From: russell@coker.com.au (Russell Coker)
Date: Fri, 24 Feb 2017 17:22:42 +1100
Subject: [refpolicy]  [PATCH] new init interfaces for systemd
Message-ID: <20170224062242.fbwgq3sbbvezawdo@athena.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

These are needed by several patches I'm about to send.

Description: some new interfaces for init/systemd
Author: Russell Coker <russell@coker.com.au>
Last-Update: 2017-02-24

Index: refpolicy-2.20170224/policy/modules/system/init.if
===================================================================
--- refpolicy-2.20170224.orig/policy/modules/system/init.if
+++ refpolicy-2.20170224/policy/modules/system/init.if
@@ -1135,6 +1232,24 @@ interface(`init_var_lib_filetrans',`
 	filetrans_pattern($1, init_var_lib_t, $2, $3, $4)
 ')
 
+######################################
+## <summary>
+##  Allow search  directory in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`init_search_pid_dirs',`
+	gen_require(`
+		type init_var_run_t;
+	')
+
+	allow $1 init_var_run_t:dir search_dir_perms;
+')
+
 ########################################
 ## <summary>
 ##	Create files in an init PID directory.
@@ -2261,6 +2467,24 @@ interface(`init_rw_script_tmp_files',`
 
 ########################################
 ## <summary>
+##	Read and write init script inherited temporary data.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_rw_inherited_script_tmp_files',`
+	gen_require(`
+		type initrc_tmp_t;
+	')
+
+	allow $1 initrc_tmp_t:file rw_inherited_file_perms;
+')
+
+########################################
+## <summary>
 ##	Create files in a init script
 ##	temporary data directory.
 ## </summary>