From 66ef615fde871afb6ab0ff7e371956b0b1ee66c4 Mon Sep 17 00:00:00 2001
From: Eric Renfro <psi-jack@linux-help.org>
Date: Sun, 31 Jul 2016 19:23:16 -0400
Subject: [PATCH] Completely reformatted the style based on what I understand
 of the style guide thus far

---
 ossec.te | 513 +++++++++++++++++++++----------------------------------
 1 file changed, 199 insertions(+), 314 deletions(-)

diff --git a/ossec.te b/ossec.te
index 13f5d96..63f2170 100644
--- a/ossec.te
+++ b/ossec.te
@@ -1,33 +1,31 @@
 
-policy_module(ossec,1.0.277)
+policy_module(ossec,1.1.0)
 
 ########################################
 #
 # Declarations
 #
 
-# ossec bin dir
-type ossec_bin_t;
-files_type(ossec_bin_t)
+###
+# Active-Response Domain and File Types
+type ossec_ar_t;
+type ossec_ar_exec_t;
+domain_type(ossec_ar_t)
+domain_entry_file(ossec_ar_t, ossec_ar_exec_t)
+domtrans_pattern(ossec_execd_t, ossec_ar_exec_t, ossec_ar_t)
+role system_r types ossec_ar_t;
+files_type(ossec_ar_exec_t);
 
-# ossec-maild daemon
-type ossec_maild_t;
-type ossec_maild_exec_t;
-init_daemon_domain(ossec_maild_t, ossec_maild_exec_t)
+type ossec_ar_bin_t;
+files_type(ossec_ar_bin_t);
 
-# ossec-execd daemon
-type ossec_execd_t;
-type ossec_execd_exec_t;
-init_daemon_domain(ossec_execd_t, ossec_execd_exec_t)
+unconfined_domain(ossec_ar_t)
+###
 
-type ossec_execd_file_t;
-files_type(ossec_execd_file_t)
-
-type ossec_execd_journal_t;
-files_type(ossec_execd_journal_t)
-
-type ossec_execd_sock_t;
-files_type(ossec_execd_sock_t)
+# ossec-agentlessd daemon
+type ossec_agentlessd_t;
+type ossec_agentlessd_exec_t;
+init_daemon_domain(ossec_agentlessd_t, ossec_agentlessd_exec_t)
 
 # ossec-analysisd daemon
 type ossec_analysisd_t;
@@ -43,11 +41,57 @@ files_type(ossec_analysisd_file_t)
 type ossec_analysisd_sock_t;
 files_type(ossec_analysisd_sock_t)
 
+# ossec-csyslogd daemon
+type ossec_csyslogd_t;
+type ossec_csyslogd_exec_t;
+init_daemon_domain(ossec_csyslogd_t, ossec_csyslogd_exec_t)
+
+# ossec-dbd daemon
+type ossec_dbd_t;
+type ossec_dbd_exec_t;
+init_daemon_domain(ossec_dbd_t, ossec_dbd_exec_t)
+
+# ossec etc dir
+type ossec_etc_t;
+files_config_file(ossec_etc_t)
+
+# ossec-execd daemon
+type ossec_execd_t;
+type ossec_execd_exec_t;
+init_daemon_domain(ossec_execd_t, ossec_execd_exec_t)
+
+type ossec_execd_file_t;
+files_type(ossec_execd_file_t)
+
+type ossec_execd_journal_t;
+files_type(ossec_execd_journal_t)
+
+type ossec_execd_sock_t;
+files_type(ossec_execd_sock_t)
+
+# ossec_initrc
+type ossec_initrc_exec_t;
+init_script_file(ossec_initrc_exec_t)
+
 # ossec-logcollector daemon
 type ossec_logcollector_t;
 type ossec_logcollector_exec_t;
 init_daemon_domain(ossec_logcollector_t, ossec_logcollector_exec_t)
 
