policy_module(milter_dkim, 1.0.0)

########################################
#
# Declarations
#

milter_template(dkim)

# Type for the private key of dkim-filter
type milter_dkim_private_key_t;
files_type(milter_dkim_private_key_t)

########################################
#
# Local policy
#

allow milter_dkim_t self:capability { setgid setuid };

read_files_pattern(milter_dkim_t, milter_dkim_private_key_t, milter_dkim_private_key_t)

files_read_etc_files(milter_dkim_t)

kernel_read_kernel_sysctls(milter_dkim_t)

sysnet_dns_name_resolve(milter_dkim_t)

dev_read_urand(milter_dkim_t)

mta_read_config(milter_dkim_t)