From d012f391c46d82ccc14f207f9810c5c5d3aadc88 Mon Sep 17 00:00:00 2001
From: Bojan Smojver <bojan@rexursive.com>
Date: Mon, 13 Jan 2020 07:28:49 +1100
Subject: [PATCH] Add vsock items to SELinux policy (thanks to mm19827 of
 gmail.com).

---
 xrdp.spec | 5 ++++-
 xrdp.te   | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/xrdp.spec b/xrdp.spec
index e1317a8..fb08936 100644
--- a/xrdp.spec
+++ b/xrdp.spec
@@ -13,7 +13,7 @@ Summary:   Open source remote desktop protocol (RDP) server
 Name:      xrdp
 Epoch:     1
 Version:   0.9.12
-Release:   2%{?dist}
+Release:   3%{?dist}
 License:   ASL 2.0
 URL:       http://www.xrdp.org/
 Source0:   https://github.com/neutrinolabs/xrdp/releases/download/v%{version}/xrdp-%{version}.tar.gz
@@ -269,6 +269,9 @@ fi
 %{_datadir}/selinux/*/%{name}.pp
 
 %changelog
+* Mon Jan 13 2020 Bojan Smojver <bojan@rexurive.com> - 1:0.9.12-3
+- Add vsock items to SELinux policy (thanks to mm19827 of gmail.com)
+
 * Sun Jan 12 2020 Bojan Smojver <bojan@rexurive.com> - 1:0.9.12-2
 - Enable vsock (bug #1787953)
 
diff --git a/xrdp.te b/xrdp.te
index 0b66810..b18e2fc 100644
--- a/xrdp.te
+++ b/xrdp.te
@@ -1,8 +1,9 @@
-module xrdp 1.0.1;
+module xrdp 1.0.2;
 
 require {
         type unconfined_service_t;
         type unconfined_t;
+        type unlabeled_t;
         type xserver_exec_t;
         type xserver_t;
         type oddjob_t;
@@ -10,11 +11,13 @@ require {
         class process transition;
         class file entrypoint;
         class process2 nnp_transition;
+        class vsock_socket { getattr read write };
 }
 
 #============= unconfined_service_t ==============
 allow unconfined_service_t unconfined_t:process transition;
 allow unconfined_service_t oddjob_mkhomedir_exec_t:file entrypoint;
+allow unconfined_service_t unlabeled_t:vsock_socket { getattr read write };
 
 #============= unconfined_t ==============
 allow unconfined_t xserver_exec_t:file entrypoint;