+# ossec logs dir
+type ossec_log_t;
+logging_log_file(ossec_log_t)
+
+# ossec-maild daemon
+type ossec_maild_t;
+type ossec_maild_exec_t;
+init_daemon_domain(ossec_maild_t, ossec_maild_exec_t)
+
+# ossec-monitord daemon
+type ossec_monitord_t;
+type ossec_monitord_exec_t;
+init_daemon_domain(ossec_monitord_t, ossec_monitord_exec_t)
+
 # ossec-remoted daemon
 type ossec_remoted_t;
 type ossec_remoted_exec_t;
@@ -67,52 +111,14 @@ type ossec_syscheckd_t;
 type ossec_syscheckd_exec_t;
 init_daemon_domain(ossec_syscheckd_t, ossec_syscheckd_exec_t)
 
-#domain_entry_file(ossec_syscheckd_t, shell_exec_t)
-#domtrans_pattern(ossec_syscheckd_t, ossec_ar_exec_t, ossec_ar_t)
 
+# ossec bin dir
+type ossec_bin_t;
+files_type(ossec_bin_t)
 
-# ossec-monitord daemon
-type ossec_monitord_t;
-type ossec_monitord_exec_t;
-init_daemon_domain(ossec_monitord_t, ossec_monitord_exec_t)
-
-# ossec-dbd daemon
-type ossec_dbd_t;
-type ossec_dbd_exec_t;
-init_daemon_domain(ossec_dbd_t, ossec_dbd_exec_t)
-
-# ossec-csyslogd daemon
-type ossec_csyslogd_t;
-type ossec_csyslogd_exec_t;
-init_daemon_domain(ossec_csyslogd_t, ossec_csyslogd_exec_t)
-
-# ossec-agentlessd daemon
-type ossec_agentlessd_t;
-type ossec_agentlessd_exec_t;
-init_daemon_domain(ossec_agentlessd_t, ossec_agentlessd_exec_t)
-
-# initrc
-type ossec_initrc_exec_t;
-init_script_file(ossec_initrc_exec_t)
-
-type ossec_var_t;
-files_type(ossec_var_t)
-
-# ossec var run dir
-type ossec_var_run_t;
-files_pid_file(ossec_var_run_t)
-
-# ossec tmp dir
-type ossec_tmp_t;
-files_tmp_file(ossec_tmp_t)
-
-# ossec logs dir
-type ossec_log_t;
-logging_log_file(ossec_log_t)
-
-# ossec etc dir
-type ossec_etc_t;
-files_config_file(ossec_etc_t)
+# ossec queue dir
+type ossec_queue_t;
+files_type(ossec_queue_t)
 
 # ossec rules dir
 type ossec_rule_t;
@@ -122,26 +128,16 @@ files_config_file(ossec_rule_t)
 type ossec_stats_t;
 files_type(ossec_stats_t)
 
-# ossec queue dir
-type ossec_queue_t;
-files_type(ossec_queue_t)
+# ossec tmp dir
+type ossec_tmp_t;
+files_tmp_file(ossec_tmp_t)
 
-###
-# Active-Response Domain and File Types
-type ossec_ar_t;
+# ossec var run dir
+type ossec_var_t;
+files_type(ossec_var_t)
 
-type ossec_ar_bin_t;
-files_type(ossec_ar_bin_t);
-
-type ossec_ar_exec_t;
-files_type(ossec_ar_exec_t);
-
-domain_type(ossec_ar_t)
-domain_entry_file(ossec_ar_t, ossec_ar_exec_t)
-domtrans_pattern(ossec_execd_t, ossec_ar_exec_t, ossec_ar_t)
-role system_r types ossec_ar_t;
-unconfined_domain(ossec_ar_t)
-###
+type ossec_var_run_t;
+files_pid_file(ossec_var_run_t)
 
