Add grub.patch

grub.patch

@@ -0,0 +1,36 @@
+diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc
+index 7a6f06f..e117271 100644
+--- a/policy/modules/admin/bootloader.fc
++++ b/policy/modules/admin/bootloader.fc
+@@ -1,9 +1,11 @@
+-
++/etc/default/grub	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
+ /etc/lilo\.conf.*	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
+ /etc/yaboot\.conf.*	--	gen_context(system_u:object_r:bootloader_etc_t,s0)
+ 
+-/sbin/grub		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
++/sbin/grub.*	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
++/sbin/installkernel	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/lilo.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
++/sbin/new-kernel-pkg	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+ /sbin/ybin.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+ 
+ /usr/sbin/grub		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
+diff --git a/policy/modules/admin/permissivedomains.te b/policy/modules/admin/permissivedomains.te
+index f95087c..e7d705e 100644
+--- a/policy/modules/admin/permissivedomains.te
++++ b/policy/modules/admin/permissivedomains.te
+@@ -2,6 +2,14 @@
+ 
+ optional_policy(`
+       gen_require(`
++             type bootloader_t;
++      ')
++
++      permissive bootloader_t;
++')
++
++optional_policy(`
++      gen_require(`
+              type systemd_logger_t;
+       ')

selinux-policy.spec

@@ -24,6 +24,7 @@ Source: serefpolicy-%{version}.tgz
 patch: policy-F16.patch
 patch1: ephemeral.patch
 patch2: unconfined_permissive.patch
+patch3: grub.patch
 Source1: modules-targeted.conf
 Source2: booleans-targeted.conf
 Source3: Makefile.devel
@@ -239,6 +240,7 @@ Based off of reference policy: Checked out revision  2.20091117
 %patch -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %install
 mkdir selinux_config