# Sendmail (user mode) policy by Jon Crowley, MITRE Corporation
# based on a policy by Stephen Smalley, NAI Labs


# type for .forward files
type dot_forward_t, file_type;


#################################
#
# mail_domain(user_domain)
#
# Define a sendmail domain for a user domain.
#
define(`mail_domain',`

type $1_mail_t, domain, privlog, privuser, privrole;
type $1_mail_tmp_t, file_type, sysadmfile, tmpfile;

# Enter by the sendmail program.
domain_auto_trans($1_t, sendmail_exec_t, $1_mail_t)

# Use capabilities
allow $1_mail_t $1_mail_t:capability { setuid setgid net_bind_service chown dac_override dac_read_search };

# Use the network.
can_network($1_mail_t)

# Write to /var/spool/mqueue.
allow $1_mail_t mqueue_spool_t:dir rw_dir_perms;
allow $1_mail_t mqueue_spool_t:file create_file_perms;

# Write to /var/log/sendmail.st
file_type_auto_trans($1_mail_t, var_log_t, sendmail_var_log_t)

# Allow the mail_t to be able to read sendmail.cf and aliases.db
allow $1_mail_t etc_mail_t:lnk_file r_file_perms;
 
# Allow $1_mail_t to read and write to the statistics file
allow $1_mail_t sendmail_statistics_t:file r_file_perms;

# Allow $1_mail_t to search to search /etc, /lib, /var, /var/run, /etc/mail, 
# /var/spool/, /var/spool/mqueue, and /proc 
allow $1_mail_t etc_t:dir { search };
allow $1_mail_t lib_t:dir { search };
allow $1_mail_t var_t:dir { search };
allow $1_mail_t var_run_t:dir { search };
allow $1_mail_t etc_mail_t:dir { search };
allow $1_mail_t var_spool_t:dir { search };
allow $1_mail_t mqueue_spool_t:dir { search };
allow $1_mail_t proc_t:dir { search };


# Inherit and use descriptors from login.
allow $1_mail_t local_login_t:fd inherit_fd_perms;
allow $1_mail_t remote_login_t:fd inherit_fd_perms;

# Write to the user domain tty.
allow $1_mail_t $1_tty_device_t:chr_file rw_file_perms;
allow $1_mail_t $1_devpts_t:chr_file rw_file_perms;

# Inherit and use descriptors from gnome-pty-helper.
allow $1_mail_t $1_gph_t:fd inherit_fd_perms;

# Read from a user domain pipe.
allow $1_mail_t $1_t:fifo_file r_file_perms;

# Read/write user temporary files.
allow $1_mail_t $1_tmp_t:file rw_file_perms;

# Create dead.letter in user home directories.
allow $1_mail_t $1_home_t:dir rw_dir_perms;
allow $1_mail_t $1_home_t:file create_file_perms;

# read/write to statistics file
allow $1_mail_t etc_mail_t:file rw_file_perms;

# read .forward files
allow $1_mail_t dot_forward_t:file r_file_perms;

# can run procmail
# note this is auto_trans in case we are using unmodified sendmail
domain_auto_trans($1_mail_t, procmail_exec_t, procmail_t)

# needed for execve_secure call in modified sendmail
allow $1_mail_t procmail_t:process { transition };

# run smrsh as user
# note this is auto_trans in case we are using unmodified sendmail
domain_auto_trans($1_mail_t, smrsh_exec_t, $1_smrsh_t)

# needed for execve_secure call in modified sendmail
allow $1_mail_t $1_smrsh_t:process { transition };

')




##########################
#
#  cross user permissions
#
#  these occur when email gets sent between sysadm and user
#  with the modified sendmail
#

# sysadm_mail_t sending mail to user_smrsh_t
allow sysadm_mail_t user_smrsh_t:process { transition };
allow user_smrsh_t sysadm_mail_t:fd { use };

# user_mail_t sending mail to sysadm_smrsh_t
allow user_mail_t sysadm_smrsh_t:process { transition };
allow sysadm_smrsh_t user_mail_t:fd { use };