RPM: update selinux support in tdebase

29 files changed, 50 insertions, 5 deletions

diff --git a/redhat/docker/el6/packages b/redhat/docker/el6/packages
index 1ee5febb0..62d186f6f 100644
--- a/redhat/docker/el6/packages
+++ b/redhat/docker/el6/packages
@@ -197,6 +197,7 @@ ruby-devel
 sane-backends-devel
 scons
 SDL-devel
+selinux-policy-devel
 sip-devel
 speex-devel
 sqlite-devel
diff --git a/redhat/docker/el7/packages b/redhat/docker/el7/packages
index 4b6409613..969834482 100644
--- a/redhat/docker/el7/packages
+++ b/redhat/docker/el7/packages
@@ -184,6 +184,7 @@ ruby-devel
 sane-backends-devel
 scons
 SDL-devel
+selinux-policy-devel
 sip-devel
 speex-devel
 sqlite-devel
diff --git a/redhat/docker/el8/packages b/redhat/docker/el8/packages
index 739d439c4..29d65e748 100644
--- a/redhat/docker/el8/packages
+++ b/redhat/docker/el8/packages
@@ -177,6 +177,7 @@ ruby
 ruby-devel
 sane-backends-devel
 SDL-devel
+selinux-policy-devel
 speex-devel
 sqlite-devel
 subversion-devel
diff --git a/redhat/docker/f30/packages b/redhat/docker/f30/packages
index 7b22aeacf..7a77a3476 100644
--- a/redhat/docker/f30/packages
+++ b/redhat/docker/f30/packages
@@ -197,6 +197,7 @@ ruby-devel
 sane-backends-devel
 scons
 SDL-devel
+selinux-policy-devel
 sip-devel
 speex-devel
 sqlite-devel
diff --git a/redhat/docker/f31/packages b/redhat/docker/f31/packages
index 4264c7af8..4039b615b 100644
--- a/redhat/docker/f31/packages
+++ b/redhat/docker/f31/packages
@@ -201,6 +201,7 @@ ruby-devel
 sane-backends-devel
 scons
 SDL-devel
+selinux-policy-devel
 sip-devel
 speex-devel
 sqlite-devel
diff --git a/redhat/main/tdebase/tdebase.spec b/redhat/main/tdebase/tdebase.spec
index be68c4eeb..15d204b21 100644
--- a/redhat/main/tdebase/tdebase.spec
+++ b/redhat/main/tdebase/tdebase.spec
@@ -92,7 +92,7 @@ Source7:		xdm%{?dist}
 
 %if 0%{?fedora} >= 17 || 0%{?rhel} >= 6
 %define with_selinux_policy 1
-Source8:	tdm%{?dist}.pp
+Source8:	tdm%{?dist}.te
 %endif
 
 %if 0%{?mgaversion} >= 3
@@ -769,6 +769,12 @@ BuildRequires:		libnsl-devel
 # ATTR support
 BuildRequires:	libattr-devel
 
+# SELINUX support
+%if 0%{?rhel} >= 6 || 0%{?fedora}
+BuildRequires:	checkpolicy
+BuildRequires:	selinux-policy-devel
+%endif
+
 # tdebase is a metapackage that installs all sub-packages
 Requires: %{name}-runtime-data-common = %{version}-%{release}
 Requires: %{name}-data = %{version}-%{release}
@@ -3563,7 +3569,9 @@ fi
 
 # SELINUX policy for RHEL / Fedora
 %if 0%{?with_selinux_policy}
-%__install -D -m 644 "%{SOURCE8}" "%{?buildroot}%{tde_confdir}/%{tdm}/tdm.pp"
+%__cp -f "%{SOURCE8}" "tdm.te"
+%__make -f "%{_datadir}/selinux/devel/Makefile"
+%__install -D -m 644 -D "tdm.pp" "%{?buildroot}%{tde_confdir}/%{tdm}/tdm.pp"
 %endif
 
 # Mageia icon for TDE menu
diff --git a/redhat/main/tdebase/tdm.el6.pp b/redhat/main/tdebase/tdm.el6.pp
deleted file mode 100644
index 1ecd9bcb9..000000000
--- a/redhat/main/tdebase/tdm.el6.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.el6.te b/redhat/main/tdebase/tdm.el6.te
index befe10218..60508ae0d 100644
--- a/redhat/main/tdebase/tdm.el6.te
+++ b/redhat/main/tdebase/tdm.el6.te
@@ -1,5 +1,5 @@
 
-module tdm.el6 1.0;
+module tdm 1.0;
 
 require {
 	type fprintd_t;
diff --git a/redhat/main/tdebase/tdm.el7.pp b/redhat/main/tdebase/tdm.el7.pp
deleted file mode 100644
index 855c3860d..000000000
--- a/redhat/main/tdebase/tdm.el7.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.el7.te b/redhat/main/tdebase/tdm.el7.te
index 1c721d90b..519ca0506 100644
--- a/redhat/main/tdebase/tdm.el7.te
+++ b/redhat/main/tdebase/tdm.el7.te
@@ -1,5 +1,5 @@
 
