File Local-policy.patch of Package qSnapper
diff -N -r --unified qSnapper-1.0.3/selinux/qsnapper-local-16.0.te qSnapper-1.0.3-fix/selinux/qsnapper-local-16.0.te
--- qSnapper-1.0.3/selinux/qsnapper-local-16.0.te 1970-01-01 01:00:00.000000000 +0100
+++ qSnapper-1.0.3-fix/selinux/qsnapper-local-16.0.te 2026-03-18 20:08:05.027851043 +0100
@@ -0,0 +1,58 @@
+
+module qsnapper-local-16.0 1.0;
+
+require {
+ type default_context_t;
+ type file_context_t;
+ type selinux_config_t;
+ type qsnapper_dbus_t;
+ type snapperd_data_t;
+ type snapperd_log_t;
+ type init_var_run_t;
+ type unconfined_t;
+ type dma_device_t;
+ type qsnapper_exec_t;
+ type run_init_exec_t;
+ type policykit_t;
+ type snapperd_exec_t;
+ type init_exec_t;
+ type snapperd_conf_t;
+ type qsnapper_t;
+ class unix_stream_socket { getattr ioctl };
+ class chr_file { ioctl open read write };
+ class unix_dgram_socket { getopt setopt };
+ class dir { add_name create getattr ioctl open read remove_name rmdir search setattr write };
+ class dbus send_msg;
+ class file { append create getattr open read rename setattr unlink write };
+ class lnk_file getattr;
+}
+
+#============= policykit_t ==============
+
+allow policykit_t qsnapper_dbus_t:dbus send_msg;
+
+#============= qsnapper_dbus_t ==============
+allow qsnapper_dbus_t policykit_t:dbus send_msg;
+allow qsnapper_dbus_t default_context_t:dir search;
+allow qsnapper_dbus_t file_context_t:dir search;
+allow qsnapper_dbus_t file_context_t:file { getattr open read };
+allow qsnapper_dbus_t selinux_config_t:dir read;
+
+allow qsnapper_dbus_t qsnapper_exec_t:file { getattr open read };
+allow qsnapper_dbus_t run_init_exec_t:file { getattr open read };
+
+allow qsnapper_dbus_t snapperd_conf_t:dir { getattr open read search };
+allow qsnapper_dbus_t snapperd_conf_t:file { getattr open read };
+allow qsnapper_dbus_t snapperd_data_t:dir { add_name create getattr ioctl open read remove_name rmdir search setattr write };
+allow qsnapper_dbus_t snapperd_data_t:file { create getattr open read rename setattr unlink write };
+allow qsnapper_dbus_t snapperd_exec_t:file { getattr open read };
+allow qsnapper_dbus_t snapperd_log_t:file { append getattr open };
+
+
+
+#============= qsnapper_t ==============
+
+allow qsnapper_t dma_device_t:chr_file { ioctl open read write };
+allow qsnapper_t init_var_run_t:dir search;
+allow qsnapper_t self:unix_dgram_socket { getopt setopt };
+allow qsnapper_t unconfined_t:unix_stream_socket { getattr ioctl };
diff --git a/selinux/Makefile b/selinux/Makefile
index c298024..f58e542 100644
--- a/selinux/Makefile
+++ b/selinux/Makefile
@@ -40,7 +40,7 @@ endif
# Build targets
########################################
-TARGETS = $(POLICY_NAME).pp
+TARGETS = $(POLICY_NAME).pp $(POLICY_NAME)-local-16.0.te
all: $(TARGETS)
@@ -49,11 +49,20 @@ $(POLICY_NAME).mod: $(POLICY_NAME).te
@echo "Compiling Type Enforcement policy: $< -> $@"
$(CHECKMODULE) -M -m -o $@ $<
+$(POLICY_NAME)-local-16.0.mod: $(POLICY_NAME)-local-16.0.te
+ @echo "Compiling Type Enforcement policy: $< -> $@"
+ $(CHECKMODULE) -M -m -o $@ $<
+
# Step 2: Package .mod + .fc + .if to .pp
$(POLICY_NAME).pp: $(POLICY_NAME).mod $(POLICY_NAME).fc $(POLICY_NAME).if
@echo "Packaging SELinux policy module: $@"
$(SEMODULE_PACKAGE) -o $@ -m $(POLICY_NAME).mod -f $(POLICY_NAME).fc
+$(POLICY_NAME)-local-16.0.pp: $(POLICY_NAME)-local-16.0.mod
+ @echo "Packaging SELinux policy module: $@"
+ $(SEMODULE_PACKAGE) -o $@ -m $(POLICY_NAME)-local-16.0.mod
+
+
########################################
# Installation and management
########################################
@@ -66,6 +75,7 @@ install: all
exit 1; \
fi
$(SEMODULE) -i $(POLICY_NAME).pp
+ $(SEMODULE) -i $(POLICY_NAME)-local-16.0.pp
@echo "Policy module installed successfully"
@echo ""
@echo "Relabeling qSnapper binaries..."
