Here is an initial attempt at an aide policy.  So far I've only been
testing it on strict-mls so if you are using the Tresys reference policy
Makefile.example you'll need to use TYPE=strict-mls as an option to
build it.

This policy assumes that /var/lib/aide/ exists and is aide_db_t:SysHigh.
   It does not allow aide_t to read shadow_t, even though it is common
to have aide check the shadow files, since there is an assert in the
policy against types reading shadow_t.  Aide can complete its scan
without being able to read shadow files with only a little complaining.
 The testing of this policy has focused on using James Antill's
aide.conf and his patched version of aide which is SELinux aware.
http://people.redhat.com/jantill/aide/

-matt