| policy_module(systemd_test, 0.0.1) |
| |
| # declarations |
| attribute systemd_test_domain_type; |
| |
| systemd_test_base_template(systemd_test) |
| systemd_test_base_template(systemd_test_status) |
| systemd_test_base_template(systemd_test_start) |
| systemd_test_base_template(systemd_test_stop) |
| systemd_test_base_template(systemd_test_reload) |
| |
| # systemd_test_domain_type |
| |
| require { |
| role system_r; |
| role unconfined_r; |
| type bin_t; |
| type initrc_t; |
| type systemd_systemctl_exec_t; |
| type unconfined_service_t; |
| } |
| |
| role system_r types systemd_test_domain_type; |
| role unconfined_r types systemd_test_domain_type; |
| |
| allow systemd_test_domain_type bin_t: file entrypoint; |
| allow systemd_test_domain_type systemd_systemctl_exec_t: file entrypoint; |
| allow initrc_t systemd_test_domain_type: process transition; |
| allow unconfined_service_t systemd_test_domain_type: process transition; |
| corecmd_exec_bin(systemd_test_domain_type) |
| init_signal_script(systemd_test_domain_type) |
| init_sigchld_script(systemd_test_domain_type) |
| systemd_exec_systemctl(systemd_test_domain_type) |
| userdom_use_user_ttys(systemd_test_domain_type) |
| userdom_use_user_ptys(systemd_test_domain_type) |
| |
| optional_policy(` |
| dbus_system_bus_client(systemd_test_domain_type) |
| init_dbus_chat(systemd_test_domain_type) |
| ') |
| |
| # systemd_test_*_t |
| require { |
| type systemd_unit_file_t; |
| } |
| |
| allow systemd_test_status_t systemd_unit_file_t: service { status }; |
| allow systemd_test_start_t systemd_unit_file_t: service { start }; |
| allow systemd_test_stop_t systemd_unit_file_t: service { stop }; |
| allow systemd_test_reload_t systemd_unit_file_t: service { reload }; |