 
 require {
@@ -163,275 +159,164 @@ require {
 #
 
 
-#============= ossec_maild_t ==============
-auth_read_passwd(ossec_maild_t)
-
-# init
-allow ossec_maild_t self:capability { dac_override dac_read_search setuid setgid sys_chroot };
-
-# etc dir
-ossec_read_config(ossec_maild_t)
-sysnet_read_config(ossec_maild_t)
-
-# var run dir
-allow ossec_maild_t ossec_var_run_t:file manage_file_perms;
-ossec_pid_filetrans(ossec_maild_t, ossec_var_run_t, file)
-
-# logs
-allow ossec_maild_t ossec_log_t:file { create_file_perms append_file_perms read };
-ossec_log_filetrans(ossec_maild_t, ossec_log_t, file)
-
-# Sockets
-allow ossec_maild_t self:tcp_socket create_socket_perms;
-corenet_tcp_connect_smtp_port(ossec_maild_t)
-
-
-#============= ossec_execd_t ==============
-
-# init
-auth_read_passwd(ossec_execd_t)
-allow ossec_execd_t self:capability { dac_override dac_read_search setgid };
-
-# etc dir
-ossec_read_config(ossec_execd_t)
-sysnet_read_config(ossec_execd_t)
+allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms read link unlink };
+allow ossec_analysisd_t ossec_var_run_t:file manage_file_perms;
+allow ossec_analysisd_t self:capability { dac_override dac_read_search fsetid setuid setgid sys_chroot };
+allow ossec_analysisd_t self:unix_dgram_socket create_stream_socket_perms;
 
+allow ossec_execd_t ossec_ar_t:process { rlimitinh siginh noatsecure };
 allow ossec_execd_t ossec_execd_file_t:file { create_file_perms rw_file_perms };
 allow ossec_execd_t ossec_execd_journal_t:file manage_file_perms;
-filetrans_pattern(ossec_execd_t, ossec_var_t, ossec_execd_journal_t, file, "execd.sqlite-journal");
-
-# var run dir
-allow ossec_execd_t ossec_var_run_t:file manage_file_perms;
-ossec_pid_filetrans(ossec_execd_t, ossec_var_run_t, file)
-
-# queue dir
-ossec_queue_filetrans(ossec_execd_t, ossec_execd_sock_t, sock_file)
-manage_sock_files_pattern(ossec_execd_t, ossec_queue_t, ossec_execd_sock_t)
-
-# logs
 allow ossec_execd_t ossec_log_t:file { create_file_perms append_file_perms read };
-ossec_log_filetrans(ossec_execd_t, ossec_log_t, file)
-
-# active-response scripts
-search_dirs_pattern(ossec_execd_t, ossec_ar_bin_t, ossec_ar_bin_t)
-corecmd_exec_shell(ossec_execd_t)
-
-# dgram socket
+allow ossec_execd_t ossec_var_run_t:file manage_file_perms;
+allow ossec_execd_t self:capability { dac_override dac_read_search setgid };
 allow ossec_execd_t self:unix_dgram_socket create_stream_socket_perms;
 
-# Read urandom
-dev_read_urand(ossec_execd_t)
+allow ossec_logcollector_t ossec_log_t:file { create_file_perms append_file_perms read };
+allow ossec_logcollector_t ossec_var_run_t:file manage_file_perms;
+allow ossec_logcollector_t self:capability { dac_override dac_read_search };
+allow ossec_logcollector_t self:unix_dgram_socket create_socket_perms;
 
-# Run autoresponce unconstrained
-allow ossec_execd_t ossec_ar_t:process { rlimitinh siginh noatsecure };
+allow ossec_maild_t ossec_log_t:file { create_file_perms append_file_perms read };
+allow ossec_maild_t ossec_var_run_t:file manage_file_perms;
+allow ossec_maild_t self:capability { dac_override dac_read_search setuid setgid sys_chroot };
+allow ossec_maild_t self:tcp_socket create_socket_perms;
+
+allow ossec_monitord_t ossec_log_t:file { create_file_perms append_file_perms write read };
+allow ossec_monitord_t ossec_remoted_file_t:file getattr_file_perms;
+allow ossec_monitord_t ossec_var_run_t:file manage_file_perms;
+allow ossec_monitord_t self:capability { dac_override dac_read_search setuid setgid sys_chroot };
+allow ossec_monitord_t self:unix_dgram_socket create_socket_perms;
+
+allow ossec_remoted_t ossec_log_t:file { create_file_perms append_file_perms read };
+allow ossec_remoted_t ossec_var_run_t:file manage_file_perms;
+allow ossec_remoted_t self:capability { dac_override dac_read_search setuid setgid sys_chroot };
+allow ossec_remoted_t self:udp_socket create_stream_socket_perms;
+allow ossec_remoted_t self:unix_dgram_socket create_stream_socket_perms;
+
+allow ossec_syscheckd_t hi_reserved_port_t:tcp_socket name_bind;
+allow ossec_syscheckd_t hi_reserved_port_t:udp_socket name_bind;
+allow ossec_syscheckd_t ossec_log_t:file { create_file_perms append_file_perms read };
+allow ossec_syscheckd_t ossec_queue_t:dir { create_dir_perms rw_dir_perms };
+allow ossec_syscheckd_t ossec_queue_t:file { create_file_perms rename_file_perms write_file_perms };
+allow ossec_syscheckd_t ossec_var_run_t:file manage_file_perms;
+allow ossec_syscheckd_t self:capability { dac_override dac_read_search kill setuid setgid sys_chroot sys_nice };
+allow ossec_syscheckd_t self:process { setsched };
+allow ossec_syscheckd_t self:tcp_socket create_socket_perms;
+allow ossec_syscheckd_t self:udp_socket create_socket_perms;
+allow ossec_syscheckd_t self:unix_dgram_socket create_socket_perms;
 
