Remove amavis and spamassassin policy modules

amavis.fc

@@ -1,28 +0,0 @@
-/etc/amavis(d)?\.conf	--	gen_context(system_u:object_r:amavis_etc_t,s0)
-/etc/amavisd(/.*)?	gen_context(system_u:object_r:amavis_etc_t,s0)
-
-/etc/rc\.d/init\.d/amavisd	--	gen_context(system_u:object_r:amavis_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/amavisd-snmp	--	gen_context(system_u:object_r:amavis_initrc_exec_t,s0)
-
-/usr/lib/AntiVir/antivir	--	gen_context(system_u:object_r:amavis_exec_t,s0)
-
-/usr/sbin/amavisd.*	--	gen_context(system_u:object_r:amavis_exec_t,s0)
-
-ifdef(`distro_debian',`
-/usr/sbin/amavisd-new-cronjob	--	gen_context(system_u:object_r:amavis_exec_t,s0)
-')
-
-/var/opt/f-secure(/.*)?	gen_context(system_u:object_r:amavis_var_lib_t,s0)
-
-/var/amavis(/.*)?	gen_context(system_u:object_r:amavis_var_lib_t,s0)
-
-/var/lib/amavis(/.*)?	gen_context(system_u:object_r:amavis_var_lib_t,s0)
-
-/var/log/amavisd\.log.*	--	gen_context(system_u:object_r:amavis_var_log_t,s0)
-
-/var/run/amavis(d)?(/.*)?	gen_context(system_u:object_r:amavis_var_run_t,s0)
-/var/run/amavisd-snmp-subagent\.pid	--	gen_context(system_u:object_r:amavis_var_run_t,s0)
-
-/var/spool/amavisd(/.*)?	gen_context(system_u:object_r:amavis_spool_t,s0)
-
-/var/virusmails(/.*)?	gen_context(system_u:object_r:amavis_quarantine_t,s0)

amavis.if

@@ -1,264 +0,0 @@
-## <summary>High-performance interface between an email server and content checkers.</summary>
-
-########################################
-## <summary>
-##	Execute a domain transition to run amavis.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`amavis_domtrans',`
-	gen_require(`
-		type amavis_t, amavis_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, amavis_exec_t, amavis_t)
-')
-
-########################################
-## <summary>
-##	Execute amavis server in the amavis domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`amavis_initrc_domtrans',`
-	gen_require(`
-		type amavis_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, amavis_initrc_exec_t)
-')
-
-########################################
-## <summary>
-##	Read amavis spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_read_spool_files',`
-	gen_require(`
-		type amavis_spool_t;
-	')
-
-	files_search_spool($1)
-	read_files_pattern($1, amavis_spool_t, amavis_spool_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	amavis spool files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_manage_spool_files',`
-	gen_require(`
-		type amavis_spool_t;
-	')
-
-	files_search_spool($1)
-	manage_dirs_pattern($1, amavis_spool_t, amavis_spool_t)
-	manage_files_pattern($1, amavis_spool_t, amavis_spool_t)
-')
-
-########################################
-## <summary>
-##	Create objects in the amavis spool directories
-##	with a private type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="private_type">
-##	<summary>
-##	Private file type.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	Class of the object being created.
-##	</summary>
-## </param>
-## <param name="name" optional="true">
-##	<summary>
-##	The name of the object being created.
-##	</summary>
-## </param>
-#
-interface(`amavis_spool_filetrans',`
-	gen_require(`
-		type amavis_spool_t;
-	')
-
-	files_search_spool($1)
-	filetrans_pattern($1, amavis_spool_t, $2, $3, $4)
-')
-
-########################################
-## <summary>
-##	Search amavis lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_search_lib',`
-	gen_require(`
-		type amavis_var_lib_t;
-	')
-
-	allow $1 amavis_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read amavis lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_read_lib_files',`
-	gen_require(`
-		type amavis_var_lib_t;
-	')
-
-	read_files_pattern($1, amavis_var_lib_t, amavis_var_lib_t)
-	allow $1 amavis_var_lib_t:dir list_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	amavis lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_manage_lib_files',`
-	gen_require(`
-		type amavis_var_lib_t;
-	')
-
-	manage_files_pattern($1, amavis_var_lib_t, amavis_var_lib_t)
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Set attributes of amavis pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_setattr_pid_files',`
-	gen_require(`
-		type amavis_var_run_t;
-	')
-
-	allow $1 amavis_var_run_t:file setattr_file_perms;
-	files_search_pids($1)
-')
-
-########################################
-## <summary>
-##	Create amavis pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`amavis_create_pid_files',`
-	gen_require(`
-		type amavis_var_run_t;
-	')
-
-	allow $1 amavis_var_run_t:dir add_entry_dir_perms;
-	allow $1 amavis_var_run_t:file create_file_perms;
-	files_search_pids($1)
-')
-
-########################################
-## <summary>
-##	All of the rules required to
-##	administrate an amavis environment.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`amavis_admin',`
-	gen_require(`
-		type amavis_t, amavis_tmp_t, amavis_var_log_t;
-		type amavis_spool_t, amavis_var_lib_t, amavis_var_run_t;
-		type amavis_etc_t, amavis_quarantine_t, amavis_initrc_exec_t;
-	')
-
-	allow $1 amavis_t:process { ptrace signal_perms };
-	ps_process_pattern($1, amavis_t)
-
-	amavis_initrc_domtrans($1)
- 	domain_system_change_exemption($1)
- 	role_transition $2 amavis_initrc_exec_t system_r;
- 	allow $2 system_r;
-
-	files_list_etc($1)
-	admin_pattern($1, amavis_etc_t)
-
-	admin_pattern($1, amavis_quarantine_t)
-
-	files_list_spool($1)
-	admin_pattern($1, amavis_spool_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, amavis_tmp_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, amavis_var_lib_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, amavis_var_log_t)
-
-	files_list_pids($1)
-	admin_pattern($1, amavis_var_run_t)
-')

amavis.te

@@ -1,216 +0,0 @@
-policy_module(amavis, 1.15.6)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Determine whether amavis can
-##	use JIT compiler.
