# smrsh policy by Jon Crowley, MITRE Corporation


#################################
# smrsh and related permissions


# smrsh executable type
type smrsh_exec_t, file_type, exec_type;

# etc smrsh directory and contents
type etc_smrsh_t, file_type, exec_type, sysadmfile;


define(`smrsh_domain',`
 
# smrsh runs in its own domain
type $1_smrsh_t, domain;
 
# smrsh runs the specified program within a shell
allow $1_smrsh_t shell_exec_t:file { entrypoint execute_no_trans execute };
 
# Allow smrsh to use the the pipe between it and sendmail
allow $1_smrsh_t $1_mail_t:fd { use };
allow $1_smrsh_t $1_mail_t:fifo_file { read write ioctl }; 
allow $1_smrsh_t sendmail_t:fd { use }; 
allow $1_smrsh_t sendmail_t:fifo_file { read write ioctl }; 

# sendmail can transition to smrsh
#domain_auto_trans(sendmail_t, smrsh_exec_t, $1_smrsh_t)

# can execute programs within /etc/smrsh
can_exec($1_smrsh_t, etc_smrsh_t)
allow $1_smrsh_t etc_smrsh_t:dir r_dir_perms;
 
# can run perl
can_exec($1_smrsh_t, script_interpreters_t)
 
# Allow a mailbot to append to a file in a
# users home directory
allow $1_smrsh_t user_home_t:file { append };
 
# Allow smrsh to search the users home directory
# to be able to find the .forward file
allow $1_smrsh_t $1_home_t:dir { search };

 
')


# cross user permissions
#
# these are used when a user sends email to a local sysadm
# and vice versa

allow user_smrsh_t sysadm_smrsh_t:fd { use };
allow user_smrsh_t sysadm_mail_t:fifo_file { read write ioctl };
allow user_smrsh_t sysadm_mail_t:process { sigchld };

allow sysadm_smrsh_t user_smrsh_t:fd { use };
allow sysadm_smrsh_t user_mail_t:fifo_file { read write ioctl };
allow sysadm_smrsh_t user_mail_t:process { sigchld };