From ca80f3582bf0198ec83f235120be2f453cf72310 Mon Sep 17 00:00:00 2001
From: Sergey Cherevko <sergey.cherevko@softline.com>
Date: Fri, 15 Mar 2024 12:01:27 +0300
Subject: [PATCH] Added SELinux policy

---
 SOURCES/gutenprint.te | 10 ++++++++
 SPECS/gutenprint.spec | 53 ++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/gutenprint.te

diff --git a/SOURCES/gutenprint.te b/SOURCES/gutenprint.te
new file mode 100644
index 0000000..f81c8d1
--- /dev/null
+++ b/SOURCES/gutenprint.te
@@ -0,0 +1,10 @@
+
+module gutenprint 1.0;
+
+require {
+	type cupsd_t;
+	class capability2 bpf;
+}
+
+#============= cupsd_t ==============
+allow cupsd_t self:capability2 bpf;
diff --git a/SPECS/gutenprint.spec b/SPECS/gutenprint.spec
index bd2c734..1af81d1 100644
--- a/SPECS/gutenprint.spec
+++ b/SPECS/gutenprint.spec
@@ -1,15 +1,17 @@
 #%%global prever pre2
 #%%global ver %%{version}-%%{prever}
+%global selinuxtype targeted
 
 Name:           gutenprint
 Summary:        Printer Drivers Package
 Version:        5.2.14
-Release:        3%{?dist}
+Release:        3%{?dist}.inferit
 URL:            http://gimp-print.sourceforge.net/
 Source0:        http://downloads.sourceforge.net/gimp-print/%{name}-%{version}.tar.bz2
 # Post-install script to update CUPS native PPDs.
 Source1:        cups-genppdupdate.py.in
 # ported from old gimp-print package - fix for a menu in gimp gutenprint plugin
+Source2:        gutenprint.te
 Patch0:         gutenprint-menu.patch
 Patch1:         gutenprint-O6.patch
 Patch3:         gutenprint-postscriptdriver.patch
@@ -44,6 +46,10 @@ BuildRequires: autoconf automake libtool
 # needed for defining %%{__python3} macro in prep phase
 BuildRequires: python3-devel
 
+# fix SELinux policy
+BuildRequires:  selinux-policy-devel
+Requires:   (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
+
 ## NOTE ##
 # The README file in this package contains suggestions from upstream
 # on how to package this software. I'd be inclined to follow those
@@ -108,6 +114,15 @@ Requires:       %{name}%{?_isa} = %{version}-%{release}
 This package contains native CUPS support for a wide range of Canon,
 Epson, HP and compatible printers.
 
+%package selinux
+Summary:        SELinux policy module for gutenprint
+Requires:       %{name} = %{version}-%{release}
+%{?selinux_requires}
+
+%description selinux
+This package contains the SELinux policy module necessary to run
+gutenprint from GNOME Control Center
+
 %prep
 %setup -q -n %{name}-%{version}
 # Fix menu placement of GIMP plugin.
@@ -132,6 +147,10 @@ sed -i -e 's,^#!/usr/bin/python3,#!%{__python3},' src/cups/cups-genppdupdate.in
 # Python 3.6 invalid escape sequence deprecation fixes, COPYING as license (bug #1448303)
 %patch6 -p1 -b .python36syntax
 
+# SELinux fixes
+mkdir -p SELinux
+cp %{SOURCE2} SELinux/
+
 %build
 # Don't run the weave test as it takes a very long time.
 sed -i -e 's,^\(TESTS *=.*\) run-weavetest,\1,' test/Makefile.in
@@ -148,6 +167,10 @@ sed -i -e 's,^\(TESTS *=.*\) run-weavetest,\1,' test/Makefile.in
 
 %make_build
 
+# Build SELinux policy
+cd SELinux
+%{__make} NAME=%{selinuxtype} -f /usr/share/selinux/devel/Makefile
+
 # Test suite disabled due to bug #1069274.
 #%check
 #make check
@@ -162,6 +185,9 @@ rm -f %{buildroot}%{_datadir}/foomatic/kitload.log
 rm -rf %{buildroot}%{_libdir}/gutenprint/5.2/modules/*.la
 rm -f %{buildroot}%{_sysconfdir}/cups/command.types
 
+install -d %{buildroot}%{_datadir}/selinux/%{selinuxtype}
+install -p -m 644 SELinux/%{name}.pp %{buildroot}%{_datadir}/selinux/%{selinuxtype}/%{name}.pp
+
 %find_lang %{name}
 sed 's!%{_datadir}/locale/\([^/]*\)/LC_MESSAGES/gutenprint.mo!%{_datadir}/locale/\1/gutenprint_\1.po!g' %{name}.lang >%{name}-po.lang
 rm -f %{name}.lang
@@ -195,6 +221,23 @@ done
 /sbin/service cups reload >/dev/null 2>&1 || :
 exit 0
 
+%pre selinux
+%selinux_relabel_pre -s %{selinuxtype}
+
+%post selinux
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/%{selinuxtype}/%{name}.pp
+%selinux_relabel_post -s %{selinuxtype}
+
+if [ "$1" -le "1" ]; then # First install
+  # the daemon needs to be restarted for the custom label to be applied
+  %systemd_postun_with_restart waydroid-container.service
+fi
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+  %selinux_modules_uninstall -s %{selinuxtype} %{name}
+  %selinux_relabel_post -s %{selinuxtype}
+fi
 
 %files -f %{name}.lang
 %license COPYING
@@ -245,7 +288,15 @@ exit 0
 %{_mandir}/man8/cups-calibrate.8*
 %{_mandir}/man8/cups-genppd*.8*
 
+%files selinux
+%doc SELinux/%{name}.te
+%{_datadir}/selinux/%{selinuxtype}/%{name}.pp
+
 %changelog
+* Fri Mar 15 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 5.2.14-3.inferit
+- Added SELinux policy (based on Arkady L. Shane <tigro@msvsphere-os.ru> patch for MSVSphere 9)
+- Rebuilt for MSVSphere 8.9
+
 * Tue Jul 25 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 5.2.14-3
 - Rebuilt for MSVSphere 8.8