===================================================================
--- refpolicy-2.20210908.orig/policy/modules/system/systemd.te
+++ refpolicy-2.20210908/policy/modules/system/systemd.te
@@ -65,10 +65,6 @@ type systemd_activate_t;
type systemd_activate_exec_t;
init_system_domain(systemd_activate_t, systemd_activate_exec_t)
-type systemd_analyze_t;
-type systemd_analyze_exec_t;
-init_daemon_domain(systemd_analyze_t, systemd_analyze_exec_t)
-
type systemd_backlight_t;
type systemd_backlight_exec_t;
init_system_domain(systemd_backlight_t, systemd_backlight_exec_t)
I proposed a similar change last year here and the consensus in the PR
discussion was that it would make more sense to add policy for the
systemd_analyze_t domain for cases that wanted a transition there, but
keeping the general approach of running in the parent domain.
https://github.com/SELinuxProject/refpolicy/pull/321
Of course, no one has actually submitted systemd_analyze_t policy yet,
so maybe the demand for such a use case isn't all that high?
-Daniel