[refpolicy] [PATCH v2 1/3] Initial policy for the mutt e-mail client

[sven.vermeulen@siphos.be (Sven Vermeulen)]

The mutt e-mail client is a terminal-based e-mail client. It is rich in
features (with many additional feature-patches lurking on the internet)
so it is assumed that this policy will grow in the future.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 mutt.fc |   10 ++++++
 mutt.if |   68 ++++++++++++++++++++++++++++++++++++++++++
 mutt.te |  100 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 178 insertions(+), 0 deletions(-)
 create mode 100644 mutt.fc
 create mode 100644 mutt.if
 create mode 100644 mutt.te

diff --git a/mutt.fc b/mutt.fc
new file mode 100644
index 0000000..9d64529
--- /dev/null
+++ b/mutt.fc
@@ -0,0 +1,10 @@
+HOME_DIR/\.mutt(/.*)?     gen_context(system_u:object_r:mutt_home_t,s0)
+HOME_DIR/\.muttrc      -- gen_context(system_u:object_r:mutt_conf_t,s0)
+HOME_DIR/\.mutt_cache	--	gen_context(system_u:object_r:mutt_home_t,s0)
+HOME_DIR/\.mutt_certificates	--	gen_context(system_u:object_r:mutt_home_t,s0)
+
+/etc/Muttrc	--	gen_context(system_u:object_r:mutt_etc_t,s0)
+/etc/Muttrc\.local	--	gen_context(system_u:object_r:mutt_etc_t,s0)
+/etc/mutt(/.*)?           gen_context(system_u:object_r:mutt_etc_t,s0)
+
+/usr/bin/mutt          -- gen_context(system_u:object_r:mutt_exec_t,s0)
diff --git a/mutt.if b/mutt.if
new file mode 100644
index 0000000..59f96e7
--- /dev/null
+++ b/mutt.if
@@ -0,0 +1,68 @@
+## <summary>Mutt e-mail client</summary>
+
+#######################################
+## <summary>
+##      The role for using the mutt application.
+## </summary>
+## <param name="role">
+##      <summary>
+##      The role associated with the user domain.
+##      </summary>
+## </param>
+## <param name="domain">
+##      <summary>
+##      The user domain.
+##      </summary>
+## </param>
+#
+interface(`mutt_role',`
+	gen_require(`
+		type mutt_t, mutt_exec_t, mutt_home_t, mutt_conf_t, mutt_etc_t;
+		type mutt_tmp_t;
+	')
+
+	role $1 types mutt_t;
+
+	domtrans_pattern($2, mutt_exec_t, mutt_t)
+	
+	allow $2 mutt_t:process { ptrace signal_perms };
+
+	manage_dirs_pattern($2, mutt_home_t, mutt_home_t)
+	manage_files_pattern($2, mutt_home_t, mutt_home_t)
+	
+	manage_dirs_pattern($2, mutt_conf_t, mutt_conf_t)
+	manage_files_pattern($2, mutt_conf_t, mutt_conf_t)
+
+	relabel_dirs_pattern($2, mutt_home_t, mutt_home_t)
+	relabel_files_pattern($2, mutt_home_t, mutt_home_t)
+	
+	relabel_dirs_pattern($2, mutt_conf_t, mutt_conf_t)
+	relabel_files_pattern($2, mutt_conf_t, mutt_conf_t)
+
+	relabel_dirs_pattern($2, mutt_tmp_t, mutt_tmp_t)
+	relabel_files_pattern($2, mutt_tmp_t, mutt_tmp_t)
+
+	ps_process_pattern($2, mutt_t)
+')	
+
+#######################################
+## <summary>
+##      Allow other domains to handle mutt's temporary files (used for instance
+##      for e-mail drafts)
+## </summary>
+## <param name="domain">
+##      <summary>
