From: bigon@debian.org (Laurent Bigonville)
Date: Mon, 11 Nov 2013 15:12:31 +0100
Subject: [refpolicy] [RFC] Add security class and access vector permissions
	for systemd
Message-ID: <1384179151-1528-1-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

This patch add the necessary security class and permissions for systemd.

Fedora seems to add more permissions than the one that are actually used in the
source, I'm not too sure why, Daniel I guess you could help here?

---
 policy/flask/access_vectors   | 15 +++++++++++++++
 policy/flask/security_classes |  3 +++
 2 files changed, 18 insertions(+)

diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index a94b169..260ea4c 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -393,6 +393,13 @@ class system
 	syslog_mod
 	syslog_console
 	module_request
+	halt
+	reboot
+	status
+	start
+	enable
+	disable
+	reload
 }
 
 #
@@ -865,3 +872,11 @@ inherits database
 	implement
 	execute
 }
+
+class service
+{
+	start
+	stop
+	status
+	reload
+}
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 14a4799..2ee86d1 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -131,4 +131,7 @@ class db_view			# userspace
 class db_sequence		# userspace
 class db_language		# userspace
 
+# systemd services
+class service			#userspace
+
 # FLASK
-- 
1.8.4.2