selinux-policy/policy/modules/services/aide.if

## <summary>Aide filesystem integrity checker</summary>

########################################
## <summary>
##      Execute aide in the aide domain
## </summary>
## <param name="domain">
##      <summary>
##      Domain allowed access.
##      </summary>
## </param>
#
interface(`aide_domtrans',`
        gen_require(`
                type aide_t, aide_exec_t;
        ')

	corecmd_search_bin($1)
        domtrans_pattern($1,aide_exec_t,aide_t)
')


########################################
## <summary>
##	Execute aide programs in the AIDE domain.
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
## <param name="role">
##	<summary>
##	The role to allow the AIDE domain.
##	</summary>
## </param>
## <param name="terminal">
##	<summary>
##	The type of the terminal allow the AIDE domain to use.
##	</summary>
## </param>
#
interface(`aide_run',`
	gen_require(`
		type aide_t;
	')

	aide_domtrans($1)
	role $2 types aide_t;
	allow aide_t $3:chr_file rw_chr_file_perms;
')