 
-#============= ossec_analysisd_t ==============
-
-# init
 auth_read_passwd(ossec_analysisd_t)
-allow ossec_analysisd_t self:capability { dac_override dac_read_search fsetid setuid setgid sys_chroot };
+auth_read_passwd(ossec_execd_t)
+auth_read_passwd(ossec_maild_t)
+auth_read_passwd(ossec_monitord_t)
+auth_read_passwd(ossec_remoted_t)
 
-# etc dir
-ossec_read_config(ossec_analysisd_t)
-sysnet_read_config(ossec_analysisd_t)
-manage_files_pattern(ossec_analysisd_t, ossec_etc_t, ossec_analysisd_configfile_t)
+corecmd_exec_bin(ossec_syscheckd_t)
+corecmd_exec_shell(ossec_execd_t)
+corecmd_exec_shell(ossec_syscheckd_t)
 
-# var run dir
-allow ossec_analysisd_t ossec_var_run_t:file manage_file_perms;
-ossec_pid_filetrans(ossec_analysisd_t, ossec_var_run_t, file)
+corenet_tcp_bind_generic_node(ossec_syscheckd_t)
+corenet_tcp_bind_generic_port(ossec_syscheckd_t)
+corenet_tcp_bind_reserved_port(ossec_syscheckd_t)
+corenet_tcp_connect_smtp_port(ossec_maild_t)
 
-# queue dir
-#allow ossec_analysisd_t ossec_analysisd_file_t:dir { write add_name };
-#allow ossec_analysisd_t ossec_analysisd_file_t:dir { manage_dir_perms };
-ossec_queue_filetrans(ossec_analysisd_t, ossec_analysisd_file_t, file)
-#rw_files_pattern(ossec_analysisd_t, ossec_analysisd_file_t, ossec_analysisd_file_t)
-manage_files_pattern(ossec_analysisd_t, ossec_analysisd_file_t, ossec_analysisd_file_t)
+corenet_udp_bind_all_unreserved_ports(ossec_remoted_t)
+corenet_udp_bind_generic_node(ossec_remoted_t)
+corenet_udp_bind_generic_node(ossec_syscheckd_t)
+corenet_udp_bind_generic_port(ossec_syscheckd_t)
+corenet_udp_bind_reserved_port(ossec_syscheckd_t)
 
-
-ossec_queue_filetrans(ossec_analysisd_t, ossec_analysisd_sock_t, sock_file)
-manage_sock_files_pattern(ossec_analysisd_t, ossec_queue_t, ossec_analysisd_sock_t)
+dev_getattr_all(ossec_syscheckd_t)
+dev_read_urand(ossec_execd_t)
 
