new init interfaces for systemd

These are needed by several patches I'm about to send.

Description: some new interfaces for init/systemd
Author: Russell Coker <russell@coker.com.au>
Last-Update: 2017-02-24

1 files changed, 36 insertions, 0 deletions

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 162ce266..2230df01 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1135,6 +1135,24 @@ interface(`init_var_lib_filetrans',`
 	filetrans_pattern($1, init_var_lib_t, $2, $3, $4)
 ')
 
+######################################
+## <summary>
+##  Allow search  directory in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`init_search_pid_dirs',`
+	gen_require(`
+		type init_var_run_t;
+	')
+
+	allow $1 init_var_run_t:dir search_dir_perms;
+')
+
 ########################################
 ## <summary>
 ##	Create files in an init PID directory.
@@ -2271,6 +2289,24 @@ interface(`init_rw_script_tmp_files',`
 
 ########################################
 ## <summary>
+##	Read and write init script inherited temporary data.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`init_rw_inherited_script_tmp_files',`
+	gen_require(`
+		type initrc_tmp_t;
+	')
+
+	allow $1 initrc_tmp_t:file rw_inherited_file_perms;
+')
+
+########################################
+## <summary>
 ##	Create files in a init script
 ##	temporary data directory.
 ## </summary>