Confine the pcm service

dist/targeted/modules.conf

@@ -3022,9 +3022,17 @@ systemd-homed = module
 #
 iiosensorproxy = module
 
-# Layer: system
+# Layer: contrib
 # Module: powerprofiles
 #
 # Policy for power-profiles-daemon - power profiles handling over D-Bus
 #
 powerprofiles = module
+
+# Layer: contrib
+# Module: pcm
+#
+# Policy for pcm - Intel(r) Performance Counter Monitor
+#
+#
+pcm = module

policy/modules/contrib/pcm.fc

@@ -0,0 +1 @@
+/usr/sbin/pcm-sensor-server	--	gen_context(system_u:object_r:pcmsensor_exec_t,s0)

policy/modules/contrib/pcm.if

@@ -0,0 +1 @@
+## <summary>Intel Performance Counter Monitor (PCM) Sensor Service</summary>

policy/modules/contrib/pcm.te

@@ -0,0 +1,18 @@
+policy_module(pcmsensor, 1.0)
+
+########################################
+#
+# Declarations
+#
+
+type pcmsensor_t;
+type pcmsensor_exec_t;
+init_daemon_domain(pcmsensor_t, pcmsensor_exec_t)
+#init_nnp_daemon_domain(pcmsensor_t)
+
+#type pcmsensor_var_lib_t;
+#files_type(pcmsensor_var_lib_t);
+
+permissive pcmsensor_t;
+
+