 dgram_send_pattern(ossec_analysisd_t, ossec_queue_t, ossec_execd_sock_t, ossec_execd_t)
 dgram_send_pattern(ossec_analysisd_t, ossec_queue_t, ossec_remoted_sock_t, ossec_remoted_t)
-
-# stats dir
-manage_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
-#append_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
-#allow ossec_analysisd_t ossec_stats_t:file read_file_perms;
-
-# logs
-allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms read link unlink };
-ossec_log_filetrans(ossec_analysisd_t, ossec_log_t, file)
-
-# rules dir
-search_dirs_pattern(ossec_analysisd_t, ossec_rule_t, ossec_rule_t)
-read_files_pattern(ossec_analysisd_t, ossec_rule_t, ossec_rule_t)
-
-# dgram socket
-allow ossec_analysisd_t self:unix_dgram_socket create_stream_socket_perms;
-
-
-#============= ossec_logcollector_t ==============
-
-# init
-allow ossec_logcollector_t self:capability { dac_override dac_read_search };
-
-# etc dir
-ossec_read_config(ossec_logcollector_t)
-sysnet_read_config(ossec_logcollector_t)
-
-# var run dir
-allow ossec_logcollector_t ossec_var_run_t:file manage_file_perms;
-ossec_pid_filetrans(ossec_logcollector_t, ossec_var_run_t, file)
-
-# queue dir
 dgram_send_pattern(ossec_logcollector_t, ossec_queue_t, ossec_analysisd_sock_t, ossec_analysisd_t)
-
-# logs
-allow ossec_logcollector_t ossec_log_t:file { create_file_perms append_file_perms read };
-ossec_log_filetrans(ossec_logcollector_t, ossec_log_t, file)
-
-# Access all system logs:
-logging_read_all_logs(ossec_logcollector_t)
-
-# dgram socket
-allow ossec_logcollector_t self:unix_dgram_socket create_socket_perms;
-
-
-#============= ossec_remoted_t ==============
-
-# init
-auth_read_passwd(ossec_remoted_t)
-allow ossec_remoted_t self:capability { dac_override dac_read_search setuid setgid sys_chroot };
-
-# etc dir
-ossec_read_config(ossec_remoted_t)
-sysnet_read_config(ossec_remoted_t)
-manage_files_pattern(ossec_remoted_t, ossec_etc_t, ossec_remoted_configfile_t)
-
-# var run dir
-allow ossec_remoted_t ossec_var_run_t:file manage_file_perms;
-ossec_pid_filetrans(ossec_remoted_t, ossec_var_run_t, file)
-
-# queue dir
+dgram_send_pattern(ossec_monitord_t, ossec_queue_t, ossec_analysisd_sock_t, ossec_analysisd_t)
 dgram_send_pattern(ossec_remoted_t, ossec_queue_t, ossec_analysisd_sock_t, ossec_analysisd_t)
-ossec_queue_filetrans(ossec_remoted_t, ossec_remoted_sock_t, sock_file)
-manage_sock_files_pattern(ossec_remoted_t, ossec_queue_t, ossec_remoted_sock_t)
-
-# queue/rids/
-rw_files_pattern(ossec_remoted_t, ossec_remoted_file_t, ossec_remoted_file_t)
-
-# logs
-allow ossec_remoted_t ossec_log_t:file { create_file_perms append_file_perms read };
-ossec_log_filetrans(ossec_remoted_t, ossec_log_t, file)
-
-# Sockets
-allow ossec_remoted_t self:udp_socket create_stream_socket_perms;
-corenet_udp_bind_all_unreserved_ports(ossec_remoted_t)
-corenet_udp_bind_generic_node(ossec_remoted_t)
-
-# dgram socket
-allow ossec_remoted_t self:unix_dgram_socket create_stream_socket_perms;
-
-
-#============= ossec_syscheckd_t ==============
-
-# init
-allow ossec_syscheckd_t self:capability { dac_override dac_read_search setuid setgid sys_chroot sys_nice };
-allow ossec_syscheckd_t self:process { setsched };
-
-# etc dir
-ossec_read_config(ossec_syscheckd_t)
-sysnet_read_config(ossec_syscheckd_t)
-
-# var run dir
-allow ossec_syscheckd_t ossec_var_run_t:file manage_file_perms;
-ossec_pid_filetrans(ossec_syscheckd_t, ossec_var_run_t, file)
-
-# queue dir
 dgram_send_pattern(ossec_syscheckd_t, ossec_queue_t, ossec_analysisd_sock_t, ossec_analysisd_t)
 