-##	</p>
-## </desc>
-gen_tunable(amavis_use_jit, false)
-
-type amavis_t;
-type amavis_exec_t;
-init_daemon_domain(amavis_t, amavis_exec_t)
-
-type amavis_etc_t;
-files_config_file(amavis_etc_t)
-
-type amavis_initrc_exec_t;
-init_script_file(amavis_initrc_exec_t)
-
-type amavis_var_run_t;
-files_pid_file(amavis_var_run_t)
-
-type amavis_var_lib_t;
-files_type(amavis_var_lib_t)
-
-type amavis_var_log_t;
-logging_log_file(amavis_var_log_t)
-
-type amavis_tmp_t;
-files_tmp_file(amavis_tmp_t)
-
-type amavis_quarantine_t;
-files_type(amavis_quarantine_t)
-
-type amavis_spool_t;
-files_type(amavis_spool_t)
-
-type amavis_unit_t;
-init_unit_file(amavis_unit_t)
-
-########################################
-#
-# Local policy
-#
-allow amavis_t amavis_var_lib_t:file map;
-
-allow amavis_t self:capability { kill chown dac_override setgid setuid };
-dontaudit amavis_t self:capability sys_tty_config;
-allow amavis_t self:process signal_perms;
-allow amavis_t self:fifo_file rw_fifo_file_perms;
-allow amavis_t self:unix_stream_socket { accept connectto listen };
-allow amavis_t self:tcp_socket { listen accept };
-
-allow amavis_t amavis_etc_t:dir list_dir_perms;
-read_files_pattern(amavis_t, amavis_etc_t, amavis_etc_t)
-read_lnk_files_pattern(amavis_t, amavis_etc_t, amavis_etc_t)
-
-manage_dirs_pattern(amavis_t, amavis_quarantine_t, amavis_quarantine_t)
-manage_files_pattern(amavis_t, amavis_quarantine_t, amavis_quarantine_t)
-manage_sock_files_pattern(amavis_t, amavis_quarantine_t, amavis_quarantine_t)
-
-manage_dirs_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
-manage_files_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
-manage_lnk_files_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
-manage_sock_files_pattern(amavis_t, amavis_spool_t, amavis_spool_t)
-filetrans_pattern(amavis_t, amavis_spool_t, amavis_var_run_t, sock_file)
-
-manage_files_pattern(amavis_t, amavis_tmp_t, amavis_tmp_t)
-allow amavis_t amavis_tmp_t:dir setattr_dir_perms;
-files_tmp_filetrans(amavis_t, amavis_tmp_t, file)
-
-manage_dirs_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
-manage_files_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
-manage_lnk_files_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
-manage_sock_files_pattern(amavis_t, amavis_var_lib_t, amavis_var_lib_t)
-
-allow amavis_t amavis_var_log_t:dir setattr_dir_perms;
-manage_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
-manage_sock_files_pattern(amavis_t, amavis_var_log_t, amavis_var_log_t)
-logging_log_filetrans(amavis_t, amavis_var_log_t, { sock_file file dir })
-
-manage_dirs_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
-manage_files_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
-manage_sock_files_pattern(amavis_t, amavis_var_run_t, amavis_var_run_t)
-files_pid_filetrans(amavis_t, amavis_var_run_t, { dir file sock_file })
-
-can_exec(amavis_t, amavis_exec_t)
-
-kernel_read_kernel_sysctls(amavis_t)
-kernel_read_system_state(amavis_t)
-kernel_dontaudit_list_proc(amavis_t)
-kernel_dontaudit_read_proc_symlinks(amavis_t)
-
-corecmd_exec_bin(amavis_t)
-corecmd_exec_shell(amavis_t)
-
-corenet_all_recvfrom_unlabeled(amavis_t)
-corenet_all_recvfrom_netlabel(amavis_t)
-corenet_tcp_sendrecv_generic_if(amavis_t)
-corenet_udp_sendrecv_generic_if(amavis_t)
-corenet_tcp_sendrecv_generic_node(amavis_t)
-corenet_udp_sendrecv_generic_node(amavis_t)
-corenet_tcp_sendrecv_all_ports(amavis_t)
-corenet_udp_sendrecv_all_ports(amavis_t)
-corenet_tcp_bind_generic_node(amavis_t)
-corenet_udp_bind_generic_node(amavis_t)
-
-corenet_sendrecv_amavisd_send_client_packets(amavis_t)
-corenet_tcp_connect_amavisd_send_port(amavis_t)
-
-corenet_sendrecv_amavisd_recv_server_packets(amavis_t)
-corenet_tcp_bind_amavisd_recv_port(amavis_t)
-
-corenet_sendrecv_generic_server_packets(amavis_t)
-corenet_udp_bind_generic_port(amavis_t)
-corenet_dontaudit_udp_bind_all_ports(amavis_t)
-
-corenet_sendrecv_razor_client_packets(amavis_t)
-corenet_tcp_connect_razor_port(amavis_t)
-
