From b0c20efcc06c5f8ad94389b64e7ae576cdf46a96 Mon Sep 17 00:00:00 2001
From: alakatos <alakatos@redhat.com>
Date: Thu, 27 Jul 2023 10:56:48 +0200
Subject: [PATCH] Rebase to 1.1.2   Resolves: rhbz#2064543

---
 .gitignore                                    |  1 +
 sources                                       |  2 +-
 ...restore-support-access-control-names.patch | 44 -------------------
 usbguard-selinux-audit-write.patch            | 12 +++++
 usbguard.spec                                 | 16 ++++---
 5 files changed, 24 insertions(+), 51 deletions(-)
 delete mode 100644 usbguard-restore-support-access-control-names.patch
 create mode 100644 usbguard-selinux-audit-write.patch

diff --git a/.gitignore b/.gitignore
index 0bb9727..37047d1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,4 @@
 /usbguard-selinux-0.0.4.tar.gz
 /usbguard-1.0.0.tar.gz
 /usbguard-1.1.0.tar.gz
+/usbguard-1.1.2.tar.gz
diff --git a/sources b/sources
index f4811e8..c5d8006 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (usbguard-1.1.0.tar.gz) = f882e8ba38743c044984520d5514035e0e76e185328c2f16226ce8fb14b5dbde0c021327b3dabfdea36e18428be5fb23b559f6837ef7f81dabb5e9b4ed4e1e91
+SHA512 (usbguard-1.1.2.tar.gz) = 03b6dd026a0fe6a7a055208f09a56e2cc86985570388e33fde08671b8aa2d60ea4a0e59505e9646ddf50f42f5b6310d1b230379f9c26ec99c7ca736f3b4ad850
 SHA512 (usbguard-selinux-0.0.4.tar.gz) = b73b14396e40f847704511097bfed17c94b9b28cc70f3391a6effab763a315fe723aba37bb4c622d18ab691306c485fcd7632ccc8a837413f32c73cd9879c8b0
diff --git a/usbguard-restore-support-access-control-names.patch b/usbguard-restore-support-access-control-names.patch
deleted file mode 100644
index 5f4bed2..0000000
--- a/usbguard-restore-support-access-control-names.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 22eb68cde27046c684e3ee2061b085b18fad863b Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Sat, 5 Mar 2022 17:22:05 +0100
-Subject: [PATCH] Restore support for access control filenames without a group
-
-Regression from commit b15ef713a9ac47e84525bbf829c7f444b84c3c81
-of release 1.1.0, detailed analysis online at
-https://github.com/USBGuard/usbguard/issues/540#issuecomment-1059784284
----
- src/Daemon/Daemon.cpp | 17 +++++++++++++++--
- 1 file changed, 15 insertions(+), 2 deletions(-)
-
-diff --git a/src/Daemon/Daemon.cpp b/src/Daemon/Daemon.cpp
-index 45ddb76d..4ec2d934 100644
---- a/src/Daemon/Daemon.cpp
-+++ b/src/Daemon/Daemon.cpp
-@@ -446,12 +446,25 @@ namespace usbguard
-   void Daemon::parseIPCAccessControlFilename(const std::string& basename, std::string* const ptr_user,
-     std::string* const ptr_group)
-   {
-+    // There are five supported forms:
-+    // - "<user>:<group>"
-+    // - "<user>:"
-+    // - "<user>"
-+    // - ":<group>"
-+    // - ":"
-     const auto ug_separator = basename.find_first_of(":");
-     const bool has_group = ug_separator != std::string::npos;
-     const std::string user = basename.substr(0, ug_separator);
-     const std::string group = has_group ? basename.substr(ug_separator + 1) : std::string();
--    checkIPCAccessControlName(user);
--    checkIPCAccessControlName(group);
-+
-+    if (! user.empty()) {
-+      checkIPCAccessControlName(user);
-+    }
-+
-+    if (! group.empty()) {
-+      checkIPCAccessControlName(group);
-+    }
-+
-     *ptr_user = user;
-     *ptr_group = group;
-   }
diff --git a/usbguard-selinux-audit-write.patch b/usbguard-selinux-audit-write.patch
new file mode 100644
index 0000000..4d8b376
--- /dev/null
+++ b/usbguard-selinux-audit-write.patch
@@ -0,0 +1,12 @@
+diff -up usbguard-1.1.0/usbguard-selinux-0.0.4/usbguard.te.orig usbguard-1.1.0/usbguard-selinux-0.0.4/usbguard.te
+--- usbguard-1.1.0/usbguard-selinux-0.0.4/usbguard.te.orig	2023-07-27 10:41:25.540984667 +0200
++++ usbguard-1.1.0/usbguard-selinux-0.0.4/usbguard.te	2023-07-27 10:41:59.970006413 +0200
+@@ -68,7 +68,7 @@ files_pid_file(usbguard_var_run_t)
+ # Local policy
+ #
+ 
+-allow usbguard_t self:capability { chown fowner };
++allow usbguard_t self:capability { chown fowner audit_write };
+ allow usbguard_t self:netlink_kobject_uevent_socket { bind create setopt read };
+ allow usbguard_t self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
+ 
diff --git a/usbguard.spec b/usbguard.spec
index c602254..9c13cf0 100644
--- a/usbguard.spec
+++ b/usbguard.spec
@@ -3,8 +3,8 @@
 %define semodule_version 0.0.4
 
 Name:           usbguard
-Version:        1.1.0
-Release:        8%{?dist}
+Version:        1.1.2
+Release:        1%{?dist}
 Summary:        A tool for implementing USB device usage policy
 License:        GPL-2.0-or-later
 ## Not installed
@@ -42,9 +42,9 @@ BuildRequires: systemd
 
 Patch1: usbguard-revert-catch.patch
 Patch2: policykit-dbus-chat-selinux.patch
-Patch3: usbguard-restore-support-access-control-names.patch
 # https://github.com/USBGuard/usbguard/pull/582
-Patch4: usbguard-gcc13.patch
+Patch3: usbguard-gcc13.patch
+Patch4: usbguard-selinux-audit-write.patch
 
 %description
 The USBGuard software framework helps to protect your computer against rogue USB
@@ -108,8 +108,8 @@ daemon.
 
 %patch -P 1 -p1 -b .catch
 %patch -P 2 -p1 -b .policykit
-%patch -P 3 -p1 -b .access-contol-names
-%patch -P 4 -p1 -b .gcc13
+%patch -P 3 -p1 -b .gcc13
+%patch -P 4 -p1
 
 # Remove bundled library sources before build
 rm -rf src/ThirdParty/{Catch,PEGTL}
@@ -232,6 +232,10 @@ fi
 
 
 %changelog
+* Thu Jul 27 2023 Attila Lakatos <alakatos@redhat.com> - 1.1.2-1
+- Rebase to 1.1.2
+Resolves: rhbz#2064543
+
 * Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild