From 3f0c2cc12322c9036d5223da5b85b5f8d54c59a4 Mon Sep 17 00:00:00 2001
From: Sergey Cherevko <sergey.cherevko@softline.com>
Date: Wed, 29 Jan 2025 20:59:43 +0300
Subject: [PATCH] Added policy fprintd_t for focal fingerprint

---
 SOURCES/selinux-policy-focal-moh-spi.patch | 49 ++++++++++++++++++++++
 SPECS/selinux-policy.spec                  |  9 +++-
 2 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/selinux-policy-focal-moh-spi.patch

diff --git a/SOURCES/selinux-policy-focal-moh-spi.patch b/SOURCES/selinux-policy-focal-moh-spi.patch
new file mode 100644
index 0000000..ecd757d
--- /dev/null
+++ b/SOURCES/selinux-policy-focal-moh-spi.patch
@@ -0,0 +1,49 @@
+diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
+index 99ae622..b9542cc 100644
+--- a/policy/modules/kernel/devices.fc
++++ b/policy/modules/kernel/devices.fc
+@@ -39,6 +39,7 @@
+ /dev/event.*		-c	gen_context(system_u:object_r:event_device_t,s0)
+ /dev/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
+ /dev/fb[0-9]*		-c	gen_context(system_u:object_r:framebuf_device_t,s0)
++/dev/focal_moh_spi		-c	gen_context(system_u:object_r:fprintd_device_t,s0)
+ /dev/full		-c	gen_context(system_u:object_r:null_device_t,s0)
+ /dev/fw.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
+ /dev/gfx		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)
+diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
+index b063e34..9365f3d 100644
+--- a/policy/modules/kernel/devices.if
++++ b/policy/modules/kernel/devices.if
+@@ -6841,6 +6841,7 @@ gen_require(`
+ 	type smartcard_device_t;
+ 	type mtrr_device_t;
+ 	type ecryptfs_device_t;
++	type fprintd_device_t;
+     type mptctl_device_t;
+     type hypervkvp_device_t;
+     type hypervvssd_device_t;
+@@ -7023,6 +7024,7 @@ gen_require(`
+ 	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb7")
+ 	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb8")
+ 	filetrans_pattern($1, device_t, framebuf_device_t, chr_file, "fb9")
++	filetrans_pattern($1, device_t, fprintd_device_t, chr_file, "focal_moh_spi")
+ 	filetrans_pattern($1, device_t, null_device_t, chr_file, "full")
+ 	filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw0")
+ 	filetrans_pattern($1, device_t, usb_device_t, chr_file, "fw1")
+diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
+index 8d414cb..52f4501 100644
+--- a/policy/modules/kernel/devices.te
++++ b/policy/modules/kernel/devices.te
+@@ -131,6 +131,12 @@ dev_node(event_device_t)
+ type framebuf_device_t;
+ dev_node(framebuf_device_t)
+ 
++#
++# Type for fpr /dev/focal_moh_spi
++#
++type fprintd_device_t;
++dev_node(fprintd_device_t)
++
+ #
+ # Type for hyperv devices
+ #
diff --git a/SPECS/selinux-policy.spec b/SPECS/selinux-policy.spec
index 1d2e386..95e13ff 100644
--- a/SPECS/selinux-policy.spec
+++ b/SPECS/selinux-policy.spec
@@ -23,7 +23,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 40.13.19
-Release: 1%{?dist}
+Release: 1%{?dist}.inferit
 License: GPL-2.0-or-later
 Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 Source1: Makefile.devel
@@ -51,6 +51,10 @@ Source39: selinux-policy-mls.conf
 # Provide rpm macros for packages installing SELinux modules
 Source5: rpm.macros
 
+# MSVSphere
+# Added policy fprintd_t for facal fingerprint driver
+Patch0: selinux-policy-focal-moh-spi.patch
+
 Url: %{giturl}
 BuildArch: noarch
 BuildRequires: python3 gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-devel >= %{POLICYCOREUTILSVER} bzip2
@@ -760,6 +764,9 @@ exit 0
 
 %changelog
 ## START: Generated by rpmautospec
+* Wed Jan 29 2025 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 40.13.19-1.inferit
+- Added policy fprintd_t for focal fingerprint
+
 * Wed Dec 18 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.19-1
 - Allow systemd-journald getattr nsfs files
 Resolves: RHEL-71803