-allow ossec_syscheckd_t ossec_queue_t:dir { create_dir_perms rw_dir_perms };
-allow ossec_syscheckd_t ossec_queue_t:file { create_file_perms rename_file_perms write_file_perms };
-ossec_queue_filetrans(ossec_syscheckd_t, ossec_queue_t, file)
-
-ossec_tmp_filetrans(ossec_syscheckd_t, ossec_tmp_t, lnk_file)
-manage_lnk_files_pattern(ossec_syscheckd_t, ossec_tmp_t, ossec_tmp_t)
-userdom_search_user_tmp_dirs(ossec_syscheckd_t)
-
-# logs
-allow ossec_syscheckd_t ossec_log_t:file { create_file_perms append_file_perms read };
-ossec_log_filetrans(ossec_syscheckd_t, ossec_log_t, file)
-
-# dgram socket
-allow ossec_syscheckd_t self:unix_dgram_socket create_socket_perms;
-
-# Sockets
-allow ossec_syscheckd_t self:udp_socket create_socket_perms;
-allow ossec_syscheckd_t self:tcp_socket create_socket_perms;
-#allow ossec_syscheckd_t self:udp_socket { create connect read write bind };
-#allow ossec_syscheckd_t self:tcp_socket { create connect read write };
-allow ossec_syscheckd_t hi_reserved_port_t:tcp_socket name_bind;
-allow ossec_syscheckd_t hi_reserved_port_t:udp_socket name_bind;
-corenet_tcp_bind_generic_node(ossec_syscheckd_t)
-corenet_udp_bind_generic_node(ossec_syscheckd_t)
-corenet_tcp_bind_generic_port(ossec_syscheckd_t)
-corenet_udp_bind_generic_port(ossec_syscheckd_t)
-corenet_tcp_bind_reserved_port(ossec_syscheckd_t)
-corenet_udp_bind_reserved_port(ossec_syscheckd_t)
-files_dontaudit_getattr_all_sockets(ossec_syscheckd_t)
-
-# exec patterns
-corecmd_exec_bin(ossec_syscheckd_t)
-corecmd_exec_shell(ossec_syscheckd_t)
-
-# all the files
-files_read_all_files(ossec_syscheckd_t)
-files_read_all_symlinks(ossec_syscheckd_t)
-seutil_read_bin_policy(ossec_syscheckd_t)
-dev_getattr_all(ossec_syscheckd_t)
-
-# all the ports
-allow ossec_syscheckd_t self:capability kill;
 domain_read_all_domains_state(ossec_syscheckd_t)
 domain_dontaudit_getsession_all_domains(ossec_syscheckd_t)
 domain_getsession_all_domains(ossec_syscheckd_t)
 domain_getpgid_all_domains(ossec_syscheckd_t)
 domain_dontaudit_signull_all_domains(ossec_syscheckd_t)
 
+files_dontaudit_getattr_all_sockets(ossec_syscheckd_t)
+files_read_all_files(ossec_syscheckd_t)
+files_read_all_symlinks(ossec_syscheckd_t)
 
-#============= ossec-monitord_t ==============
-
-# init
-auth_read_passwd(ossec_monitord_t)
-allow ossec_monitord_t self:capability { dac_override dac_read_search setuid setgid sys_chroot };
-
-# etc dir
-ossec_read_config(ossec_monitord_t)
-sysnet_read_config(ossec_monitord_t)
-
-# var run dir
-allow ossec_monitord_t ossec_var_run_t:file manage_file_perms;
-ossec_pid_filetrans(ossec_monitord_t, ossec_var_run_t, file)
-
-# queue dir
-dgram_send_pattern(ossec_monitord_t, ossec_queue_t, ossec_analysisd_sock_t, ossec_analysisd_t)
+filetrans_pattern(ossec_execd_t, ossec_var_t, ossec_execd_journal_t, file, "execd.sqlite-journal");
 
 list_dirs_pattern(ossec_monitord_t, ossec_queue_t, ossec_remoted_file_t)
-allow ossec_monitord_t ossec_remoted_file_t:file getattr_file_perms;
 
