## <summary>Systemd components (not PID 1)</summary>

######################################
## <summary>
##   Read systemd_login PID files.
## </summary>
## <param name="domain">
##   <summary>
##     Domain allowed access.
##   </summary>
## </param>
#
interface(`systemd_read_logind_pids',`
	gen_require(`
		type systemd_logind_var_run_t;
	')

	files_search_pids($1)
	read_files_pattern($1, systemd_logind_var_run_t, systemd_logind_var_run_t)
')

######################################
## <summary>
##   Manage systemd_login PID pipes.
## </summary>
## <param name="domain">
##   <summary>
##     Domain allowed access.
##   </summary>
## </param>
#
interface(`systemd_manage_logind_pid_pipes',`
	gen_require(`
		type systemd_logind_var_run_t;
	')

	files_search_pids($1)
	manage_fifo_files_pattern($1, systemd_logind_var_run_t, systemd_logind_var_run_t)
')

######################################
## <summary>
##   Use inherited systemd
##   logind file descriptors.
## </summary>
## <param name="domain">
##   <summary>
##     Domain allowed access.
##   </summary>
## </param>
#
interface(`systemd_use_logind_fds',`
	gen_require(`
		type systemd_logind_t;
	')

	allow $1 systemd_logind_t:fd use;
')

########################################
## <summary>
##   Send and receive messages from
##   systemd logind over dbus.
## </summary>
## <param name="domain">
##   <summary>
##     Domain allowed access.
##   </summary>
## </param>
#
interface(`systemd_dbus_chat_logind',`
	gen_require(`
		type systemd_logind_t;
		class dbus send_msg;
	')

	allow $1 systemd_logind_t:dbus send_msg;
	allow systemd_logind_t $1:dbus send_msg;
')

########################################
## <summary>
##   Allow process to write to systemd_kmod_conf_t.
## </summary>
## <param name="domain">
##   <summary>
##     Domain allowed access.
##   </summary>
## </param>
## <rolecap/>
#
interface(`systemd_write_kmod_files',`
	gen_require(`
		type systemd_kmod_conf_t;
	')

	write_files_pattern($1, var_run_t, systemd_kmod_conf_t)
')

########################################
## <summary>
##   Allow process to relabel to systemd_kmod_conf_t.
## </summary>
## <param name="domain">
##   <summary>
##     Domain allowed access.
##   </summary>
## </param>
## <rolecap/>
#
interface(`systemd_relabelto_kmod_files',`
	gen_require(`
		type systemd_kmod_conf_t;
	')

	allow $1 systemd_kmod_conf_t:file relabelto_file_perms;
')

########################################
## <summary>
##   Get the system status information from systemd_login
## </summary>
## <param name="domain">
##   <summary>
##     Domain allowed access.
##   </summary>
## </param>
#
interface(`systemd_status_logind',`
	gen_require(`
		type systemd_logind_t;
		class service status;
	')

	allow $1 systemd_logind_t:service status;
')

########################################
## <summary>
##   Send systemd_login a null signal.
## </summary>
## <param name="domain">
##   <summary>
##     Domain allowed access.
##   </summary>
## </param>
#
interface(`systemd_signull_logind',`
	gen_require(`
		type systemd_logind_t;
	')

	allow $1 systemd_logind_t:process signull;
')

########################################
## <summary>
## Allow specified domain to start power units
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`systemd_start_power_units',`
	gen_require(`
		type power_unit_t;
		class service start;
	')

	allow $1 power_unit_t:service start;
')