From 4aafedd8725b697a04f3b6e2d07518da259fc5cb Mon Sep 17 00:00:00 2001
From: Chris PeBenito <Christopher.PeBenito@microsoft.com>
Date: Tue, 28 May 2019 11:13:32 -0400
Subject: [PATCH] init: Add systemd block to init_script_domain().

Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
---
 policy/modules/system/init.if | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index f9fd09b73..2415bb771 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -99,6 +99,12 @@ interface(`init_script_domain',`
 	role system_r types $1;
 
 	domtrans_pattern(init_run_all_scripts_domain, $2, $1)
+
+	ifdef(`init_systemd',`
+		allow $1 init_t:unix_stream_socket { getattr read write ioctl };
+
+		allow init_t $1:process2 { nnp_transition nosuid_transition };
+	')
 ')
 
 ########################################