rtkit patch from Dan Walsh:

rtkit_daemon_system_domain interface allows domains to say rtkit can setsched on their process.
Needs sys_nice capability
Needs to getsched on all domains.
Fix bug in te file

Me:
changed interface name from rtkit_daemon_system_domain to rtkit_schedule
Already had sys_nice capability

policy/modules/services/rtkit.if

@@ -38,3 +38,23 @@ interface(`rtkit_daemon_dbus_chat',`
 	allow $1 rtkit_daemon_t:dbus send_msg;
 	allow rtkit_daemon_t $1:dbus send_msg;
 ')
+
+########################################
+## <summary>
+##	Allow rtkit to control scheduling for your process
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`rtkit_schedule',`
+	gen_require(`
+		type rtkit_daemon_t;
+	')
+
+	ps_process_pattern(rtkit_daemon_t, $1)
+	allow rtkit_daemon_t $1:process { getsched setsched };
+	rtkit_daemon_dbus_chat($1)
+')

policy/modules/services/rtkit.te

@@ -20,6 +20,7 @@ allow rtkit_daemon_t self:process { setsched getcap setcap setrlimit };
 
 kernel_read_system_state(rtkit_daemon_t)
 
+domain_getsched_all_domains(rtkit_daemon_t)
 domain_read_all_domains_state(rtkit_daemon_t)
 
 fs_rw_anon_inodefs_files(rtkit_daemon_t)
@@ -28,7 +29,7 @@ auth_use_nsswitch(rtkit_daemon_t)
 
 logging_send_syslog_msg(rtkit_daemon_t)
 
-miscfiles_read_localization(locale_t)
+miscfiles_read_localization(rtkit_daemon_t)
 
 optional_policy(`
 	policykit_dbus_chat(rtkit_daemon_t)