test/TEST-06-SELINUX/systemd_test.te

   1 policy_module(systemd_test, 0.0.1)
   2
   3 # declarations
   4 attribute systemd_test_domain_type;
   5
   6 systemd_test_base_template(systemd_test)
   7 systemd_test_base_template(systemd_test_status)
   8 systemd_test_base_template(systemd_test_start)
   9 systemd_test_base_template(systemd_test_stop)
  10 systemd_test_base_template(systemd_test_reload)
  11
  12 # systemd_test_domain_type
  13
  14 require {
  15         role system_r;
  16         role unconfined_r;
  17         type bin_t;
  18         type initrc_t;
  19         type systemd_systemctl_exec_t;
  20         type unconfined_service_t;
  21 }
  22
  23 role system_r types systemd_test_domain_type;
  24 role unconfined_r types systemd_test_domain_type;
  25
  26 allow systemd_test_domain_type bin_t: file entrypoint;
  27 allow systemd_test_domain_type systemd_systemctl_exec_t: file entrypoint;
  28 allow initrc_t systemd_test_domain_type: process transition;
  29 allow unconfined_service_t systemd_test_domain_type: process transition;
  30 corecmd_exec_bin(systemd_test_domain_type)
  31 init_signal_script(systemd_test_domain_type)
  32 init_sigchld_script(systemd_test_domain_type)
  33 systemd_exec_systemctl(systemd_test_domain_type)
  34 userdom_use_user_ttys(systemd_test_domain_type)
  35 userdom_use_user_ptys(systemd_test_domain_type)
  36
  37 optional_policy(`
  38         dbus_system_bus_client(systemd_test_domain_type)
  39         init_dbus_chat(systemd_test_domain_type)
  40 ')
  41
  42 # systemd_test_*_t
  43 require {
  44         type systemd_unit_file_t;
  45 }
  46
  47 allow systemd_test_status_t systemd_unit_file_t: service { status };
  48 allow systemd_test_start_t systemd_unit_file_t: service { start };
  49 allow systemd_test_stop_t systemd_unit_file_t: service { stop };
  50 allow systemd_test_reload_t systemd_unit_file_t: service { reload };