init: add interfaces for managing /run/systemd

2020-02-01 22:06:04 +01:00 · 2020-02-01 22:06:04 +01:00 · 4e842fe209
parent 6fd33ae70c
commit 4e842fe209
1 changed files with 55 additions and 0 deletions
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@ -1380,6 +1380,61 @@ interface(`init_list_pids',`
 	files_search_pids($1)
 ')

+######################################
+## <summary>
+##  Create symbolic links in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`init_manage_pid_symlinks', `
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	allow $1 init_runtime_t:lnk_file create_lnk_file_perms;
+')
+
+######################################
+## <summary>
+##  Create and write files in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`init_create_write_pid_files', `
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	allow $1 init_runtime_t:file { create_file_perms write };
+')
+
+######################################
+## <summary>
+##  Create, read, write, and delete
+##  directories in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`init_manage_pid_dirs', `
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	manage_dirs_pattern($1, init_runtime_t, init_runtime_t)
+')
+
 ########################################
 ## <summary>
 ##	Create files in an init PID directory.