From 4c515c9f8b8d842c06ae24120e653607097cb0eb Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Thu, 4 Feb 2021 15:13:50 +0800
Subject: [PATCH] systemd: allow systemd-hostnamed to read udev runtime files

Fixes:
avc:  denied  { open } for  pid=392 comm="systemd-hostnam"
path="/run/udev/data/+dmi:id" dev="tmpfs" ino=609
scontext=system_u:system_r:systemd_hostnamed_t:s0-s15:c0.c1023
tcontext=system_u:object_r:udev_runtime_t:s0 tclass=file permissive=1

avc:  denied  { getattr } for  pid=392 comm="systemd-hostnam"
path="/run/udev/data/+dmi:id" dev="tmpfs" ino=609
scontext=system_u:system_r:systemd_hostnamed_t:s0-s15:c0.c1023
tcontext=system_u:object_r:udev_runtime_t:s0 tclass=file permissive=1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 policy/modules/system/systemd.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 744cbc605..91e3df73f 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -512,6 +512,9 @@ sysnet_manage_config(systemd_hostnamed_t)
 
 systemd_log_parse_environment(systemd_hostnamed_t)
 
+# Allow reading /run/udev/data/+dmi:id
+udev_read_runtime_files(systemd_hostnamed_t)
+
 optional_policy(`
 	dbus_connect_system_bus(systemd_hostnamed_t)
 	dbus_system_bus_client(systemd_hostnamed_t)