From 2292734883e49bdcf30108b81bc0d8eea6ceef75 Mon Sep 17 00:00:00 2001
From: Radovan Sroka <rsroka@redhat.com>
Date: Fri, 10 Feb 2023 15:38:32 +0100
Subject: [PATCH] Rebase to v1.2

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
---
 .gitignore                              |  1 +
 fapolicyd-rpm-backend-c99.patch         | 19 ------------
 fapolicyd-selinux-allow-boot-home.patch | 40 -------------------------
 fapolicyd-selinux-watch-perm.patch      | 31 -------------------
 fapolicyd.spec                          |  9 +++---
 sources                                 |  2 +-
 6 files changed, 7 insertions(+), 95 deletions(-)
 delete mode 100644 fapolicyd-rpm-backend-c99.patch
 delete mode 100644 fapolicyd-selinux-allow-boot-home.patch
 delete mode 100644 fapolicyd-selinux-watch-perm.patch

diff --git a/.gitignore b/.gitignore
index 1d9bb86..f1d57ff 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,3 +26,4 @@
 /fapolicyd-1.1.5.tar.gz
 /fapolicyd-1.1.7.tar.gz
 /fapolicyd-selinux-0.5.tar.gz
+/fapolicyd-1.2.tar.gz
diff --git a/fapolicyd-rpm-backend-c99.patch b/fapolicyd-rpm-backend-c99.patch
deleted file mode 100644
index 56a6674..0000000
--- a/fapolicyd-rpm-backend-c99.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Include <rpmpgp.h> for the rpmFreeCrypto function, to avoid an
-implicit function declaration.
-
-Submitted upstream:
-
-  <https://github.com/linux-application-whitelisting/fapolicyd/pull/212>
-
-diff --git a/src/library/rpm-backend.c b/src/library/rpm-backend.c
-index e5c5f3318285fd4b..6122ef1bf6623522 100644
---- a/src/library/rpm-backend.c
-+++ b/src/library/rpm-backend.c
-@@ -30,6 +30,7 @@
- #include <rpm/rpmmacro.h>
- #include <rpm/rpmlog.h>
- #include <rpm/rpmdb.h>
-+#include <rpm/rpmpgp.h>
- #include <fnmatch.h>
- 
- #include <uthash.h>
diff --git a/fapolicyd-selinux-allow-boot-home.patch b/fapolicyd-selinux-allow-boot-home.patch
deleted file mode 100644
index f676d59..0000000
--- a/fapolicyd-selinux-allow-boot-home.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From a1a9a59f93ebfe6d0c9d725ed0712210994e6d64 Mon Sep 17 00:00:00 2001
-From: Zdenek Pytela <zpytela@redhat.com>
-Date: Tue, 6 Apr 2021 16:06:48 +0200
-Subject: [PATCH] Allow fapolicyd watch boot and home directories
-
-The fapolicyd service needs watch_mount and watch_with_perm permissions
-for fanotify/inotify/dnotify calls on the following directories:
-- /boot and /boot/efi directories
-- /home directories
-
-Note the /boot/efi directory has the dosfs_t label.
----
- fapolicyd.te | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/fapolicyd-selinux-0.4/fapolicyd.te b/fapolicyd-selinux-0.4/fapolicyd.te
-index f5d0052..c12f385 100644
---- a/fapolicyd-selinux-0.4/fapolicyd.te
-+++ b/fapolicyd-selinux-0.4/fapolicyd.te
-@@ -63,14 +63,20 @@ domain_read_all_domains_state(fapolicyd_t)
- 
- files_mmap_usr_files(fapolicyd_t)
- files_read_all_files(fapolicyd_t)
-+files_watch_mount_boot_dirs(fapolicyd_t)
-+files_watch_with_perm_boot_dirs(fapolicyd_t)
- files_watch_mount_generic_tmp_dirs(fapolicyd_t)
- files_watch_with_perm_generic_tmp_dirs(fapolicyd_t)
-+files_watch_mount_home(fapolicyd_t)
-+files_watch_with_perm_home(fapolicyd_t)
- files_watch_mount_root_dirs(fapolicyd_t)
- files_watch_with_perm_root_dirs(fapolicyd_t)
- 
- fs_getattr_xattr_fs(fapolicyd_t)
- fs_watch_mount_tmpfs_dirs(fapolicyd_t)
- fs_watch_with_perm_tmpfs_dirs(fapolicyd_t)
-+fs_watch_mount_dos_dirs(fapolicyd_t)
-+fs_watch_with_perm_dos_dirs(fapolicyd_t)
- 
- logging_send_syslog_msg(fapolicyd_t)
- dbus_system_bus_client(fapolicyd_t)
diff --git a/fapolicyd-selinux-watch-perm.patch b/fapolicyd-selinux-watch-perm.patch
deleted file mode 100644
index 4128b8e..0000000
--- a/fapolicyd-selinux-watch-perm.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 6a966a3ee89233a0a055712f39ca564ba91183bf Mon Sep 17 00:00:00 2001
-From: Zdenek Pytela <zpytela@redhat.com>
-Date: Thu, 15 Apr 2021 16:56:08 +0200
-Subject: [PATCH] Allow fapolicyd watch_mount/watch_with_perm all files and
- directories
-
-For the fanotify_mark() syscall, fapolicyd uses the FAN_MARK_MOUNT flag
-to mark the file's mount point to monitor. As this can be any file or
-directory on the filesystem, the SELinux watch_mount and watch_with_perm
-permissions are allowed for the file_type attribute.
----
- fapolicyd.te | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/fapolicyd-selinux-0.4/fapolicyd.te b/fapolicyd-selinux-0.4/fapolicyd.te
-index c12f385..582e03f 100644
---- a/fapolicyd-selinux-0.4/fapolicyd.te
-+++ b/fapolicyd-selinux-0.4/fapolicyd.te
-@@ -36,6 +36,12 @@ allow fapolicyd_t self:process { setcap setsched };
- allow fapolicyd_t self:unix_stream_socket create_stream_socket_perms;
- allow fapolicyd_t self:unix_dgram_socket create_socket_perms;
- 
-+gen_require(`
-+	attribute file_type;
-+')
-+allow fapolicyd_t file_type:dir { watch_mount watch_with_perm };
-+allow fapolicyd_t file_type:file { watch_mount watch_with_perm };
-+
- manage_files_pattern(fapolicyd_t, fapolicyd_log_t, fapolicyd_log_t)
- logging_log_filetrans(fapolicyd_t, fapolicyd_log_t, file)
- 
diff --git a/fapolicyd.spec b/fapolicyd.spec
index c4eff27..ae31b74 100644
--- a/fapolicyd.spec
+++ b/fapolicyd.spec
@@ -4,7 +4,7 @@
 
