This is adding an interface to perform a filetrans when creating
systemd unit files (in systemd_unit_t directory). Something like this
is required if creating new unit files for systemd and you want them
to have something other than the generic systemd_unit_t type.
Signed-off-by: Dave Sugar <dsugar@xxxxxxxxxx>
---
policy/modules/system/init.if | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 5beb21e9..caed4867 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -3040,6 +3040,40 @@ interface(`init_reload_all_units',`
allow $1 { init_script_file_type systemdunit }:service reload;
')
+########################################
+## <summary>
+## Create systemd_unit_t objects with a private
+## type using a type_transition.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="file_type">
+## <summary>
+## Private file type.
+## </summary>
+## </param>
+## <param name="class">
+## <summary>
+## Object classes to be created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`init_unit_filetrans',`
+ gen_require(`
+ type systemd_unit_t;
+ ')
+
+ filetrans_pattern($1, systemd_unit_t, $2, $3, $4)
+')
+
########################################
## <summary>
## Allow unconfined access to send instructions to init
--
2.20.1
