From 24674bbe0fd791e55d7eaa397bb7833265eb5089 Mon Sep 17 00:00:00 2001
From: MSVSphere Packaging Team <packager@msvsphere-os.ru>
Date: Tue, 26 Nov 2024 19:32:12 +0300
Subject: [PATCH] import tpm2-abrmd-selinux-2.3.1-12.el10

---
 .gitignore                                    |   1 +
 .tpm2-abrmd-selinux.metadata                  |   1 +
 ...fwupd-to-communicate-with-tpm2-abrmd.patch |  31 ++++
 SPECS/tpm2-abrmd-selinux.spec                 | 138 ++++++++++++++++++
 4 files changed, 171 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 .tpm2-abrmd-selinux.metadata
 create mode 100644 SOURCES/selinux-allow-fwupd-to-communicate-with-tpm2-abrmd.patch
 create mode 100644 SPECS/tpm2-abrmd-selinux.spec

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3ad6f31
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/tpm2-abrmd-2.3.1.tar.gz
diff --git a/.tpm2-abrmd-selinux.metadata b/.tpm2-abrmd-selinux.metadata
new file mode 100644
index 0000000..29cd5e7
--- /dev/null
+++ b/.tpm2-abrmd-selinux.metadata
@@ -0,0 +1 @@
+54a4c097520d6726fd19c04131dfafce2c4e6be8 SOURCES/tpm2-abrmd-2.3.1.tar.gz
diff --git a/SOURCES/selinux-allow-fwupd-to-communicate-with-tpm2-abrmd.patch b/SOURCES/selinux-allow-fwupd-to-communicate-with-tpm2-abrmd.patch
new file mode 100644
index 0000000..8b956b8
--- /dev/null
+++ b/SOURCES/selinux-allow-fwupd-to-communicate-with-tpm2-abrmd.patch
@@ -0,0 +1,31 @@
+From 0bb388cc57231cb46f5bfa1a52425588fa149e89 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 12 Feb 2020 13:48:29 +0100
+Subject: [PATCH] selinux: allow fwupd to communicate with tpm2-abrmd
+
+In Fedora, we have the following SELinux AVC error:
+
+Mar 07 09:18:35 river audit[1078]: USER_AVC pid=1078 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.558 spid=8554 tpid=8550 scontext=system_u:system_r:tabrmd_t:s0 tcontext=system_u:system_r:fwupd_t:s0 tclass=dbus permissive=0 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
+
+Allow fwupd to chat with tpm2-abrmd over D-BUS.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ selinux/tabrmd.te | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/selinux/tabrmd.te b/selinux/tabrmd.te
+index 59d7e548051..8996a46a0ea 100644
+--- a/selinux/tabrmd.te
++++ b/selinux/tabrmd.te
+@@ -21,6 +21,7 @@ optional_policy(`
+     dbus_stub()
+     dbus_system_domain(tabrmd_t, tabrmd_exec_t)
+     allow system_dbusd_t tabrmd_t:unix_stream_socket rw_stream_socket_perms;
++    fwupd_dbus_chat(tabrmd_t)
+ ')
+ 
+ tunable_policy(`tabrmd_connect_all_unreserved',`
+-- 
+2.24.1
+
diff --git a/SPECS/tpm2-abrmd-selinux.spec b/SPECS/tpm2-abrmd-selinux.spec
new file mode 100644
index 0000000..d3531e4
--- /dev/null
+++ b/SPECS/tpm2-abrmd-selinux.spec
@@ -0,0 +1,138 @@
+# defining macros needed by SELinux
+%global selinuxtype targeted
+%global selinux_policyver 3.14.3-22
+%global moduletype contrib
+%global modulename tabrmd
+
+Name: tpm2-abrmd-selinux
+Version: 2.3.1
+Release: 12%{?dist}
+Summary: SELinux policies for tpm2-abrmd
+
+License: BSD-2-Clause
+URL:     https://github.com/tpm2-software/tpm2-abrmd
+Source0: https://github.com/tpm2-software/tpm2-abrmd/archive/%{version}/tpm2-abrmd-%{version}.tar.gz
+
+Patch0: selinux-allow-fwupd-to-communicate-with-tpm2-abrmd.patch
+
+BuildArch: noarch
+Requires: selinux-policy >= %{selinux_policyver}
+BuildRequires: make
+BuildRequires: git
+BuildRequires: pkgconfig(systemd)
+BuildRequires: selinux-policy
+BuildRequires: selinux-policy-devel
+BuildRequires: selinux-policy-%{selinuxtype}
+Requires(post): selinux-policy-base >= %{selinux_policyver}
+Requires(post): libselinux-utils
+Requires(post): policycoreutils
+%if 0%{?fedora} || 0%{?rhel} >= 8
+Requires(post): policycoreutils-python-utils
+%else
+Requires(post): policycoreutils-python
+%endif
+
+%description
+SELinux policy modules for tpm2-abrmd.
+
+%prep
+%autosetup -p1 -n tpm2-abrmd-%{version}
+
+%build
+pushd selinux
+make %{?_smp_mflags} TARGET="tabrmd" SHARE="%{_datadir}"
+popd
+
+%pre
+%selinux_relabel_pre -s %{selinuxtype}
+
+%install
+# install policy modules
+pushd selinux
+install -d %{buildroot}%{_datadir}/selinux/packages
+install -d -p %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+install -p -m 644 %{modulename}.if %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages
+popd
+
+%check
+
+%post
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{modulename}.pp.bz2
+
+%postun
+if [ $1 -eq 0 ]; then
+    %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
+fi
+
+%posttrans
+%selinux_relabel_post -s %{selinuxtype}
+
+%files
+%license LICENSE
+%{_datadir}/selinux/*
+%{_datadir}/selinux/packages/%{modulename}.pp.bz2
+%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
+
+%changelog
+* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.3.1-12
+- Rebuilt for MSVSphere 10
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.3.1-12
+- Bump release for June 2024 mass rebuild
+
+* Mon Feb 19 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 2.3.1-11
+- Fix policycoreutils-python-utils dependency for RHEL 8+
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Tue Sep 26 2023 Štěpán Horáček <shoracek@redhat.com> - 2.3.1-9
+- Migrate license to SPDX
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Feb 12 2020 Javier Martinez Canillas <javierm@redhat.com> - 2.3.1-1
+- Update to 2.3.1 release
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Mar 08 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.1.0-2
+- selinux: allow tpm2-abrmd to communicate with fwupd
+  Resolves: rhbz#1665701
+
+* Fri Feb 22 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.1.0-1
+- Update to 2.1.0 release
+- Add selinux-policy-%{selinuxtype} BuildRequires
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Jul 04 2018 Javier Martinez Canillas <javierm@redhat.com> - 2.0.0-1
+- Initial import (rhbz#1550595)