+##      The domain that is allowed read/write access to the temporary files
+##      </summary>
+## </param>
+#
+interface(`mutt_rw_tmp_files',`
+	gen_require(`
+		type mutt_tmp_t;
+	')
+
+	# The use of rw_files_pattern here is not needed, since this incurs the open privilege as well
+	allow $1 mutt_tmp_t:dir search_dir_perms;
+	allow $1 mutt_tmp_t:file { read write };
+	files_search_tmp($1)
+')
diff --git a/mutt.te b/mutt.te
new file mode 100644
index 0000000..60faae9
--- /dev/null
+++ b/mutt.te
@@ -0,0 +1,100 @@
+policy_module(mutt, 1.0.0)
+
+############################
+# 
+# Declarations
+#
+
+## <desc>
+## <p>
+##   Be able to manage user files (needed to support attachment handling)
+## </p>
+## </desc>
+gen_tunable(mutt_manage_user_content, false)
+
+type mutt_t;
+type mutt_exec_t;
+application_domain(mutt_t, mutt_exec_t)
+ubac_constrained(mutt_t)
+
+type mutt_conf_t;
+userdom_user_home_content(mutt_conf_t)
+
+type mutt_etc_t;
+files_config_file(mutt_etc_t)
+
+type mutt_home_t;
+userdom_user_home_content(mutt_home_t)
+
+type mutt_tmp_t;
+files_tmp_file(mutt_tmp_t)
+ubac_constrained(mutt_tmp_t)
+
+############################
+#
+# Local Policy Rules
+#
+
+allow mutt_t self:process signal_perms;
+allow mutt_t self:fifo_file rw_fifo_file_perms;
+
+manage_dirs_pattern(mutt_t, mutt_home_t, mutt_home_t)
+manage_files_pattern(mutt_t, mutt_home_t, mutt_home_t)
+userdom_user_home_dir_filetrans(mutt_t, mutt_home_t, { dir file })
+
+manage_dirs_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t)
+manage_files_pattern(mutt_t, mutt_tmp_t, mutt_tmp_t)
+files_tmp_filetrans(mutt_t, mutt_tmp_t, { file dir })
+
+read_files_pattern(mutt_t, mutt_etc_t, mutt_etc_t)
+
+read_files_pattern(mutt_t, mutt_conf_t, mutt_conf_t)
+
+
+kernel_read_system_state(mutt_t)
+
+corecmd_exec_bin(mutt_t)
+corecmd_exec_shell(mutt_t)
+
+corenet_all_recvfrom_netlabel(mutt_t)
+corenet_all_recvfrom_unlabeled(mutt_t)
+corenet_sendrecv_pop_client_packets(mutt_t)
+corenet_sendrecv_smtp_client_packets(mutt_t)
+corenet_tcp_bind_generic_node(mutt_t)
+corenet_tcp_connect_pop_port(mutt_t)
+corenet_tcp_connect_smtp_port(mutt_t)
+corenet_tcp_sendrecv_generic_if(mutt_t)
+corenet_tcp_sendrecv_generic_node(mutt_t)
+corenet_tcp_sendrecv_pop_port(mutt_t)
+corenet_tcp_sendrecv_smtp_port(mutt_t)
+
+dev_read_rand(mutt_t)
+dev_read_urand(mutt_t)
+
+domain_use_interactive_fds(mutt_t)
+
+files_read_usr_files(mutt_t)
+
+
+auth_use_nsswitch(mutt_t)
+
+miscfiles_read_localization(mutt_t)
+
+userdom_manage_xdg_cache_home(mutt_t)
+userdom_read_xdg_config_home(mutt_t)
+userdom_search_user_home_content(mutt_t)
+userdom_use_user_terminals(mutt_t)
+
+optional_policy(`
+	gpg_domtrans(mutt_t)
+')
+
+tunable_policy(`mutt_manage_user_content',`
+	# Needed for handling attachments
+	userdom_manage_user_home_content_files(mutt_t)
+	userdom_manage_user_home_content_dirs(mutt_t)
+')
+
+tunable_policy(`gentoo_try_dontaudit',`
+	kernel_dontaudit_search_sysctl(mutt_t)
+')
-- 
1.7.3.4