policy_module(aide, 1.8.0)

########################################
#
# Declarations
#

attribute_role aide_roles;

type aide_t;
type aide_exec_t;
application_domain(aide_t, aide_exec_t)
role aide_roles types aide_t;

type aide_log_t;
logging_log_file(aide_log_t)

type aide_db_t;
files_type(aide_db_t)

########################################
#
# Local policy
#

allow aide_t self:capability { dac_override fowner };

manage_files_pattern(aide_t, aide_db_t, aide_db_t)

create_files_pattern(aide_t, aide_log_t, aide_log_t)
append_files_pattern(aide_t, aide_log_t, aide_log_t)
setattr_files_pattern(aide_t, aide_log_t, aide_log_t)
logging_log_filetrans(aide_t, aide_log_t, file)

files_read_all_files(aide_t)
files_read_all_symlinks(aide_t)

logging_send_audit_msgs(aide_t)
logging_send_syslog_msg(aide_t)

userdom_use_user_terminals(aide_t)

optional_policy(`
	seutil_use_newrole_fds(aide_t)
')