-dev_read_rand(amavis_t)
-dev_read_sysfs(amavis_t)
-dev_read_urand(amavis_t)
-
-domain_use_interactive_fds(amavis_t)
-domain_dontaudit_read_all_domains_state(amavis_t)
-
-files_read_etc_runtime_files(amavis_t)
-files_read_usr_files(amavis_t)
-files_search_spool(amavis_t)
-
-fs_getattr_xattr_fs(amavis_t)
-
-auth_use_nsswitch(amavis_t)
-auth_dontaudit_read_shadow(amavis_t)
-
-init_read_state(amavis_t)
-init_read_utmp(amavis_t)
-init_stream_connect_script(amavis_t)
-
-logging_send_syslog_msg(amavis_t)
-
-miscfiles_read_localization(amavis_t)
-
-userdom_dontaudit_search_user_home_dirs(amavis_t)
-
-hostname_domtrans(amavis_t)
-
-gen_require(`
-	type lib_t;
-')
-allow amavis_t lib_t:file execute_no_trans;
-
-gen_require(`
-	type usr_t;
-')
-allow amavis_t usr_t:file map;
-
-tunable_policy(`amavis_use_jit',`
-	allow amavis_t self:process execmem;
-',`
-	dontaudit amavis_t self:process execmem;
-')
-
-optional_policy(`
-	clamav_stream_connect(amavis_t)
-	clamav_domtrans_clamscan(amavis_t)
-	clamav_read_state_clamd(amavis_t)
-')
-
-optional_policy(`
-	cron_use_fds(amavis_t)
-	cron_use_system_job_fds(amavis_t)
-	cron_rw_pipes(amavis_t)
-')
-
-optional_policy(`
-	dcc_domtrans_client(amavis_t)
-	dcc_stream_connect_dccifd(amavis_t)
-')
-
-optional_policy(`
-	mta_read_config(amavis_t)
-')
-
-optional_policy(`
-	postfix_read_config(amavis_t)
-	postfix_list_spool(amavis_t)
-')
-
-optional_policy(`
-	pyzor_domtrans(amavis_t)
-	pyzor_signal(amavis_t)
-')
-
-optional_policy(`
-	razor_domtrans(amavis_t)
-')
-
-optional_policy(`
-	snmp_manage_var_lib_dirs(amavis_t)
-	snmp_manage_var_lib_files(amavis_t)
-	snmp_stream_connect(amavis_t)
-')
-
-optional_policy(`
-	spamassassin_exec(amavis_t)
-	spamassassin_exec_client(amavis_t)
-	spamassassin_read_lib_files(amavis_t)
-')

spamassassin.fc

@@ -1,35 +0,0 @@
-HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamassassin_home_t,s0)
-HOME_DIR/\.spamd(/.*)?	gen_context(system_u:object_r:spamd_home_t,s0)
-
-/etc/rc\.d/init\.d/spamd	--	gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/spampd	--	gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/mimedefang.*	--	gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
-
-/usr/bin/sa-learn	--	gen_context(system_u:object_r:spamc_exec_t,s0)
-/usr/bin/spamassassin	--	gen_context(system_u:object_r:spamc_exec_t,s0)
-/usr/bin/spamc	--	gen_context(system_u:object_r:spamc_exec_t,s0)
-/usr/bin/spamd	--	gen_context(system_u:object_r:spamd_exec_t,s0)
-/usr/bin/sa-update	--	gen_context(system_u:object_r:spamd_update_exec_t,s0)
-
-/usr/sbin/spamd	--	gen_context(system_u:object_r:spamd_exec_t,s0)
-/usr/sbin/spampd	--	gen_context(system_u:object_r:spamd_exec_t,s0)
-/usr/bin/mimedefang	--	gen_context(system_u:object_r:spamd_exec_t,s0)
-/usr/bin/mimedefang-multiplexor	--	gen_context(system_u:object_r:spamd_exec_t,s0)
-
-/var/lib/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_var_lib_t,s0)
-/var/lib/spamassassin/compiled(/.*)?	gen_context(system_u:object_r:spamd_compiled_t,s0)
-/var/lib/spamd(/.*)?	gen_context(system_u:object_r:spamd_var_lib_t,s0)
-
-/var/log/spamd\.log.*	--	gen_context(system_u:object_r:spamd_log_t,s0)
-/var/log/mimedefang.*	--	gen_context(system_u:object_r:spamd_log_t,s0)
-
-/var/run/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
-/var/run/spamassassin\.pid --	gen_context(system_u:object_r:spamd_var_run_t,s0)
-
-/var/spool/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_spool_t,s0)
-/var/spool/spamd(/.*)?	gen_context(system_u:object_r:spamd_spool_t,s0)
-/var/spool/spampd(/.*)?	gen_context(system_u:object_r:spamd_spool_t,s0)
-/var/spool/MD-Quarantine(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
-/var/spool/MIMEDefang(/.*)?	gen_context(system_u:object_r:spamd_var_run_t,s0)
-
-/etc/mail/spamassassin(/.*)?	gen_context(system_u:object_r:spamd_etc_t,s0)

spamassassin.if

@@ -1,414 +0,0 @@
-## <summary>Filter used for removing unsolicited email.</summary>
-
-########################################
-## <summary>
-##	Role access for spamassassin.
