Add policy for systemd GPT generator

policy/modules/system/systemd.fc

@@ -11,6 +11,9 @@
 /usr/bin/systemd-tty-ask-password-agent	--	gen_context(system_u:object_r:systemd_passwd_agent_exec_t,s0)
 /usr/bin/systemd-notify			--	gen_context(system_u:object_r:systemd_notify_exec_t,s0)
 
+# Systemd generators
+/usr/lib/systemd/system-generators/systemd-gpt-auto-generator	    --	    gen_context(system_u:object_r:systemd_gpt_generator_exec_t,s0)
+
 /usr/lib/systemd/systemd-activate	--	gen_context(system_u:object_r:systemd_activate_exec_t,s0)
 /usr/lib/systemd/systemd-backlight	--	gen_context(system_u:object_r:systemd_backlight_exec_t,s0)
 /usr/lib/systemd/systemd-binfmt		--	gen_context(system_u:object_r:systemd_binfmt_exec_t,s0)

policy/modules/system/systemd.te

@@ -48,6 +48,10 @@ init_system_domain(systemd_binfmt_t, systemd_binfmt_exec_t)
 type systemd_binfmt_unit_t;
 init_unit_file(systemd_binfmt_unit_t)
 
+type systemd_gpt_generator_t;
+type systemd_gpt_generator_exec_t;
+init_system_domain(systemd_gpt_generator_t, systemd_gpt_generator_exec_t)
+
 type systemd_cgroups_t;
 type systemd_cgroups_exec_t;
 domain_type(systemd_cgroups_t)
@@ -194,6 +198,18 @@ files_read_etc_files(systemd_binfmt_t)
 
 fs_register_binary_executable_type(systemd_binfmt_t)
 
+#######################################
+#
+# GPT auto generator local policy
+#
+
+dev_read_sysfs(systemd_gpt_generator_t)
+files_read_etc_files(systemd_gpt_generator_t)
+fs_getattr_xattr_fs(systemd_gpt_generator_t)
+storage_raw_read_fixed_disk(systemd_gpt_generator_t)
+
+systemd_log_parse_environment(systemd_gpt_generator_t)
+
 ######################################
 #
 # Cgroups local policy