add definition of bpf class and systemd perms

policy/flask/access_vectors

@@ -1081,3 +1081,12 @@ inherits socket
 
 class smc_socket
 inherits socket
+
+class bpf
+{
+	map_create
+	map_read
+	map_write
+	prog_load
+	prog_run
+}

policy/flask/security_classes

@@ -190,4 +190,6 @@ class smc_socket
 
 class process2
 
+class bpf
+
 # FLASK

policy/modules/system/init.te

@@ -228,6 +228,7 @@ ifdef(`init_systemd',`
 	allow init_t self:netlink_route_socket create_netlink_socket_perms;
 	allow init_t initrc_t:unix_dgram_socket create_socket_perms;
 	allow init_t self:capability2 audit_read;
+	allow init_t self:bpf { map_create map_read map_write prog_load prog_run };
 
 	# for /run/systemd/inaccessible/{chr,blk}
 	allow init_t init_var_run_t:blk_file { create getattr };