Allow zabbix agent to query system state and other monitorable aspects

The zabbix agent is responsible for collecting the system state and other
monitorable aspects. This include
- information from /proc
- read attributes of various files (tamper detection)
- connect to the ssh service (check if it is reachable)
- get file system information
- read login information
- ...

It should be noted that the agent can do a lot more, depending on the target
system (what is being monitored) and the running services. The allowed
privileges here will in the future expand more as more templates are
checked.

Update: follow styleguide

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>

policy/modules/services/zabbix.te

@@ -119,8 +119,46 @@ fs_tmpfs_filetrans(zabbix_agent_t, zabbix_tmpfs_t, file)
 
 ## Kernel layer module calls
 
+# kernel module
+kernel_read_all_sysctls(zabbix_agent_t)
+kernel_read_system_state(zabbix_agent_t)
+
+# corecommands module
+corecmd_read_all_executables(zabbix_agent_t)
+
+# corenetwork module
+corenet_tcp_bind_generic_node(zabbix_agent_t)
+corenet_tcp_bind_zabbix_agent_port(zabbix_agent_t)
+corenet_tcp_connect_ssh_port(zabbix_agent_t)
+corenet_tcp_connect_zabbix_port(zabbix_agent_t)
+
+# devices module
+dev_getattr_all_blk_files(zabbix_agent_t)
+dev_getattr_all_chr_files(zabbix_agent_t)
+
+# domain module
+domain_search_all_domains_state(zabbix_agent_t)
+
+# files module
+files_getattr_all_dirs(zabbix_agent_t)
+files_getattr_all_files(zabbix_agent_t)
+files_read_all_symlinks(zabbix_agent_t)
+files_read_etc_files(zabbix_agent_t)
+
+# filesystem module
+fs_getattr_all_fs(zabbix_agent_t)
+
 ## System layer module calls
 
+# init module
+init_read_utmp(zabbix_agent_t)
+
+# logging module
+logging_search_logs(zabbix_agent_t)
+
+# miscfiles module
+miscfiles_read_localization(zabbix_agent_t)
+
 # sysnetwork module
 sysnet_dns_name_resolve(zabbix_agent_t)