-## </summary>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <param name="domain">
-##	<summary>
-##	User domain for the role.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_role',`
-	gen_require(`
-		type spamc_t, spamc_exec_t, spamc_tmp_t;
-		type spamassassin_t, spamassassin_exec_t, spamd_home_t;
-		type spamassassin_home_t, spamassassin_tmp_t;
-	')
-
-	role $1 types { spamc_t spamassassin_t };
-
-	domtrans_pattern($2, spamassassin_exec_t, spamassassin_t)
-	domtrans_pattern($2, spamc_exec_t, spamc_t)
-
-	allow $2 { spamc_t spamassassin_t}:process { ptrace signal_perms };
-	ps_process_pattern($2, { spamc_t spamassassin_t })
-
-	allow $2 { spamc_tmp_t spamd_home_t spamassassin_home_t spamassassin_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
-	allow $2 { spamc_tmp_t spamd_home_t spamassassin_home_t spamassassin_tmp_t }:file { manage_file_perms relabel_file_perms };
-	allow $2 { spamc_tmp_t spamd_home_t spamassassin_home_t spamassassin_tmp_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
-	userdom_user_home_dir_filetrans($2, spamassassin_home_t, dir, ".spamassassin")
-	userdom_user_home_dir_filetrans($2, spamd_home_t, dir, ".spamd")
-')
-
-########################################
-## <summary>
-##	Execute the standalone spamassassin
-##	program in the caller directory.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_exec',`
-	gen_require(`
-		type spamassassin_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, spamassassin_exec_t)
-')
-
-########################################
-## <summary>
-##	Send generic signals to spamd.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_signal_spamd',`
-	gen_require(`
-		type spamd_t;
-	')
-
-	allow $1 spamd_t:process signal;
-')
-
-########################################
-## <summary>
-##	Execute spamd in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_exec_spamd',`
-	gen_require(`
-		type spamd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, spamd_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute spamc in the spamc domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_domtrans_client',`
-	gen_require(`
-		type spamc_t, spamc_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, spamc_exec_t, spamc_t)
-')
-
-########################################
-## <summary>
-##	Execute spamc in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_exec_client',`
-	gen_require(`
-		type spamc_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, spamc_exec_t)
-')
-
-########################################
-## <summary>
-##	Send kill signals to spamc.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_kill_client',`
-	gen_require(`
-		type spamc_t;
-	')
-
-	allow $1 spamc_t:process sigkill;
-')
-
-########################################
-## <summary>
-##	Execute spamassassin standalone client
-##	in the user spamassassin domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_domtrans_local_client',`
-	gen_require(`
-		type spamassassin_t, spamassassin_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, spamassassin_exec_t, spamassassin_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	spamd home content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_manage_spamd_home_content',`
-	gen_require(`
-		type spamd_home_t;
-	')
-
-	userdom_search_user_home_dirs($1)
-	allow $1 spamd_home_t:dir manage_dir_perms;
-	allow $1 spamd_home_t:file manage_file_perms;
-	allow $1 spamd_home_t:lnk_file manage_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Relabel spamd home content.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_relabel_spamd_home_content',`
-	gen_require(`
-		type spamd_home_t;
-	')
-
-	userdom_search_user_home_dirs($1)
-	allow $1 spamd_home_t:dir relabel_dir_perms;
-	allow $1 spamd_home_t:file relabel_file_perms;
-	allow $1 spamd_home_t:lnk_file relabel_lnk_file_perms;
-')
-
-########################################
-## <summary>
-##	Create objects in user home
-##	directories with the spamd home type.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="object_class">
-##	<summary>
-##	Class of the object being created.
-##	</summary>
-## </param>
-## <param name="name" optional="true">
-##	<summary>
-##	The name of the object being created.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_home_filetrans_spamd_home',`
-	gen_require(`
-		type spamd_home_t;
-	')
-
-	userdom_user_home_dir_filetrans($1, spamd_home_t, $2, $3)
-')
-
-########################################
-## <summary>
-##	Read spamd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_read_lib_files',`
-	gen_require(`
-		type spamd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	spamd lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_manage_lib_files',`
-	gen_require(`
-		type spamd_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read spamd pid files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_read_spamd_pid_files',`
-	gen_require(`
-		type spamd_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, spamd_var_run_t, spamd_var_run_t)
-')
-
-########################################
-## <summary>
-##	Read temporary spamd files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_read_spamd_tmp_files',`
-	gen_require(`
-		type spamd_tmp_t;
-	')
-
-	allow $1 spamd_tmp_t:file read_file_perms;
-')
-
-########################################
-## <summary>
-##	Do not audit attempts to get
-##	attributes of temporary spamd sockets.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_dontaudit_getattr_spamd_tmp_sockets',`
-	gen_require(`
-		type spamd_tmp_t;
-	')
-
-	dontaudit $1 spamd_tmp_t:sock_file getattr;
-')
-
-########################################
-## <summary>
-##	Connect to spamd with a unix
-##	domain stream socket.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`spamassassin_stream_connect_spamd',`
-	gen_require(`
-		type spamd_t, spamd_var_run_t;
-	')
-
-	files_search_pids($1)
-	stream_connect_pattern($1, spamd_var_run_t, spamd_var_run_t, spamd_t)
-')
-
-########################################
-## <summary>
-##	All of the rules required to
-##	administrate an spamassassin environment.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`spamassassin_admin',`
-	gen_require(`
-		type spamd_t, spamd_tmp_t, spamd_log_t;
-		type spamd_spool_t, spamd_var_lib_t, spamd_var_run_t;
-		type spamd_initrc_exec_t;
-	')
-
-	allow $1 spamd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, spamd_t)
-
-	init_startstop_service($1, $2, spamd_t, spamd_initrc_exec_t)
-
-	files_list_tmp($1)
-	admin_pattern($1, spamd_tmp_t)
-
-	logging_list_logs($1)
-	admin_pattern($1, spamd_log_t)
-
-	files_list_spool($1)
-	admin_pattern($1, spamd_spool_t)
-
-	files_list_var_lib($1)
-	admin_pattern($1, spamd_var_lib_t)
-
-	files_list_pids($1)
-	admin_pattern($1, spamd_var_run_t)
-
-	# This makes it impossible to apply _admin if _role has already been applied
-	#spamassassin_role($2, $1)
-')
-
-interface(`spamd_initrc_domtrans',`
-        gen_require(`
-                type spamd_initrc_exec_t;
-        ')
-
-        init_labeled_script_domtrans($1, spamd_initrc_exec_t)
-')

spamassassin.te

@@ -1,566 +0,0 @@
-policy_module(spamassassin, 2.9.9)
-
-require {
-  type etc_mail_t;
-}
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-##	<p>
-##	Determine whether spamassassin
-##	clients can use the network.