-# logs
-allow ossec_monitord_t ossec_log_t:file { create_file_perms append_file_perms write read };
+logging_read_all_logs(ossec_logcollector_t)
+
+manage_files_pattern(ossec_analysisd_t, ossec_analysisd_file_t, ossec_analysisd_file_t)
+manage_files_pattern(ossec_analysisd_t, ossec_etc_t, ossec_analysisd_configfile_t)
+manage_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
+manage_files_pattern(ossec_remoted_t, ossec_etc_t, ossec_remoted_configfile_t)
+
+manage_lnk_files_pattern(ossec_syscheckd_t, ossec_tmp_t, ossec_tmp_t)
+
+manage_sock_files_pattern(ossec_analysisd_t, ossec_queue_t, ossec_analysisd_sock_t)
+manage_sock_files_pattern(ossec_execd_t, ossec_queue_t, ossec_execd_sock_t)
+manage_sock_files_pattern(ossec_remoted_t, ossec_queue_t, ossec_remoted_sock_t)
+
+ossec_log_filetrans(ossec_analysisd_t, ossec_log_t, file)
+ossec_log_filetrans(ossec_execd_t, ossec_log_t, file)
+ossec_log_filetrans(ossec_logcollector_t, ossec_log_t, file)
+ossec_log_filetrans(ossec_maild_t, ossec_log_t, file)
 ossec_log_filetrans(ossec_monitord_t, ossec_log_t, file)
+ossec_log_filetrans(ossec_remoted_t, ossec_log_t, file)
+ossec_log_filetrans(ossec_syscheckd_t, ossec_log_t, file)
 
-# dgram socket
-allow ossec_monitord_t self:unix_dgram_socket create_socket_perms;
+ossec_pid_filetrans(ossec_analysisd_t, ossec_var_run_t, file)
+ossec_pid_filetrans(ossec_execd_t, ossec_var_run_t, file)
+ossec_pid_filetrans(ossec_logcollector_t, ossec_var_run_t, file)
+ossec_pid_filetrans(ossec_maild_t, ossec_var_run_t, file)
+ossec_pid_filetrans(ossec_monitord_t, ossec_var_run_t, file)
+ossec_pid_filetrans(ossec_remoted_t, ossec_var_run_t, file)
+ossec_pid_filetrans(ossec_syscheckd_t, ossec_var_run_t, file)
 
+ossec_queue_filetrans(ossec_analysisd_t, ossec_analysisd_file_t, file)
+ossec_queue_filetrans(ossec_analysisd_t, ossec_analysisd_sock_t, sock_file)
+ossec_queue_filetrans(ossec_execd_t, ossec_execd_sock_t, sock_file)
+ossec_queue_filetrans(ossec_remoted_t, ossec_remoted_sock_t, sock_file)
+ossec_queue_filetrans(ossec_syscheckd_t, ossec_queue_t, file)
 
-#============= httpd_t ==============
+ossec_read_config(ossec_analysisd_t)
+ossec_read_config(ossec_execd_t)
+ossec_read_config(ossec_logcollector_t)
+ossec_read_config(ossec_maild_t)
+ossec_read_config(ossec_monitord_t)
+ossec_read_config(ossec_remoted_t)
+ossec_read_config(ossec_syscheckd_t)
 
 ossec_read_logs(httpd_t)
 ossec_read_queue(httpd_t)
 ossec_read_stats(httpd_t)
 
+ossec_tmp_filetrans(ossec_syscheckd_t, ossec_tmp_t, lnk_file)
+
+read_files_pattern(ossec_analysisd_t, ossec_rule_t, ossec_rule_t)
+
+rw_files_pattern(ossec_remoted_t, ossec_remoted_file_t, ossec_remoted_file_t)
+
+search_dirs_pattern(ossec_analysisd_t, ossec_rule_t, ossec_rule_t)
+search_dirs_pattern(ossec_execd_t, ossec_ar_bin_t, ossec_ar_bin_t)
+
+seutil_read_bin_policy(ossec_syscheckd_t)
+
+sysnet_read_config(ossec_analysisd_t)
+sysnet_read_config(ossec_execd_t)
+sysnet_read_config(ossec_logcollector_t)
+sysnet_read_config(ossec_maild_t)
+sysnet_read_config(ossec_monitord_t)
+sysnet_read_config(ossec_remoted_t)
+sysnet_read_config(ossec_syscheckd_t)
+
+userdom_search_user_tmp_dirs(ossec_syscheckd_t)
+