usbguard/SOURCES/usbguard-selinux-dbus-CVE.p...

diff -up usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te.orig usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te
--- usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te.orig	2022-08-17 09:17:13.995269603 +0200
+++ usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te	2022-08-17 09:18:47.439260009 +0200
@@ -99,7 +99,6 @@ logging_log_filetrans(usbguard_t, usbgua
 
 logging_send_syslog_msg(usbguard_t)
 
-dbus_system_domain(usbguard_t, usbguard_exec_t)
 usbguard_ipc_access(usbguard_t)
 
 tunable_policy(`usbguard_daemon_write_rules',`
@@ -110,6 +109,14 @@ tunable_policy(`usbguard_daemon_write_co
 	rw_files_pattern(usbguard_t, usbguard_conf_t, usbguard_conf_t)
 ')
 
+optional_policy(`
+	dbus_system_domain(usbguard_t, usbguard_exec_t)
+
+	optional_policy(`
+		policykit_dbus_chat(usbguard_t)
+	')
+')
+
 # Allow confined users to communicate with usbguard over unix socket
 optional_policy(`
     gen_require(`
import usbguard-1.0.0-15.el9 2 years ago			`diff -up usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te.orig usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te`
			`--- usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te.orig 2022-08-17 09:17:13.995269603 +0200`
			`+++ usbguard-1.0.0/usbguard-selinux-0.0.4/usbguard.te 2022-08-17 09:18:47.439260009 +0200`
			`@@ -99,7 +99,6 @@ logging_log_filetrans(usbguard_t, usbgua`

			`logging_send_syslog_msg(usbguard_t)`

			`-dbus_system_domain(usbguard_t, usbguard_exec_t)`
			`usbguard_ipc_access(usbguard_t)`

			tunable_policy(`usbguard_daemon_write_rules',`
			@@ -110,6 +109,14 @@ tunable_policy(`usbguard_daemon_write_co
			`rw_files_pattern(usbguard_t, usbguard_conf_t, usbguard_conf_t)`
			`')`

			+optional_policy(`
			`+ dbus_system_domain(usbguard_t, usbguard_exec_t)`
			`+`
			+ optional_policy(`
			`+ policykit_dbus_chat(usbguard_t)`
			`+ ')`
			`+')`
			`+`
			`# Allow confined users to communicate with usbguard over unix socket`
			optional_policy(`
			gen_require(`