From 37dbb1e7b5944a1cceb2009f8bbb4897150fd1ef Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Tue, 22 Feb 2022 09:48:33 +0100
Subject: [PATCH] Allow sosreport dbus chat abrt systemd timedatex

Reference: https://gitbub.com/fedora-selinux/selinux-policy/commit/37dbb1e7b5944a1cceb2009f8bbb4897150fd1ef
Conflict: NA

Create sosreport dbus chat interface.

Allow abrt, systemd and timedatex to dbus chat sosreport

Signed-off-by: lujie54 <lujie54@huawei.com>
---
 policy/modules/contrib/abrt.te      |  1 +
 policy/modules/contrib/sosreport.if | 20 ++++++++++++++++++++
 policy/modules/contrib/timedatex.te |  5 ++++-
 policy/modules/system/systemd.te    |  4 ++++
 4 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/policy/modules/contrib/abrt.te b/policy/modules/contrib/abrt.te
index a68c7fd..02a12df 100644
--- a/policy/modules/contrib/abrt.te
+++ b/policy/modules/contrib/abrt.te
@@ -350,6 +350,7 @@ optional_policy(`
 #')
 
 optional_policy(`
+	sosreport_dbus_chat(abrt_t)
 	sosreport_domtrans(abrt_t)
 	sosreport_read_tmp_files(abrt_t)
 	sosreport_delete_tmp_files(abrt_t)
diff --git a/policy/modules/contrib/sosreport.if b/policy/modules/contrib/sosreport.if
index f6db7a7..c5fbb7a 100644
--- a/policy/modules/contrib/sosreport.if
+++ b/policy/modules/contrib/sosreport.if
@@ -146,3 +146,23 @@ interface(`sosreport_signull',`
 	allow $1 sosreport_t:process signull;
 ')
 
+########################################
+## <summary>
+##      Send and receive messages from
+##      sosreport over dbus.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`sosreport_dbus_chat',`
+        gen_require(`
+                type sosreport_t;
+                class dbus send_msg;
+        ')
+
+        allow $1 sosreport_t:dbus send_msg;
+        allow sosreport_t $1:dbus send_msg;
+')
diff --git a/policy/modules/contrib/timedatex.te b/policy/modules/contrib/timedatex.te
index 3a2e4db..6a640fa 100644
--- a/policy/modules/contrib/timedatex.te
+++ b/policy/modules/contrib/timedatex.te
@@ -64,6 +64,9 @@ optional_policy(`
 ')
 
 optional_policy(`
-    userdom_dbus_send_all_users(timedatex_t)
+    sosreport_dbus_chat(timedatex_t)
 ')
 
+optional_policy(`
+    userdom_dbus_send_all_users(timedatex_t)
+')
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 476e2d3..97cc111 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -545,6 +545,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+    sosreport_dbus_chat(systemd_networkd_t)
+')
+
+optional_policy(`
     udev_read_db(systemd_networkd_t)
 ')
 
-- 
1.8.3.1