policy_module(chkrootkit, 1.1.0)

########################################
#
# Declarations
#

attribute_role chkrootkit_roles;

type chkrootkit_t;
type chkrootkit_exec_t;
application_domain(chkrootkit_t, chkrootkit_exec_t)
role chkrootkit_roles types chkrootkit_t;

type chkrootkit_log_t;
logging_log_file(chkrootkit_log_t)

########################################
#
# Application local policy
#

allow chkrootkit_t self:capability { dac_read_search setuid sys_ptrace };
allow chkrootkit_t self:fifo_file rw_fifo_file_perms;
allow chkrootkit_t self:udp_socket { create ioctl };

kernel_read_all_sysctls(chkrootkit_t)
kernel_getattr_proc(chkrootkit_t)
kernel_read_network_state(chkrootkit_t)
kernel_getattr_message_if(chkrootkit_t)

corecmd_exec_bin(chkrootkit_t)
corecmd_exec_shell(chkrootkit_t)

dev_getattr_fs(chkrootkit_t)
dev_read_rand(chkrootkit_t)
dev_read_urand(chkrootkit_t)
dev_getattr_all_chr_files(chkrootkit_t)

domain_read_all_domains_state(chkrootkit_t)
domain_use_interactive_fds(chkrootkit_t)
domain_getattr_all_sockets(chkrootkit_t)
domain_getattr_all_pipes(chkrootkit_t)

files_read_non_auth_files(chkrootkit_t)
files_read_all_symlinks(chkrootkit_t)
files_read_all_chr_files(chkrootkit_t)
files_getattr_all_pipes(chkrootkit_t)

fs_getattr_xattr_fs(chkrootkit_t)

init_signal(chkrootkit_t)

logging_send_syslog_msg(chkrootkit_t)

miscfiles_read_localization(chkrootkit_t)

term_getattr_unallocated_ttys(chkrootkit_t)

userdom_use_inherited_user_terminals(chkrootkit_t)

usermanage_check_exec_passwd(chkrootkit_t)

ifdef(`init_systemd',`
	# start as systemd timer
	init_system_domain(chkrootkit_t, chkrootkit_exec_t)
')

optional_policy(`
	cron_system_entry(chkrootkit_t, chkrootkit_exec_t)
	cron_exec_crontab(chkrootkit_t)
')

optional_policy(`
	ssh_exec(chkrootkit_t)
')