Chris PeBenito fa45da
## <summary>Aide filesystem integrity checker</summary>
Chris PeBenito fa45da
Chris PeBenito fa45da
########################################
Chris PeBenito fa45da
## <summary>
Chris PeBenito fa45da
##      Execute aide in the aide domain
Chris PeBenito fa45da
## </summary>
Chris PeBenito fa45da
## <param name="domain">
Chris PeBenito fa45da
##      <summary>
Chris PeBenito fa45da
##      Domain allowed access.
Chris PeBenito fa45da
##      </summary>
Chris PeBenito fa45da
## </param>
Chris PeBenito fa45da
#
Chris PeBenito fa45da
interface(`aide_domtrans',`
Chris PeBenito fa45da
        gen_require(`
Chris PeBenito fa45da
                type aide_t, aide_exec_t;
Chris PeBenito fa45da
        ')
Chris PeBenito fa45da
Chris PeBenito 8021cb
	corecmd_search_bin($1)
Chris PeBenito 0bfccd
        domtrans_pattern($1, aide_exec_t, aide_t)
Chris PeBenito fa45da
')
Chris PeBenito fa45da
Chris PeBenito fa45da
Chris PeBenito fa45da
########################################
Chris PeBenito fa45da
## <summary>
Chris PeBenito fa45da
##	Execute aide programs in the AIDE domain.
Chris PeBenito fa45da
## </summary>
Chris PeBenito fa45da
## <param name="domain">
Chris PeBenito fa45da
##	<summary>
Chris PeBenito fa45da
##	Domain allowed access.
Chris PeBenito fa45da
##	</summary>
Chris PeBenito fa45da
## </param>
Chris PeBenito fa45da
## <param name="role">
Chris PeBenito fa45da
##	<summary>
Chris PeBenito fa45da
##	The role to allow the AIDE domain.
Chris PeBenito fa45da
##	</summary>
Chris PeBenito fa45da
## </param>
Chris PeBenito fa45da
## <param name="terminal">
Chris PeBenito fa45da
##	<summary>
Chris PeBenito fa45da
##	The type of the terminal allow the AIDE domain to use.
Chris PeBenito fa45da
##	</summary>
Chris PeBenito fa45da
## </param>
Chris PeBenito fa45da
#
Chris PeBenito fa45da
interface(`aide_run',`
Chris PeBenito fa45da
	gen_require(`
Chris PeBenito fa45da
		type aide_t;
Chris PeBenito fa45da
	')
Chris PeBenito fa45da
Chris PeBenito fa45da
	aide_domtrans($1)
Chris PeBenito fa45da
	role $2 types aide_t;
Chris PeBenito c0868a
	allow aide_t $3:chr_file rw_chr_file_perms;
Chris PeBenito fa45da
')
Chris PeBenito ee6608
Chris PeBenito ee6608
########################################
Chris PeBenito ee6608
## <summary>
Chris PeBenito ee6608
##	All of the rules required to administrate 
Chris PeBenito ee6608
##	an aide environment
Chris PeBenito ee6608
## </summary>
Chris PeBenito ee6608
## <param name="domain">
Chris PeBenito ee6608
##	<summary>
Chris PeBenito ee6608
##	Domain allowed access.
Chris PeBenito ee6608
##	</summary>
Chris PeBenito ee6608
## </param>
Chris PeBenito ee6608
## <rolecap/>
Chris PeBenito ee6608
#
Chris PeBenito ee6608
interface(`aide_admin',`
Chris PeBenito ee6608
	gen_require(`
Chris PeBenito ee6608
		type aide_t, aide_db_t, aide_log_t;
Chris PeBenito ee6608
	')
Chris PeBenito ee6608
Chris PeBenito ee6608
	allow $1 aide_t:process { ptrace signal_perms };
Chris PeBenito ee6608
	ps_process_pattern($1, aide_t)
Chris PeBenito ee6608
Chris PeBenito ee6608
	files_list_etc($1)
Chris PeBenito ee6608
	manage_files_pattern($1, aide_db_t, aide_db_t)
Chris PeBenito ee6608
Chris PeBenito ee6608
	logging_list_logs($1)
Chris PeBenito b34db7
	manage_files_pattern($1, aide_log_t, aide_log_t)
Chris PeBenito ee6608
')