From 3d4e2deda57a640b46117916a48c187880363d60 Mon Sep 17 00:00:00 2001
From: Corentin LABBE <clabbe.montjoie@gmail.com>
Date: Wed, 30 Nov 2022 09:27:56 +0100
Subject: [PATCH] fstools: handle gentoo place for drivedb.h

On a gentoo-hardened+selinux, I got denial from fsadm_t reading var_t.
This is due to smartctl trying to read /var/db/smartmontools/drivedb.h

Signed-off-by: Corentin LABBE <clabbe.montjoie@gmail.com>
---
 policy/modules/system/fstools.fc | 4 ++++
 policy/modules/system/fstools.te | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc
index 8fbd5ce44..63423802d 100644
--- a/policy/modules/system/fstools.fc
+++ b/policy/modules/system/fstools.fc
@@ -108,6 +108,10 @@
 /usr/sbin/zstreamdump		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 /usr/sbin/ztest			--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 
+ifdef(`distro_gentoo',`
+/var/db/smartmontools(/.*)?		gen_context(system_u:object_r:fsadm_db_t,s0)
+')
+
 /var/swap			--	gen_context(system_u:object_r:swapfile_t,s0)
 
 /var/log/fsck(/.*)?		gen_context(system_u:object_r:fsadm_log_t,s0)
diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te
index 75da8a0a0..11211b699 100644
--- a/policy/modules/system/fstools.te
+++ b/policy/modules/system/fstools.te
@@ -19,6 +19,11 @@ files_tmp_file(fsadm_tmp_t)
 type fsadm_run_t;
 files_runtime_file(fsadm_run_t)
 
+ifdef(`distro_gentoo',`
+type fsadm_db_t;
+files_type(fsadm_db_t)
+')
+
 type swapfile_t; # customizable
 files_type(swapfile_t)
 
@@ -55,6 +60,10 @@ allow fsadm_t fsadm_run_t:dir manage_dir_perms;
 allow fsadm_t fsadm_run_t:file manage_file_perms;
 files_runtime_filetrans(fsadm_t, fsadm_run_t, dir)
 
+ifdef(`distro_gentoo',`
+manage_files_pattern(fsadm_t, fsadm_db_t, fsadm_db_t)
+')
+
 # log files
 allow fsadm_t fsadm_log_t:dir setattr;
 manage_files_pattern(fsadm_t, fsadm_log_t, fsadm_log_t)