[selinux-policy: 3125/3172] Internal interaction goes before external interface calls.

Thu Oct 7 23:37:54 UTC 2010

commit 1507cc2a79e7331d270b4fc531c03bd1f115f2bf
Author: Dominick Grift <domg472 at gmail.com>
Date:   Fri Sep 24 09:55:47 2010 +0200

    Internal interaction goes before external interface calls.

 policy/modules/services/spamassassin.te |   15 ++++++++-------
 1 files changed, 8 insertions(+), 7 deletions(-)
---

diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te
index 019f357..1befa13 100644
--- a/policy/modules/services/spamassassin.te
+++ b/policy/modules/services/spamassassin.te
@@ -252,11 +252,6 @@ allow spamc_t self:unix_dgram_socket sendto;
 allow spamc_t self:unix_stream_socket connectto;
 allow spamc_t self:tcp_socket create_stream_socket_perms;
 allow spamc_t self:udp_socket create_socket_perms;
-corenet_all_recvfrom_unlabeled(spamc_t)
-corenet_all_recvfrom_netlabel(spamc_t)
-corenet_tcp_sendrecv_generic_if(spamc_t)
-corenet_tcp_sendrecv_generic_node(spamc_t)
-corenet_tcp_connect_spamd_port(spamc_t)
 
 can_exec(spamc_t, spamc_exec_t)
 
@@ -272,6 +267,9 @@ manage_sock_files_pattern(spamc_t, spamc_home_t, spamc_home_t)
 userdom_user_home_dir_filetrans(spamc_t, spamc_home_t, { dir file lnk_file sock_file fifo_file })
 userdom_append_user_home_content_files(spamc_t)
 
+list_dirs_pattern(spamc_t, spamd_var_lib_t, spamd_var_lib_t)
+read_files_pattern(spamc_t, spamd_var_lib_t, spamd_var_lib_t)
+
 # Allow connecting to a local spamd
 allow spamc_t spamd_t:unix_stream_socket connectto;
 allow spamc_t spamd_tmp_t:sock_file rw_sock_file_perms;
@@ -290,6 +288,11 @@ corenet_tcp_sendrecv_all_ports(spamc_t)
 corenet_udp_sendrecv_all_ports(spamc_t)
 corenet_tcp_connect_all_ports(spamc_t)
 corenet_sendrecv_all_client_packets(spamc_t)
+corenet_all_recvfrom_unlabeled(spamc_t)
+corenet_all_recvfrom_netlabel(spamc_t)
+corenet_tcp_sendrecv_generic_if(spamc_t)
+corenet_tcp_sendrecv_generic_node(spamc_t)
+corenet_tcp_connect_spamd_port(spamc_t)
 
 fs_search_auto_mountpoints(spamc_t)
 
@@ -309,8 +312,6 @@ files_dontaudit_search_var(spamc_t)
 # cjp: this may be removable:
 files_list_home(spamc_t)
 files_list_var_lib(spamc_t)
-list_dirs_pattern(spamc_t, spamd_var_lib_t, spamd_var_lib_t)
-read_files_pattern(spamc_t, spamd_var_lib_t, spamd_var_lib_t)
 
 fs_search_auto_mountpoints(spamc_t)
 