-##	</p>
-## </desc>
-gen_tunable(spamassassin_can_network, false)
-
-## <desc>
-##	<p>
-##	Determine whether spamd can manage
-##	generic user home content.
-##	</p>
-## </desc>
-gen_tunable(spamd_enable_home_dirs, false)
-
-type spamd_update_t;
-type spamd_update_exec_t;
-init_system_domain(spamd_update_t, spamd_update_exec_t)
-
-type spamassassin_t;
-type spamassassin_exec_t;
-typealias spamassassin_t alias { user_spamassassin_t staff_spamassassin_t sysadm_spamassassin_t };
-typealias spamassassin_t alias { auditadm_spamassassin_t secadm_spamassassin_t };
-userdom_user_application_domain(spamassassin_t, spamassassin_exec_t)
-
-type spamassassin_home_t;
-typealias spamassassin_home_t alias { user_spamassassin_home_t staff_spamassassin_home_t sysadm_spamassassin_home_t };
-typealias spamassassin_home_t alias { auditadm_spamassassin_home_t secadm_spamassassin_home_t };
-userdom_user_home_content(spamassassin_home_t)
-
-type spamassassin_tmp_t;
-typealias spamassassin_tmp_t alias { user_spamassassin_tmp_t staff_spamassassin_tmp_t sysadm_spamassassin_tmp_t };
-typealias spamassassin_tmp_t alias { auditadm_spamassassin_tmp_t secadm_spamassassin_tmp_t };
-userdom_user_tmp_file(spamassassin_tmp_t)
-
-type spamc_t;
-type spamc_exec_t;
-typealias spamc_t alias { user_spamc_t staff_spamc_t sysadm_spamc_t };
-typealias spamc_t alias { auditadm_spamc_t secadm_spamc_t };
-userdom_user_application_domain(spamc_t, spamc_exec_t)
-role system_r types spamc_t;
-
-type spamc_tmp_t;
-typealias spamc_tmp_t alias { user_spamc_tmp_t staff_spamc_tmp_t sysadm_spamc_tmp_t };
-typealias spamc_tmp_t alias { auditadm_spamc_tmp_t secadm_spamc_tmp_t };
-userdom_user_tmp_file(spamc_tmp_t)
-
-type spamd_t;
-type spamd_exec_t;
-init_daemon_domain(spamd_t, spamd_exec_t)
-
-type spamd_compiled_t;
-files_type(spamd_compiled_t)
-
-type spamd_etc_t;
-files_config_file(spamd_etc_t)
-
-type spamd_home_t;
-userdom_user_home_content(spamd_home_t)
-
-type spamd_initrc_exec_t;
-init_script_file(spamd_initrc_exec_t)
-
-type spamd_log_t;
-logging_log_file(spamd_log_t)
-
-type spamd_spool_t;
-files_type(spamd_spool_t)
-
-type spamd_tmp_t;
-files_tmp_file(spamd_tmp_t)
-
-type spamd_var_lib_t;
-files_type(spamd_var_lib_t)
-
-type spamd_var_run_t;
-files_pid_file(spamd_var_run_t)
-
-type spamd_unit_t;
-init_unit_file(spamd_unit_t)
-
-########################################
-#
-# Standalone local policy
-#
-
-allow spamassassin_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow spamassassin_t self:fd use;
-allow spamassassin_t self:fifo_file rw_fifo_file_perms;
-allow spamassassin_t self:unix_dgram_socket sendto;
-allow spamassassin_t self:unix_stream_socket { accept connectto listen };
-
-manage_dirs_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
-manage_files_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
-manage_lnk_files_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
-manage_fifo_files_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
-manage_sock_files_pattern(spamassassin_t, spamassassin_home_t, spamassassin_home_t)
-userdom_user_home_dir_filetrans(spamassassin_t, spamassassin_home_t, dir, ".spamassassin")
-
-manage_dirs_pattern(spamassassin_t, spamassassin_tmp_t, spamassassin_tmp_t)
-manage_files_pattern(spamassassin_t, spamassassin_tmp_t, spamassassin_tmp_t)
-files_tmp_filetrans(spamassassin_t, spamassassin_tmp_t, { file dir })
-
-kernel_read_kernel_sysctls(spamassassin_t)
-
-dev_read_urand(spamassassin_t)
-
-fs_getattr_all_fs(spamassassin_t)
-fs_search_auto_mountpoints(spamassassin_t)
-
-domain_use_interactive_fds(spamassassin_t)
-
-files_read_etc_files(spamassassin_t)
-files_read_etc_runtime_files(spamassassin_t)
-files_list_home(spamassassin_t)
-files_read_usr_files(spamassassin_t)
-files_dontaudit_search_var(spamassassin_t)
-
-logging_send_syslog_msg(spamassassin_t)
-
-miscfiles_read_localization(spamassassin_t)
-
-sysnet_dns_name_resolve(spamassassin_t)
-
-tunable_policy(`spamassassin_can_network',`
-	allow spamassassin_t self:tcp_socket { accept listen };
-
-	corenet_all_recvfrom_unlabeled(spamassassin_t)
