1 files changed, 58 insertions, 0 deletions

diff --git a/policy/modules/contrib/sasl.if b/policy/modules/contrib/sasl.if
new file mode 100644
index 00000000..f1aea88a
--- /dev/null
+++ b/policy/modules/contrib/sasl.if
@@ -0,0 +1,58 @@
+## <summary>SASL authentication server</summary>
+
+########################################
+## <summary>
+##	Connect to SASL.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`sasl_connect',`
+	gen_require(`
+		type saslauthd_t, saslauthd_var_run_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, saslauthd_var_run_t, saslauthd_var_run_t, saslauthd_t)
+')
+
+########################################
+## <summary>
+##	All of the rules required to administrate 
+##	an sasl environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`sasl_admin',`
+	gen_require(`
+		type saslauthd_t, saslauthd_tmp_t, saslauthd_var_run_t;
+		type saslauthd_initrc_exec_t;
+	')
+
+	allow $1 saslauthd_t:process { ptrace signal_perms getattr };
+	ps_process_pattern($1, saslauthd_t)
+
+	init_labeled_script_domtrans($1, saslauthd_initrc_exec_t)
+	domain_system_change_exemption($1)
+	role_transition $2 saslauthd_initrc_exec_t system_r;
+	allow $2 system_r;
+
+	files_list_tmp($1)
+	admin_pattern($1, saslauthd_tmp_t)
+
+	files_list_pids($1)
+	admin_pattern($1, saslauthd_var_run_t)
+')