selinux-refpolicy/policy/modules/services/tpm2.if

## <summary>Trusted Platform Module 2.0</summary>

########################################
## <summary>
##	Allow specified domain to enable/disable tpm2-abrmd unit
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`tpm2_enabledisable_abrmd',`
	gen_require(`
		type tpm2_abrmd_unit_t;
		class service { enable disable };
	')

	allow $1 tpm2_abrmd_unit_t:service { enable disable };
')

########################################
## <summary>
##	Allow specified domain to start/stop tpm2-abrmd unit
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`tpm2_startstop_abrmd',`
	gen_require(`
		type tpm2_abrmd_unit_t;
		class service { start stop };
	')

	allow $1 tpm2_abrmd_unit_t:service { start stop };
')

########################################
## <summary>
##	Allow specified domain to get status of tpm2-abrmd unit
## </summary>
## <param name="domain">
##	<summary>
##	Domain allowed access.
##	</summary>
## </param>
#
interface(`tpm2_status_abrmd',`
	gen_require(`
		type tpm2_abrmd_unit_t;
		class service status;
	')

	allow $1 tpm2_abrmd_unit_t:service status;
')