Add interfaces to control clamav_unit_t systemd services

Signed-off-by: Dave Sugar <dsugar@tresys.com>

policy/modules/services/clamav.if

@@ -223,6 +223,82 @@ interface(`clamav_scannable_files',`
 	typeattribute $1 clam_scannable_type;
 ')
 
+########################################
+## <summary>
+##	Allow specified domain to enable clamd units
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`clamav_enabledisable_clamd',`
+	gen_require(`
+		type clamav_unit_t;
+		class service { enable disable };
+	')
+
+	allow $1 clamav_unit_t:service { enable disable };
+')
+
+########################################
+## <summary>
+##	Allow specified domain to start clamd units
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`clamav_startstop_clamd',`
+	gen_require(`
+		type clamd_unit_t;
+		class service { start stop };
+	')
+
+	allow $1 clamd_unit_t:service { start stop };
+')
+
+########################################
+## <summary>
+##	Allow specified domain to get status of clamd
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`clamav_status_clamd',`
+	gen_require(`
+		type clamd_unit_t;
+		class service status;
+	')
+
+	allow $1 clamd_unit_t:service status;
+')
+
+########################################
+## <summary>
+##	Allow specified domain reload of clamd
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`clamav_reload_clamd',`
+	gen_require(`
+		type clamd_unit_t;
+		class service reload;
+	')
+
+	allow $1 clamd_unit_t:service reload;
+')
+
 ########################################
 ## <summary>
 ##	All of the rules required to