File suse_minimal_cc.patch of Package selinux-policy
Index: serefpolicy-contrib-20140730/suse.te
===================================================================
--- /dev/null
+++ serefpolicy-contrib-20140730/suse.te
@@ -0,0 +1,88 @@
+policy_module(suse, 1.1.2)
+
+require {
+ type bin_t;
+ type chkpwd_t;
+ type getty_t;
+ type groupadd_t;
+ type init_exec_t;
+ type init_t;
+ type policykit_t;
+ type postfix_master_t;
+ type restorecond_t;
+ type rtkit_daemon_t;
+ type sshd_t;
+ type syslogd_t;
+ type system_dbusd_t;
+ type systemd_localed_t;
+ type systemd_logind_t;
+ type systemd_systemctl_exec_t;
+ type unconfined_service_t;
+ type unconfined_t;
+ type useradd_t;
+ type var_run_t;
+
+ class file { read open getattr entrypoint };
+ class netlink_selinux_socket { create bind };
+ class sock_file write;
+}
+
+#============= chkpwd_t ==============
+allow chkpwd_t var_run_t:sock_file write;
+files_rw_inherited_generic_pid_files(chkpwd_t)
+
+#============= getty_t ==============
+allow getty_t var_run_t:sock_file write;
+plymouthd_exec_plymouth(getty_t)
+kernel_stream_connect(getty_t)
+
+#============= policykit_t ==============
+allow policykit_t var_run_t:sock_file write;
+files_rw_inherited_generic_pid_files(policykit_t)
+
+#============= postfix_master_t ==============
+allow postfix_master_t var_run_t:sock_file write;
+files_rw_inherited_generic_pid_files(postfix_master_t)
+
+#============= rtkit_daemon_t ==============
+allow rtkit_daemon_t var_run_t:sock_file write;
+files_rw_inherited_generic_pid_files(rtkit_daemon_t)
+
+#============= sshd_t ==============
+allow sshd_t var_run_t:sock_file write;
+files_rw_inherited_generic_pid_files(sshd_t)
+
+#============= restorecond_t ==============
+allow restorecond_t var_run_t:sock_file write;
+
+#============= syslogd_t ==============
+allow syslogd_t var_run_t:file { read getattr open };
+allow syslogd_t var_run_t:sock_file write;
+
+#============= systemd_localed_t ==============
+systemd_dbus_chat_localed(unconfined_service_t)
+
+#============= systemd_logind_t ==============
+allow systemd_logind_t var_run_t:sock_file write;
+files_rw_inherited_generic_pid_files(systemd_logind_t)
+systemd_dbus_chat_logind(unconfined_service_t)
+
+#============= unconfined_service_t ==============
+unconfined_shell_domtrans(unconfined_service_t)
+
+#============= unconfined_t ==============
+allow unconfined_t systemd_systemctl_exec_t:file entrypoint;
+allow init_t unconfined_t:process transition;
+allow unconfined_t init_exec_t:file entrypoint;
+
+#============= groupadd_t ==============
+allow groupadd_t self:netlink_selinux_socket { create bind };
+allow groupadd_t var_run_t:sock_file write;
+
+#============= system_dbusd_t ==============
+allow system_dbusd_t var_run_t:sock_file write;
+
+#============= useradd_t ==============
+allow useradd_t var_run_t:sock_file write;
+selinux_compute_access_vector(useradd_t)
+
Index: serefpolicy-contrib-20140730/suse.fc
===================================================================
--- /dev/null
+++ serefpolicy-contrib-20140730/suse.fc
@@ -0,0 +1 @@
+/usr/lib/gdm/.* -- gen_context(system_u:object_r:bin_t,s0)
Index: serefpolicy-contrib-20140730/suse.if
===================================================================
--- /dev/null
+++ serefpolicy-contrib-20140730/suse.if
@@ -0,0 +1,24 @@
+## <summary>asdfsdfABRT - automated bug-reporting tool</summary>
+
+######################################
+## <summary>
+## Creates types and rules for a basic
+## ABRT daemon domainadsasdf
+## </summary>
+## <param name="prefix">
+## <summary>
+## Prefix for the domain.
+## </summary>
+## </param>
+#
+template(`abrt_asdfasfasfbasic_types_template',`
+ gen_require(`
+ attribute abrt_domain;
+ ')
+
+ type $1_t, abrt_domain;
+ type $1_exec_t;
+
+ kernel_read_system_state($1_t)
+')
+
