From 6a3bba766f3e0bbbf3fcb101fc13e3c305d1ae34 Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Mon, 18 Oct 2021 23:35:21 +0800
Subject: [PATCH] samba: allow smbd_t to send and receive messages from avahi
 over dbus

Fixes:
avc: denied { send_msg } for msgtype=method_call
interface=org.freedesktop.Avahi.Server member=GetAPIVersion
dest=org.freedesktop.Avahi spid=481 tpid=508
scontext=system_u:system_r:smbd_t tcontext=system_u:system_r:avahi_t
tclass=dbus permissive=1

avc: denied { send_msg } for msgtype=signal
interface=org.freedesktop.Avahi.Server member=StateChanged
dest=org.freedesktop.DBus spid=508 tpid=481
scontext=system_u:system_r:avahi_t tcontext=system_u:system_r:smbd_t
tclass=dbus permissive=1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 policy/modules/services/samba.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
index 66c007fa7..1126c09cc 100644
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -467,6 +467,10 @@ optional_policy(`
 
 optional_policy(`
 	dbus_system_bus_client(smbd_t)
+
+	optional_policy(`
+		avahi_dbus_chat(smbd_t)
+	')
 ')
 
 optional_policy(`