From 3e6c816ddd8f3e9f7a9e0585d40ad8f8cfc73ad2 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Nov 15 2005 20:17:18 +0000
Subject: add procmail



---

diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 8e0730b..38b36c6 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -14,6 +14,7 @@
 	networkmanager
 	pegasus
 	postfix
+	procmail
 	radius
 	rpc
 	spamassassin
diff --git a/refpolicy/policy/modules.conf b/refpolicy/policy/modules.conf
index fa7af3c..d3c8605 100644
--- a/refpolicy/policy/modules.conf
+++ b/refpolicy/policy/modules.conf
@@ -704,19 +704,19 @@ lpd = base
 # 
 avahi = base
 
-# Layer: system
-# Module: unconfined
+# Layer: services
+# Module: procmail
 #
-# The unconfined domain.
+# Procmail mail delivery agent
 # 
-unconfined = base
+procmail = base
 
 # Layer: system
-# Module: authlogin
+# Module: unconfined
 #
-# Common policy for authentication and user login.
+# The unconfined domain.
 # 
-authlogin = base
+unconfined = base
 
 # Layer: system
 # Module: selinuxutil
@@ -866,3 +866,10 @@ libraries = base
 # 
 miscfiles = base
 
+# Layer: system
+# Module: authlogin
+#
+# Common policy for authentication and user login.
+# 
+authlogin = base
+
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index f797e16..ce05c76 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -536,6 +536,23 @@ interface(`mta_manage_spool',`
 ')
 
 #######################################
+## <summary>
+##	Do not audit attempts to read and
+##	write the mail queue.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
+#
+interface(`mta_dontaudit_rw_queue',`
+	gen_require(`
+		type mqueue_spool_t;
+	')
+
+	dontaudit $1 mqueue_spool_t:file { getattr read write };
+')
+
+#######################################
 #
 # mta_manage_queue(domain)
 #
diff --git a/refpolicy/policy/modules/services/postfix.if b/refpolicy/policy/modules/services/postfix.if
index 1a6a435..76d526a 100644
--- a/refpolicy/policy/modules/services/postfix.if
+++ b/refpolicy/policy/modules/services/postfix.if
@@ -177,6 +177,42 @@ interface(`postfix_read_config',`
 
 ########################################
 ## <summary>
+##	Do not audit attempts to read and
+##	write postfix local delivery
+##	TCP sockets.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
+#
+interface(`postfix_dontaudit_rw_local_tcp_socket',`
+	gen_require(`
+		type postfix_local_t;
+	')
+
+	dontaudit $1 postfix_local_t:tcp_socket { read write };
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to use
+##	postfix master process file
+##	file descriptors.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
+#
+interface(`postfix_dontaudit_use_fd',`
+	gen_require(`
+		type postfix_master_t;
+	')
+
+	dontaudit $1 postfix_master_t:fd use;
+')
+
+########################################
+## <summary>
 ##	Execute postfix_map in the postfix_map domain.
 ## </summary>
 ## <param name="domain">
diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te
index eec36bd..d59b072 100644
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@@ -1,5 +1,5 @@
 
-policy_module(postfix,1.0)
+policy_module(postfix,1.0.1)
 
 ########################################
 #
@@ -306,14 +306,9 @@ mta_delete_spool(postfix_local_t)
 # For reading spamassasin
 mta_read_config(postfix_local_t)
 
-ifdef(`TODO',`
-optional_policy(`procmail.te', `
-	domain_auto_trans(postfix_local_t, procmail_exec_t, procmail_t)
-	# for a bug in the postfix local program
-	dontaudit procmail_t postfix_local_t:tcp_socket { read write };
-	dontaudit procmail_t postfix_master_t:fd use;
+optional_policy(`procmail.te',`
+	procmail_domtrans(postfix_local_t)
 ')
-') dnl end TODO
 
 ########################################
 #
@@ -430,11 +425,9 @@ allow postfix_pipe_t postfix_private_t:sock_file write;
 allow postfix_pipe_t postfix_spool_t:dir search;
 allow postfix_pipe_t postfix_spool_t:file rw_file_perms;
 