-	corenet_all_recvfrom_netlabel(spamassassin_t)
-	corenet_tcp_sendrecv_generic_if(spamassassin_t)
-	corenet_tcp_sendrecv_generic_node(spamassassin_t)
-	corenet_tcp_sendrecv_all_ports(spamassassin_t)
-
-	corenet_tcp_connect_all_ports(spamassassin_t)
-	corenet_sendrecv_all_client_packets(spamassassin_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(spamassassin_t)
-	fs_manage_nfs_files(spamassassin_t)
-	fs_manage_nfs_symlinks(spamassassin_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(spamassassin_t)
-	fs_manage_cifs_files(spamassassin_t)
-	fs_manage_cifs_symlinks(spamassassin_t)
-')
-
-optional_policy(`
-	tunable_policy(`spamassassin_can_network && allow_ypbind',`
-		nis_use_ypbind_uncond(spamassassin_t)
-	')
-')
-
-optional_policy(`
-	mta_read_config(spamassassin_t)
-	sendmail_stub(spamassassin_t)
-')
-
-########################################
-#
-# Client local policy
-#
-
-allow spamc_t self:capability dac_override;
-allow spamc_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow spamc_t self:fd use;
-allow spamc_t self:fifo_file rw_fifo_file_perms;
-allow spamc_t self:unix_dgram_socket sendto;
-allow spamc_t self:unix_stream_socket { accept connectto listen };
-allow spamc_t self:tcp_socket { accept listen };
-allow spamc_t node_t:udp_socket node_bind;
-
-manage_dirs_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)
-manage_files_pattern(spamc_t, spamc_tmp_t, spamc_tmp_t)
-files_tmp_filetrans(spamc_t, spamc_tmp_t, { file dir })
-
-manage_dirs_pattern(spamc_t, spamassassin_home_t, spamassassin_home_t)
-manage_files_pattern(spamc_t, spamassassin_home_t, spamassassin_home_t)
-manage_lnk_files_pattern(spamc_t, spamassassin_home_t, spamassassin_home_t)
-manage_fifo_files_pattern(spamc_t, spamassassin_home_t, spamassassin_home_t)
-manage_sock_files_pattern(spamc_t, spamassassin_home_t, spamassassin_home_t)
-userdom_user_home_dir_filetrans(spamc_t, spamassassin_home_t, dir, ".spamassassin")
-
-list_dirs_pattern(spamc_t, spamd_var_lib_t, spamd_var_lib_t)
-read_files_pattern(spamc_t, spamd_var_lib_t, spamd_var_lib_t)
-list_dirs_pattern(spamc_t, spamd_etc_t, spamd_etc_t)
-read_files_pattern(spamc_t, spamd_etc_t, spamd_etc_t)
-
-stream_connect_pattern(spamc_t, { spamd_var_run_t spamd_tmp_t }, { spamd_var_run_t spamd_tmp_t }, spamd_t)
-
-kernel_read_kernel_sysctls(spamc_t)
-kernel_read_system_state(spamc_t)
-
-corenet_all_recvfrom_unlabeled(spamc_t)
-corenet_all_recvfrom_netlabel(spamc_t)
-corenet_tcp_sendrecv_generic_if(spamc_t)
-corenet_tcp_sendrecv_generic_node(spamc_t)
-corenet_tcp_sendrecv_all_ports(spamc_t)
-
-corenet_sendrecv_all_client_packets(spamc_t)
-corenet_tcp_connect_all_ports(spamc_t)
-
-corecmd_exec_bin(spamc_t)
-
-domain_use_interactive_fds(spamc_t)
-
-fs_getattr_all_fs(spamc_t)
-fs_search_auto_mountpoints(spamc_t)
-
-files_read_etc_runtime_files(spamc_t)
-files_read_usr_files(spamc_t)
-files_dontaudit_search_var(spamc_t)
-files_list_home(spamc_t)
-files_list_var_lib(spamc_t)
-
-auth_use_nsswitch(spamc_t)
-
-logging_send_syslog_msg(spamc_t)
-
-miscfiles_read_localization(spamc_t)
-
-dovecot_domtrans_deliver(spamc_t)
-
-search_dirs_pattern(spamc_t, etc_mail_t, etc_mail_t)
-search_dirs_pattern(spamc_t, spamd_etc_t, spamd_etc_t)
-
-mysql_stream_connect(spamc_t)
-
-auth_read_shadow(spamc_t)
-corecmd_exec_shell(spamc_t)
-
-dev_read_urand(spamc_t)
-
-userdom_use_inherited_user_terminals(spamc_t)
-userdom_read_user_tmp_files(spamc_t)
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(spamc_t)
-	fs_manage_nfs_files(spamc_t)
-	fs_manage_nfs_symlinks(spamc_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(spamc_t)
-	fs_manage_cifs_files(spamc_t)
-	fs_manage_cifs_symlinks(spamc_t)
-')
-
-optional_policy(`
-	abrt_stream_connect(spamc_t)
-')
-
-optional_policy(`
-	amavis_manage_spool_files(spamc_t)
-')
-
-optional_policy(`
-	evolution_stream_connect(spamc_t)
-')
-
-optional_policy(`
-	milter_manage_spamass_state(spamc_t)
-')
-
-optional_policy(`
-	mta_send_mail(spamc_t)
-	mta_read_config(spamc_t)
-	mta_read_queue(spamc_t)
-	sendmail_rw_pipes(spamc_t)
