sysadm, systemd: allow sysadmins to connect to systemd-networkd over

unix stream sockets

Signed-off-by: Kenton Groombridge <concord@gentoo.org>

policy/modules/roles/sysadm.te

@@ -105,6 +105,7 @@ ifdef(`init_systemd',`
 	systemd_dbus_chat_logind(sysadm_t)
 
 	# Allow sysadm to query and set networking settings on the system.
+	systemd_stream_connect_networkd(sysadm_t)
 	systemd_dbus_chat_networkd(sysadm_t)
 	fs_read_nsfs_files(sysadm_t)
 

policy/modules/system/systemd.if

@@ -2023,6 +2023,27 @@ interface(`systemd_relabelto_journal_files',`
 	allow $1 systemd_journal_t:file relabelto_file_perms;
 ')
 
+########################################
+## <summary>
+##	Connect to systemd-networkd over
+##	/run/systemd/netif/io.systemd.Network.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`systemd_stream_connect_networkd',`
+	gen_require(`
+		type systemd_networkd_t;
+		type systemd_networkd_runtime_t;
+	')
+
+	init_search_runtime($1)
+	stream_connect_pattern($1, systemd_networkd_runtime_t, systemd_networkd_runtime_t, systemd_networkd_t)
+')
+
 ########################################
 ## <summary>
 ##	Allow domain to read systemd_networkd_t unit files