From 14a208a78ed843964f8f79903d130760aa7a9a4e Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Wed, 5 Oct 2022 19:53:23 +0200
Subject: [PATCH] Allow login_userdomain dbus chat with rhsmcertd

Addresses the following USER_AVC denial:
type=USER_AVC msg=audit(1662423125.839:301): pid=896 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_call interface=com.redhat.RHSM1.Config member=GetAll dest=:1.386 spid=4090 tpid=2540 scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rhsmcertd_t:s0 tclass=dbus permissive=0  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'

Resolves: rhbz#2124388
---
 policy/modules/system/userdomain.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 6502db7bf0..4f63e6f662 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -448,6 +448,10 @@ optional_policy(`
 	pkcs_tmpfs_named_filetrans(login_userdomain)
 ')
 
+optional_policy(`
+	rhsmcertd_dbus_chat(login_userdomain)
+')
+
 optional_policy(`
 	rpc_watch_exports(login_userdomain)
 ')