_postqueue_t:fd use;
 allow postfix_showq_t postfix_postqueue_t:fifo_file rw_file_perms;
 allow postfix_showq_t postfix_postqueue_t:process sigchld;
 
+# to write the mailq output, it really should not need read access!
+term_use_all_user_ptys(postfix_postqueue_t)
+term_use_all_user_ttys(postfix_postqueue_t)
+
 init_sigchld_script(postfix_postqueue_t)
 init_use_script_fd(postfix_postqueue_t)
 
diff --git a/refpolicy/policy/modules/services/ppp.te b/refpolicy/policy/modules/services/ppp.te
index 5054eab..5ba2635 100644
--- a/refpolicy/policy/modules/services/ppp.te
+++ b/refpolicy/policy/modules/services/ppp.te
@@ -198,6 +198,10 @@ optional_policy(`modutils.te',`
 	')
 ')
 
+optional_policy(`mta.te',`
+	mta_send_mail(pppd_t)
+')
+
 optional_policy(`nis.te',`
 	nis_use_ypbind(pppd_t)
 ')
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index fd793e9..471fd28 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -1363,12 +1363,11 @@ interface(`files_create_boot_flag',`
 interface(`files_read_etc_runtime_files',`
 	gen_require(`
 		type etc_t, etc_runtime_t;
-		class dir r_dir_perms;
-		class file r_file_perms;
 	')
 
 	allow $1 etc_t:dir r_dir_perms;
 	allow $1 etc_runtime_t:file r_file_perms;
+	allow $1 etc_runtime_t:lnk_file { getattr read };
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 0f3715c..faa6dfd 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -537,6 +537,7 @@ optional_policy(`mailman.te',`
 ')
 
 optional_policy(`mta.te',`
+	mta_send_mail(initrc_t)
 	mta_dontaudit_read_spool_symlink(initrc_t)
 ')
 
diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index 99fbe40..f3c237e 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -35,6 +35,10 @@ ifdef(`targeted_policy',`
 
 	userdom_unconfined(unconfined_t)
 
+	optional_policy(`postfix.te',`
+		postfix_domtrans_map(unconfined_t)
+	')
+
 	optional_policy(`samba.te',`
 		samba_domtrans_net(unconfined_t)
 	')
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 57edcc1..7b70a14 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -1006,6 +1006,39 @@ template(`userdom_search_user_home',`
 
 ########################################
 ## <summary>
+##	Create, read, write, and delete symbolic links
+##	in a user home subdirectory.
+## </summary>
+## <desc>
+##	<p>
+##	Create, read, write, and delete symbolic links
+##	in a user home subdirectory.
+##	</p>
+##	<p>
+##	This is a templated interface, and should only
+##	be called from a per-userdomain template.
+##	</p>
+## </desc>
+## <param name="userdomain_prefix">
+##	The prefix of the user domain (e.g., user
+##	is the prefix for user_t).
+## </param>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+#
+template(`userdom_manage_user_home_subdirs',`
+	gen_require(`
+		type $1_home_dir_t, $1_home_t;
+	')
+
+	files_search_home($2)
+	allow $2 $1_home_dir_t:dir rw_dir_perms;
+	allow $2 $1_home_t:dir manage_dir_perms;
+')
+
+########################################
+## <summary>
 ##	Read user home files.
 ## </summary>
 ## <desc>

More information about the scm-commits mailing list