From 05e940f535497768c2b4a8c37365b5b5156eda75 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Fri, 25 Feb 2022 14:16:52 +0100
Subject: [PATCH] Allow chronyd send a message to sosreport over datagram
 socket

Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/05e940f535497768c2b4a8c37365b5b5156eda75
Conflict: NA

The sosreport_dgram_send() interface was added.

Signed-off-by: lujie54 <lujie54@huawei.com>
---
 policy/modules/contrib/chronyd.te   |  4 ++++
 policy/modules/contrib/sosreport.if | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/policy/modules/contrib/chronyd.te b/policy/modules/contrib/chronyd.te
index 8da80de..142139d 100644
--- a/policy/modules/contrib/chronyd.te
+++ b/policy/modules/contrib/chronyd.te
@@ -175,6 +175,10 @@ optional_policy(`
     rolekit_dgram_send(chronyd_t)
 ')
 
+optional_policy(`
+	sosreport_dgram_send(chronyd_t)
+')
+
 ########################################
 #
 # Local policy
diff --git a/policy/modules/contrib/sosreport.if b/policy/modules/contrib/sosreport.if
index c5fbb7a..44b13a8 100644
--- a/policy/modules/contrib/sosreport.if
+++ b/policy/modules/contrib/sosreport.if
@@ -166,3 +166,21 @@ interface(`sosreport_dbus_chat',`
         allow $1 sosreport_t:dbus send_msg;
         allow sosreport_t $1:dbus send_msg;
 ')
+
+########################################
+## <summary>
+##	Send a message to sosreport over the datagram socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`sosreport_dgram_send',`
+	gen_require(`
+		type sosreport_t;
+	')
+
+	allow $1 sosreport_t:unix_dgram_socket sendto;
+')
-- 
1.8.3.1