-ifdef(`TODO',`
-optional_policy(`procmail.te', `
-domain_auto_trans(postfix_pipe_t, procmail_exec_t, procmail_t)
+optional_policy(`procmail.te',`
+	procmail_domtrans(postfix_pipe_t)
 ')
-') dnl end TODO
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/services/procmail.fc b/refpolicy/policy/modules/services/procmail.fc
new file mode 100644
index 0000000..5c335d4
--- /dev/null
+++ b/refpolicy/policy/modules/services/procmail.fc
@@ -0,0 +1,2 @@
+
+/usr/bin/procmail	--	gen_context(system_u:object_r:procmail_exec_t,s0)
diff --git a/refpolicy/policy/modules/services/procmail.if b/refpolicy/policy/modules/services/procmail.if
new file mode 100644
index 0000000..4d702db
--- /dev/null
+++ b/refpolicy/policy/modules/services/procmail.if
@@ -0,0 +1,24 @@
+## <summary>Procmail mail delivery agent</summary>
+
+########################################
+## <summary>
+##	Execute procmail with a domain transition.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`procmail_domtrans',`
+	gen_require(`
+		type procmail_exec_t, procmail_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	domain_auto_trans($1,procmail_exec_t,procmail_t)
+
+	allow $1 procmail_t:fd use;
+	allow procmail_t $1:fd use;
+	allow procmail_t $1:fifo_file rw_file_perms;
+	allow procmail_t $1:process sigchld;
+')
diff --git a/refpolicy/policy/modules/services/procmail.te b/refpolicy/policy/modules/services/procmail.te
new file mode 100644
index 0000000..1c32914
--- /dev/null
+++ b/refpolicy/policy/modules/services/procmail.te
@@ -0,0 +1,105 @@
+
+policy_module(procmail,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+# privhome only works until we define a different type for maildir
+type procmail_t, privhome;
+type procmail_exec_t;
+domain_type(procmail_t)
+domain_entry_file(procmail_t,procmail_exec_t)
+role system_r types procmail_t;
+
+########################################
+#
+# Local policy
+#
+
+allow procmail_t self:capability { sys_nice chown setuid setgid dac_override };
+allow procmail_t self:process { setsched fork sigchld signal };
+allow procmail_t self:fifo_file rw_file_perms;
+allow procmail_t self:unix_stream_socket create_socket_perms;
+allow procmail_t self:unix_dgram_socket create_socket_perms;
+allow procmail_t self:tcp_socket create_stream_socket_perms;
+allow procmail_t self:udp_socket create_socket_perms;
+
+kernel_read_system_state(procmail_t)
+kernel_read_kernel_sysctl(procmail_t)
+
+corenet_tcp_sendrecv_all_if(procmail_t)
+corenet_raw_sendrecv_all_if(procmail_t)
+corenet_udp_sendrecv_all_if(procmail_t)
+corenet_tcp_sendrecv_all_nodes(procmail_t)
+corenet_udp_sendrecv_all_nodes(procmail_t)
+corenet_raw_sendrecv_all_nodes(procmail_t)
+corenet_tcp_sendrecv_all_ports(procmail_t)
+corenet_udp_sendrecv_all_ports(procmail_t)
+corenet_tcp_bind_all_nodes(procmail_t)
+corenet_udp_bind_all_nodes(procmail_t)
+
+dev_read_urand(procmail_t)
+
+fs_getattr_xattr_fs(procmail_t)
+
+auth_use_nsswitch(procmail_t)
+
+corecmd_exec_bin(procmail_t)
+corecmd_exec_shell(procmail_t)
+corecmd_dontaudit_search_sbin(procmail_t)
+
+files_read_etc_files(procmail_t)
+files_read_etc_runtime_files(procmail_t)
+files_search_pids(procmail_t)
+# for spamassasin
+files_read_usr_files(procmail_t)
+
+libs_use_ld_so(procmail_t)
+libs_use_shared_libs(procmail_t)
+
+miscfiles_read_localization(procmail_t)
+
+userdom_priveleged_home_dir_manager(procmail_t)
+# Do not audit attempts to access /root.
+userdom_dontaudit_search_sysadm_home_dir(procmail_t)
+
+mta_manage_spool(procmail_t)
+
+ifdef(`hide_broken_symptoms',`
+	mta_dontaudit_rw_queue(procmail_t)
+')
+
+ifdef(`targeted_policy', `
+	corenet_udp_bind_generic_port(procmail_t)
+	files_getattr_tmp_dir(procmail_t)
+')
+
+optional_policy(`logging.te',`
+	logging_send_syslog_msg(procmail_t)
+')
+
+optional_policy(`nscd.te',`
+	nscd_use_socket(procmail_t)
+')
+
+optional_policy(`postfix.te',`
+	# for a bug in the postfix local program
+	postfix_dontaudit_rw_local_tcp_socket(procmail_t)
+	postfix_dontaudit_use_fd(procmail_t)
+')
+
+optional_policy(`sendmail.te',`
+	mta_read_config(procmail_t)
+	sendmail_rw_tcp_socket(procmail_t)
+')
+
+optional_policy(`spamassassin.te',`
+	corenet_udp_bind_generic_port(procmail_t)
+
+	files_getattr_tmp_dir(procmail_t)
+
+	spamassassin_exec(procmail_t)
+	spamassassin_exec_client(procmail_t)
+')
diff --git a/refpolicy/policy/modules/services/sendmail.if b/refpolicy/policy/modules/services/sendmail.if
index 8e109e5..0f03e70 100644
--- a/refpolicy/policy/modules/services/sendmail.if
+++ b/refpolicy/policy/modules/services/sendmail.if
@@ -19,15 +19,12 @@ interface(`sendmail_stub',`
 ##	Domain transition to sendmail.
 ## </summary>
 ## <param name="domain">
-##	The type of the process performing this action.
+##	Domain allowed access.
 ## </param>
 #
 interface(`sendmail_domtrans',`
 	gen_require(`
 		type sendmail_exec_t, sendmail_t;
-		class process sigchld;
-		class fd use;
-		class fifo_file rw_file_perms;
 	')
 
