[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Sun, 22 Apr 2018 05:01:08 -0700 

commit:     70cfb901fc6c8a692295ebb15914e13fc6e1223e
Author:     James Carter <jwcart2 <AT> tycho <DOT> nsa <DOT> gov>
AuthorDate: Wed Apr 11 18:56:36 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 22 11:53:03 2018 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=70cfb901

Move use of sendmail_exec_t from sendmail.te to mta.te

The type sendmail_exec_t is actually declared in mta.te.

Created mta.if:mta_sendmail_entry_point() to make sendmail_exec_t
usable as an entry point for a domain.

Modified sendmail.te to use the new interface along with the
application_type() interface to replace the call to
application_domain() using sendmail_exec_t.

Signed-off-by: James Carter <jwcart2 <AT> tycho.nsa.gov>

 policy/modules/contrib/mta.if      | 19 +++++++++++++++++++
 policy/modules/contrib/sendmail.te |  3 ++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/policy/modules/contrib/mta.if b/policy/modules/contrib/mta.if
index 4384caae..f98346fe 100644
--- a/policy/modules/contrib/mta.if
+++ b/policy/modules/contrib/mta.if
@@ -536,6 +536,25 @@ interface(`mta_sendmail_exec',`
        can_exec($1, sendmail_exec_t)
 ')
 
+########################################
+## <summary>
+##     Make sendmail usable as an entry
+##      point for the domain.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain to be entered.
+##     </summary>
+## </param>
+#
+interface(`mta_sendmail_entry_point',`
+       gen_require(`
+               type sendmail_exec_t;
+       ')
+
+       domain_entry_file($1, sendmail_exec_t)
+')
+
 ########################################
 ## <summary>
 ##     Read mail server configuration content.

diff --git a/policy/modules/contrib/sendmail.te 
b/policy/modules/contrib/sendmail.te
index 8d2669ee..3503f315 100644
--- a/policy/modules/contrib/sendmail.te
+++ b/policy/modules/contrib/sendmail.te
@@ -32,7 +32,8 @@ mta_mailserver_sender(sendmail_t)
 role sendmail_roles types sendmail_t;
 
 type unconfined_sendmail_t;
-application_domain(unconfined_sendmail_t, sendmail_exec_t)
+application_type(unconfined_sendmail_t)
+mta_sendmail_entry_point(unconfined_sendmail_t)
 role sendmail_unconfined_roles types unconfined_sendmail_t;
 
 ########################################

Reply via email to