From 6f8f2fbdaa248e9d8967456b79888b4484ca9ad7 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 10 Jan 2022 21:51:47 +0100
Subject: [PATCH] Allow tlp read its systemd unit

Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/6f8f2fbdaa248e9d8967456b79888b4484ca9ad7
Conflict: NA

A tlp script executes systemctl to get status of the tlp service unit.

Resolves: rhbz#2013451
Signed-off-by: lujie54 <lujie54@huawei.com>
---
 policy/modules/contrib/tlp.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/contrib/tlp.te b/policy/modules/contrib/tlp.te
index b9491ee..e2de3b2 100644
--- a/policy/modules/contrib/tlp.te
+++ b/policy/modules/contrib/tlp.te
@@ -28,6 +28,8 @@ allow tlp_t self:udp_socket create_socket_perms;
 allow tlp_t self:unix_dgram_socket create_socket_perms;
 allow tlp_t self:netlink_generic_socket create_socket_perms;
 
+allow tlp_t tlp_unit_file_t:file read_file_perms;
+
 manage_dirs_pattern(tlp_t, tlp_var_run_t, tlp_var_run_t)
 manage_files_pattern(tlp_t, tlp_var_run_t, tlp_var_run_t)
 files_pid_filetrans(tlp_t, tlp_var_run_t, { dir file })
-- 
1.8.3.1