 Summary: Application Whitelisting Daemon
 Name: fapolicyd
-Version: 1.1.7
+Version: 1.2
 Release: 4%{?dist}
 License: GPLv3+
 URL: http://people.redhat.com/sgrubb/fapolicyd
@@ -30,7 +30,6 @@ Requires(post): systemd-units
 Requires(preun): systemd-units
 Requires(postun): systemd-units
 
-Patch2: fapolicyd-rpm-backend-c99.patch
 # RHEL-specific patches
 Patch100: fapolicyd-uthash-bundle.patch
 
@@ -59,7 +58,6 @@ The %{name}-selinux package contains selinux policy for the %{name} daemon.
 
 # selinux
 %setup -q -D -T -a 1
-%patch2 -p1 -b .c99
 
 %if 0%{?rhel} != 0
 # uthash
@@ -172,6 +170,7 @@ fi
 %ghost %{_sysconfdir}/%{name}/rules.d/*
 %ghost %{_sysconfdir}/%{name}/%{name}.rules
 %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.conf
+%config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/rpm-filter.conf
 %config(noreplace) %attr(644,root,%{name}) %{_sysconfdir}/%{name}/%{name}.trust
 %ghost %attr(644,root,%{name}) %{_sysconfdir}/%{name}/compiled.rules
 %attr(644,root,root) %{_unitdir}/%{name}.service
@@ -181,7 +180,6 @@ fi
 %attr(755,root,root) %{_sbindir}/fagenrules
 %attr(644,root,root) %{_mandir}/man8/*
 %attr(644,root,root) %{_mandir}/man5/*
-%attr(644,root,root) %{_mandir}/man1/*
 %ghost %attr(440,%{name},%{name}) %verify(not md5 size mtime) %{_localstatedir}/log/%{name}-access.log
 %attr(770,root,%{name}) %dir %{_localstatedir}/lib/%{name}
 %attr(770,root,%{name}) %dir /run/%{name}
@@ -207,6 +205,9 @@ fi
 %selinux_relabel_post -s %{selinuxtype}
 
 %changelog
+* Fri Feb 10 2023 Radovan Sroka <rsroka@redhat.com> - 1.2-1
+- rebase to v1.2
+
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.7-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 
diff --git a/sources b/sources
index 53307c0..899e070 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (fapolicyd-1.1.7.tar.gz) = 18fce19486f24c29f5b69c5117d04d201c4e27a5ceb6367e01ee6b0601958ce68eaf8ca37f13340c905b1d38294c8a8401693552d3f146ff5994a82a216f3b14
+SHA512 (fapolicyd-1.2.tar.gz) = 42c2a66f9b28f96597544bff72022d8735ba8700f022bb7a4d2ab74df43924e372c6e25af0af9d737710b0b835163775002f330bd5adf2964831902b755bebc7
 SHA512 (fapolicyd-selinux-0.5.tar.gz) = 15f35fcbc8f9a387483be1501693ebfa0e909b6e27fdadd4b89d8541db18738c61074d9fbd3cb8b574edc873bca10fd56767b7b77ad559d93dbb5ef005708273
 SHA512 (uthash-2.3.0.tar.gz) = 3b01f1074790fb242900411cb16eb82c1a9afcf58e3196a0f4611d9d7ef94690ad38c0a500e7783d3efa20328aa8d6ab14f246be63b3b3d385502ba2b6b2a294