-	sendmail_stub(spamc_t)
-')
-
-optional_policy(`
-	postfix_domtrans_postdrop(spamc_t)
-	postfix_search_spool(spamc_t)
-	postfix_rw_local_pipes(spamc_t)
-	postfix_rw_inherited_master_pipes(spamc_t)
-')
-
-########################################
-#
-# Daemon local policy
-#
-
-allow spamd_t self:capability { kill setuid setgid dac_override sys_tty_config };
-dontaudit spamd_t self:capability sys_tty_config;
-allow spamd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
-allow spamd_t self:fd use;
-allow spamd_t self:fifo_file rw_fifo_file_perms;
-allow spamd_t self:unix_dgram_socket sendto;
-allow spamd_t self:unix_stream_socket { accept connectto listen };
-allow spamd_t self:tcp_socket { accept listen };
-
-manage_dirs_pattern(spamd_t, spamd_home_t, spamd_home_t)
-manage_files_pattern(spamd_t, spamd_home_t, spamd_home_t)
-manage_lnk_files_pattern(spamd_t, spamd_home_t, spamd_home_t)
-manage_fifo_files_pattern(spamd_t, spamd_home_t, spamd_home_t)
-manage_sock_files_pattern(spamd_t, spamd_home_t, spamd_home_t)
-userdom_user_home_dir_filetrans(spamd_t, spamd_home_t, dir, ".spamd")
-
-manage_dirs_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
-manage_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
-manage_lnk_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
-manage_fifo_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
-manage_sock_files_pattern(spamd_t, spamassassin_home_t, spamassassin_home_t)
-userdom_user_home_dir_filetrans(spamd_t, spamassassin_home_t, dir, ".spamassassin")
-
-manage_dirs_pattern(spamd_t, spamd_compiled_t, spamd_compiled_t)
-manage_files_pattern(spamd_t, spamd_compiled_t, spamd_compiled_t)
-
-allow spamd_t spamd_log_t:file { append_file_perms create_file_perms setattr_file_perms };
-logging_log_filetrans(spamd_t, spamd_log_t, file)
-
-manage_dirs_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
-manage_files_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
-manage_sock_files_pattern(spamd_t, spamd_spool_t, spamd_spool_t)
-files_spool_filetrans(spamd_t, spamd_spool_t, { file dir })
-
-manage_dirs_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
-manage_files_pattern(spamd_t, spamd_tmp_t, spamd_tmp_t)
-files_tmp_filetrans(spamd_t, spamd_tmp_t, { file dir })
-
-allow spamd_t spamd_var_lib_t:dir list_dir_perms;
-manage_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
-manage_lnk_files_pattern(spamd_t, spamd_var_lib_t, spamd_var_lib_t)
-
-manage_dirs_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
-manage_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
-manage_sock_files_pattern(spamd_t, spamd_var_run_t, spamd_var_run_t)
-files_pid_filetrans(spamd_t, spamd_var_run_t, { file dir })
-
-list_dirs_pattern(spamd_t, spamd_etc_t, spamd_etc_t)
-read_files_pattern(spamd_t, spamd_etc_t, spamd_etc_t)
-
-search_dirs_pattern(spamd_t, etc_mail_t, etc_mail_t)
-
-can_exec(spamd_t, { spamd_exec_t spamd_compiled_t })
-
-kernel_read_all_sysctls(spamd_t)
-kernel_read_system_state(spamd_t)
-
-corecmd_exec_shell(spamd_t)
-
-corenet_all_recvfrom_unlabeled(spamd_t)
-corenet_all_recvfrom_netlabel(spamd_t)
-corenet_tcp_sendrecv_generic_if(spamd_t)
-corenet_udp_sendrecv_generic_if(spamd_t)
-corenet_tcp_sendrecv_generic_node(spamd_t)
-corenet_udp_sendrecv_generic_node(spamd_t)
-corenet_tcp_sendrecv_all_ports(spamd_t)
-corenet_udp_sendrecv_all_ports(spamd_t)
-corenet_tcp_bind_generic_node(spamd_t)
-corenet_udp_bind_generic_node(spamd_t)
-
-corenet_sendrecv_spamd_server_packets(spamd_t)
-corenet_tcp_bind_spamd_port(spamd_t)
-
-corenet_sendrecv_razor_client_packets(spamd_t)
-corenet_tcp_connect_razor_port(spamd_t)
-
-corenet_sendrecv_smtp_client_packets(spamd_t)
-corenet_tcp_connect_smtp_port(spamd_t)
-
-corenet_sendrecv_generic_server_packets(spamd_t)
-corenet_udp_bind_generic_port(spamd_t)
-
-corenet_sendrecv_imaze_server_packets(spamd_t)
-corenet_udp_bind_imaze_port(spamd_t)
-
-corenet_dontaudit_udp_bind_all_ports(spamd_t)
-
-corecmd_exec_bin(spamd_t)
-
-dev_read_sysfs(spamd_t)
-dev_read_urand(spamd_t)
-
-domain_use_interactive_fds(spamd_t)
-
