1# SPDX-License-Identifier: LGPL-2.1-or-later 2policy_module(systemd_test, 0.0.1) 3 4# declarations 5attribute systemd_test_domain_type; 6 7systemd_test_base_template(systemd_test) 8systemd_test_base_template(systemd_test_status) 9systemd_test_base_template(systemd_test_start) 10systemd_test_base_template(systemd_test_stop) 11systemd_test_base_template(systemd_test_reload) 12 13# systemd_test_domain_type 14 15require { 16 role system_r; 17 role unconfined_r; 18 type bin_t; 19 type initrc_t; 20 type systemd_systemctl_exec_t; 21 type unconfined_service_t; 22} 23 24role system_r types systemd_test_domain_type; 25role unconfined_r types systemd_test_domain_type; 26 27allow systemd_test_domain_type bin_t: file entrypoint; 28allow systemd_test_domain_type systemd_systemctl_exec_t: file entrypoint; 29allow initrc_t systemd_test_domain_type: process transition; 30allow unconfined_service_t systemd_test_domain_type: process transition; 31corecmd_exec_bin(systemd_test_domain_type) 32init_signal_script(systemd_test_domain_type) 33init_sigchld_script(systemd_test_domain_type) 34systemd_exec_systemctl(systemd_test_domain_type) 35userdom_use_user_ttys(systemd_test_domain_type) 36userdom_use_user_ptys(systemd_test_domain_type) 37 38optional_policy(` 39 dbus_system_bus_client(systemd_test_domain_type) 40 init_dbus_chat(systemd_test_domain_type) 41') 42 43# systemd_test_*_t 44require { 45 type systemd_unit_file_t; 46} 47 48allow systemd_test_status_t systemd_unit_file_t: service { status }; 49allow systemd_test_start_t systemd_unit_file_t: service { start }; 50allow systemd_test_stop_t systemd_unit_file_t: service { stop }; 51allow systemd_test_reload_t systemd_unit_file_t: service { reload }; 52