From: jason@perfinion.com (Jason Zaman)
Date: Mon,  7 Mar 2016 16:45:36 +0800
Subject: [refpolicy] [PATCH] system/init: move systemd_ interfaces into
	optional_policy
Message-ID: <1457340336-4516-1-git-send-email-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When ifdef systemd is enabled, some interfaces from systemd are called
unconditionally. This makes migrating from non-systemd to systemd
complicated since init is part of base and systemd is not so loading
fails. Moving them into optional_policy fixes this.
---
 policy/modules/system/init.te | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index c9e1532..fb7aafc 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -280,13 +280,15 @@ ifdef(`init_systemd',`
 
 	seutil_read_file_contexts(init_t)
 
-	systemd_relabelto_kmod_files(init_t)
-	systemd_dbus_chat_logind(init_t)
-
 	# udevd is a "systemd kobject uevent socket activated daemon"
 	udev_create_kobject_uevent_sockets(init_t)
 
 	optional_policy(`
+		systemd_relabelto_kmod_files(init_t)
+		systemd_dbus_chat_logind(init_t)
+	')
+
+	optional_policy(`
 		dbus_system_bus_client(init_t)
 		dbus_connect_system_bus(init_t)
 	')
-- 
2.4.10