init: split init_create_pid_files interface

policy/modules/system/init.if

@@ -1400,7 +1400,7 @@ interface(`init_manage_pid_symlinks', `
 
 ######################################
 ## <summary>
-##  Create and write files in the /run/systemd directory.
+##  Create files in the /run/systemd directory.
 ## </summary>
 ## <param name="domain">
 ##  <summary>
@@ -1408,12 +1408,30 @@ interface(`init_manage_pid_symlinks', `
 ##  </summary>
 ## </param>
 #
-interface(`init_create_write_pid_files', `
+interface(`init_create_pid_files', `
 	gen_require(`
 		type init_runtime_t;
 	')
 
-	allow $1 init_runtime_t:file { create_file_perms write };
+	allow $1 init_runtime_t:file create_file_perms;
+')
+
+######################################
+## <summary>
+##  Write files in the /run/systemd directory.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`init_write_pid_files', `
+	gen_require(`
+		type init_runtime_t;
+	')
+
+	allow $1 init_runtime_t:file write_file_perms;
 ')
 
 ######################################

policy/modules/system/systemd.te

@@ -274,10 +274,11 @@ files_search_pids(systemd_fstab_generator_t)
 
 fstools_exec(systemd_fstab_generator_t)
 
-init_create_write_pid_files(systemd_fstab_generator_t)
+init_create_pid_files(systemd_fstab_generator_t)
 init_manage_pid_dirs(systemd_fstab_generator_t)
 init_manage_pid_symlinks(systemd_fstab_generator_t)
 init_search_pids(systemd_fstab_generator_t)
+init_write_pid_files(systemd_fstab_generator_t)
 
 kernel_read_kernel_sysctls(systemd_fstab_generator_t)