added selinux module

selinux/sau.fc

@@ -0,0 +1,2 @@
+/usr/bin/sau gen_context(system_u:object_r:sau_t,s0)
+/etc/sau.cfg gen_context(system_u:object_r:sau_config_t,s0)

selinux/sau.te

@@ -0,0 +1,32 @@
+policy_module(sau, 0.1)
+
+gen_require(`
+  type system_cronjob_t;
+  type sysadm_t;
+
+  role sysadm_r;
+  roly system_r;
+')
+
+type sau_t;
+type sau_exec_t;
+type sau_config_t;
+
+domain_type(sau_t)
+domain_entry_file(sau_t, sau_exec_t)
+files_config_file(sau_config_t)
+read_files_pattern(sau_t, etc_t, sau_config_t);
+
+role sysadm_r types sau_t;
+role system_r types sau_t;
+
+domain_auto_transition_pattern(sysadm_t, sau_exec_t, sau_t)
+domain_auto_transition_pattern(system_cronjob_t, sau_exec_t, sau_t)
+
+# this should be fixed, but I don't know enough selinux magic to restrict this
+# while still allowing it to inspect all open files for all processes
+unconfined_domain_noaudit(sau_t)
+
+# Gentoo specific
+portage_domtrans(sau_t)
+