-files_read_usr_files(spamd_t)
-files_read_etc_runtime_files(spamd_t)
-files_read_etc_files(spamd_t)
-
-fs_getattr_all_fs(spamd_t)
-fs_search_auto_mountpoints(spamd_t)
-
-auth_use_nsswitch(spamd_t)
-auth_dontaudit_read_shadow(spamd_t)
-
-init_dontaudit_rw_utmp(spamd_t)
-
-libs_use_ld_so(spamd_t)
-libs_use_shared_libs(spamd_t)
-
-logging_send_syslog_msg(spamd_t)
-
-miscfiles_read_localization(spamd_t)
-
-sysnet_use_ldap(spamd_t)
-
-userdom_use_unpriv_users_fds(spamd_t)
-
-tunable_policy(`spamd_enable_home_dirs',`
-	userdom_manage_user_home_content_dirs(spamd_t)
-	userdom_manage_user_home_content_files(spamd_t)
-	userdom_manage_user_home_content_symlinks(spamd_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
-	fs_manage_nfs_dirs(spamd_t)
-	fs_manage_nfs_files(spamd_t)
-	fs_manage_nfs_symlinks(spamd_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
-	fs_manage_cifs_dirs(spamd_t)
-	fs_manage_cifs_files(spamd_t)
-	fs_manage_cifs_symlinks(spamd_t)
-')
-
-optional_policy(`
-	amavis_manage_lib_files(spamd_t)
-')
-
-optional_policy(`
-	clamav_stream_connect(spamd_t)
-')
-
-optional_policy(`
-	cron_system_entry(spamd_t, spamd_exec_t)
-')
-
-optional_policy(`
-	daemontools_service_domain(spamd_t, spamd_exec_t)
-')
-
-optional_policy(`
-	dcc_domtrans_cdcc(spamd_t)
-	dcc_domtrans_client(spamd_t)
-	dcc_signal_client(spamd_t)
-	dcc_stream_connect_dccifd(spamd_t)
-')
-
-optional_policy(`
-	evolution_home_filetrans(spamd_t, spamd_tmp_t, { file sock_file })
-')
-
-optional_policy(`
-	exim_manage_spool_dirs(spamd_t)
-	exim_manage_spool_files(spamd_t)
-')
-
-optional_policy(`
-	milter_manage_spamass_state(spamd_t)
-')
-
-optional_policy(`
-	mysql_stream_connect(spamd_t)
-	mysql_tcp_connect(spamd_t)
-')
-
-optional_policy(`
-	postfix_read_config(spamd_t)
-')
-
-optional_policy(`
-	postgresql_stream_connect(spamd_t)
-	postgresql_tcp_connect(spamd_t)
-')
-
-optional_policy(`
-	pyzor_domtrans(spamd_t)
-	pyzor_signal(spamd_t)
-')
-
-optional_policy(`
-	razor_domtrans(spamd_t)
-	razor_read_lib_files(spamd_t)
-	razor_manage_home_content(spamd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(spamd_t)
-')
-
-optional_policy(`
-	sendmail_stub(spamd_t)
-	mta_read_config(spamd_t)
-	mta_send_mail(spamd_t)
-')
-
-optional_policy(`
-	udev_read_db(spamd_t)
-')
-
-########################################
-#
-# Update local policy
-#
-
-allow spamd_update_t self:capability dac_override;
-allow spamd_update_t self:fifo_file manage_fifo_file_perms;
-allow spamd_update_t self:unix_stream_socket create_stream_socket_perms;
-
-manage_dirs_pattern(spamd_update_t, spamd_tmp_t, spamd_tmp_t)
-manage_files_pattern(spamd_update_t, spamd_tmp_t, spamd_tmp_t)
-files_tmp_filetrans(spamd_update_t, spamd_tmp_t, { file dir })
-
-manage_dirs_pattern(spamd_update_t, spamd_var_lib_t, spamd_var_lib_t)
-manage_files_pattern(spamd_update_t, spamd_var_lib_t, spamd_var_lib_t)
-manage_lnk_files_pattern(spamd_update_t, spamd_var_lib_t, spamd_var_lib_t)
-
-kernel_read_system_state(spamd_update_t)
-
-corenet_all_recvfrom_unlabeled(spamd_update_t)
-corenet_all_recvfrom_netlabel(spamd_update_t)
-corenet_tcp_sendrecv_generic_if(spamd_update_t)
-corenet_tcp_sendrecv_generic_node(spamd_update_t)
-corenet_tcp_sendrecv_all_ports(spamd_update_t)
-
-corenet_sendrecv_http_client_packets(spamd_update_t)
-corenet_tcp_connect_http_port(spamd_update_t)
-corenet_tcp_sendrecv_http_port(spamd_update_t)
-
-corecmd_exec_bin(spamd_update_t)
-corecmd_exec_shell(spamd_update_t)
-
-dev_read_urand(spamd_update_t)
-
-domain_use_interactive_fds(spamd_update_t)
-
-files_read_usr_files(spamd_update_t)
-
-auth_use_nsswitch(spamd_update_t)
-auth_dontaudit_read_shadow(spamd_update_t)
-
-miscfiles_read_localization(spamd_update_t)
-
-userdom_use_user_terminals(spamd_update_t)
-
-optional_policy(`
-	cron_system_entry(spamd_update_t, spamd_update_exec_t)
-')
-
-# probably want a solution same as httpd_use_gpg since this will
-# give spamd_update a path to users gpg keys
-# optional_policy(`
-#	gpg_domtrans(spamd_update_t)
-# ')
-
-optional_policy(`
-	mta_read_config(spamd_update_t)
-')