 	files_search_usr($1)
@@ -40,3 +37,18 @@ interface(`sendmail_domtrans',`
 	allow sendmail_t $1:process sigchld;
 ')
 
+########################################
+## <summary>
+##	Read and write sendmail TCP sockets.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`sendmail_rw_tcp_socket',`
+	gen_require(`
+		type sendmail_t;
+	')
+
+	allow $1 sendmail_t:tcp_socket { read write };
+')
diff --git a/refpolicy/policy/modules/services/spamassassin.if b/refpolicy/policy/modules/services/spamassassin.if
index ee9932a..1b56c32 100644
--- a/refpolicy/policy/modules/services/spamassassin.if
+++ b/refpolicy/policy/modules/services/spamassassin.if
@@ -1,3 +1,38 @@
 ## <summary>Filter used for removing unsolicited email.</summary>
 
 # cjp: TODO: integrate old spamassassin_macros.te
+
+########################################
+## <summary>
+##	Execute the standalone spamassassin
+##	program in the caller directory.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`spamassassin_exec',`
+	gen_require(`
+		type spamassassin_exec_t;
+	')
+
+	can_exec($1,spamassassin_exec_t)
+
+')
+
+########################################
+## <summary>
+##	Execute the spamassassin client
+##	program in the caller directory.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`spamassassin_exec_client',`
+	gen_require(`
+		type spamc_exec_t;
+	')
+
+	can_exec($1,spamc_exec_t)
+')
diff --git a/refpolicy/policy/modules/system/corecommands.if b/refpolicy/policy/modules/system/corecommands.if
index 087902e..2057f82 100644
--- a/refpolicy/policy/modules/system/corecommands.if
+++ b/refpolicy/policy/modules/system/corecommands.if
@@ -245,6 +245,23 @@ interface(`corecmd_search_sbin',`
 ')
 
 ########################################
+## <summary>
+##	Do not audit attempts to search
+##	sbin directories.
+## </summary>
+## <param name="domain">
+##	Domain to not audit.
+## </param>
+#
+interface(`corecmd_dontaudit_search_sbin',`
+	gen_require(`
+		type sbin_t;
+	')
+
+	dontaudit $1 sbin_t:dir search_dir_perms;
+')
+
+########################################
 #
 # corecmd_list_sbin(domain)
 #
diff --git a/refpolicy/policy/modules/system/corecommands.te b/refpolicy/policy/modules/system/corecommands.te
index 83ee798..2dde3dc 100644
--- a/refpolicy/policy/modules/system/corecommands.te
+++ b/refpolicy/policy/modules/system/corecommands.te
@@ -12,11 +12,6 @@ policy_module(corecommands,1.0.1)
 type bin_t;
 files_type(bin_t)
 
-ifdef(`targeted_policy',`
-	# cjp: temporary until procmail is added
-	typealias bin_t alias procmail_exec_t;
-')
-
 #
 # sbin_t is the type of files in the system sbin directories.
 #
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index c7b547c..34dd0b7 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -2827,7 +2827,7 @@ interface(`files_search_pids',`
 	')
 
 	allow $1 var_t:dir search_dir_perms;
-	allow $1 var_run_t:dir search;
+	allow $1 var_run_t:dir search_dir_perms;
 ')
 
 ########################################