-module tdm.el7 1.0;
+module tdm 1.0;
 
 require {
         type fprintd_t;
diff --git a/redhat/main/tdebase/tdm.el8.pp b/redhat/main/tdebase/tdm.el8.pp
deleted file mode 120000
index 3d25dc4f0..000000000
--- a/redhat/main/tdebase/tdm.el8.pp
+++ /dev/null
@@ -1 +0,0 @@
-tdm.el7.pp
\ No newline at end of file
diff --git a/redhat/main/tdebase/tdm.el8.te b/redhat/main/tdebase/tdm.el8.te
new file mode 100644
index 000000000..519ca0506
--- /dev/null
+++ b/redhat/main/tdebase/tdm.el8.te
@@ -0,0 +1,11 @@
+
+module tdm 1.0;
+
+require {
+        type fprintd_t;
+        type init_t;
+        class dbus send_msg;
+}
+
+#============= fprintd_t ==============
+allow fprintd_t init_t:dbus send_msg;
diff --git a/redhat/main/tdebase/tdm.fc17.pp b/redhat/main/tdebase/tdm.fc17.pp
deleted file mode 100644
index dec162d22..000000000
--- a/redhat/main/tdebase/tdm.fc17.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc18.pp b/redhat/main/tdebase/tdm.fc18.pp
deleted file mode 100644
index 2e79e9554..000000000
--- a/redhat/main/tdebase/tdm.fc18.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc19.pp b/redhat/main/tdebase/tdm.fc19.pp
deleted file mode 100644
index dec162d22..000000000
--- a/redhat/main/tdebase/tdm.fc19.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc20.pp b/redhat/main/tdebase/tdm.fc20.pp
deleted file mode 100644
index d0c0d4be8..000000000
--- a/redhat/main/tdebase/tdm.fc20.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc21.pp b/redhat/main/tdebase/tdm.fc21.pp
deleted file mode 100644
index d0c0d4be8..000000000
--- a/redhat/main/tdebase/tdm.fc21.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc22.pp b/redhat/main/tdebase/tdm.fc22.pp
deleted file mode 100644
index d0c0d4be8..000000000
--- a/redhat/main/tdebase/tdm.fc22.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc23.pp b/redhat/main/tdebase/tdm.fc23.pp
deleted file mode 100644
index d0c0d4be8..000000000
--- a/redhat/main/tdebase/tdm.fc23.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc24.pp b/redhat/main/tdebase/tdm.fc24.pp
deleted file mode 100644
index d0c0d4be8..000000000
--- a/redhat/main/tdebase/tdm.fc24.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc25.pp b/redhat/main/tdebase/tdm.fc25.pp
deleted file mode 100644
index d0c0d4be8..000000000
--- a/redhat/main/tdebase/tdm.fc25.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc26.pp b/redhat/main/tdebase/tdm.fc26.pp
deleted file mode 100644
index d0c0d4be8..000000000
--- a/redhat/main/tdebase/tdm.fc26.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc27.pp b/redhat/main/tdebase/tdm.fc27.pp
deleted file mode 100644
index d0c0d4be8..000000000
--- a/redhat/main/tdebase/tdm.fc27.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc28.pp b/redhat/main/tdebase/tdm.fc28.pp
deleted file mode 100644
index d0c0d4be8..000000000
--- a/redhat/main/tdebase/tdm.fc28.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc29.pp b/redhat/main/tdebase/tdm.fc29.pp
deleted file mode 100644
index d0c0d4be8..000000000
--- a/redhat/main/tdebase/tdm.fc29.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc30.pp b/redhat/main/tdebase/tdm.fc30.pp
deleted file mode 100644
index d0c0d4be8..000000000
--- a/redhat/main/tdebase/tdm.fc30.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc30.te b/redhat/main/tdebase/tdm.fc30.te
new file mode 100644
index 000000000..afe6de52a
--- /dev/null
+++ b/redhat/main/tdebase/tdm.fc30.te
@@ -0,0 +1,11 @@
+
+module tdm 1.0;
+
+require {
+	type fprintd_t;
+	type init_t;
+	class dbus send_msg;
+}
+
+#============= fprintd_t ==============
+allow fprintd_t init_t:dbus send_msg;
diff --git a/redhat/main/tdebase/tdm.fc31.pp b/redhat/main/tdebase/tdm.fc31.pp
deleted file mode 100644
index d0c0d4be8..000000000
--- a/redhat/main/tdebase/tdm.fc31.pp
+++ /dev/null
diff --git a/redhat/main/tdebase/tdm.fc31.te b/redhat/main/tdebase/tdm.fc31.te
new file mode 100644
index 000000000..afe6de52a
--- /dev/null
+++ b/redhat/main/tdebase/tdm.fc31.te
@@ -0,0 +1,11 @@
+
+module tdm 1.0;
+
+require {
+	type fprintd_t;
+	type init_t;
+	class dbus send_msg;
+}
+
+#============= fprintd_t ==============
+allow fprintd_t init_t:dbus send_msg;