From ab6cab80936386f134d543ddf6a45da93e15bcd5 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 18 Nov 2024 15:58:09 +0100
Subject: [PATCH] Allow gnome-remote-desktop dbus chat with policykit

The commit addresses the following USER_AVC denial:
type=USER_AVC msg=audit(10/26/2024 06:47:07.080:612) : pid=792 uid=dbus auid=unset ses=unset subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for  scontext=system_u:system_r:gnome_remote_desktop_t:s0 tcontext=system_u:system_r:policykit_t:s0 tclass=dbus permissive=1 exe=/usr/bin/dbus-broker sauid=dbus hostname=? addr=? terminal=?'
---
 policy/modules/contrib/gnome_remote_desktop.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/contrib/gnome_remote_desktop.te b/policy/modules/contrib/gnome_remote_desktop.te
index 48c3d11e81..f1712c993a 100644
--- a/policy/modules/contrib/gnome_remote_desktop.te
+++ b/policy/modules/contrib/gnome_remote_desktop.te
@@ -62,6 +62,10 @@ optional_policy(`
 	miscfiles_read_localization(gnome_remote_desktop_t)
 ')
 
+optional_policy(`
+	policykit_dbus_chat(gnome_remote_desktop_t)
+')
+
 optional_policy(`
 	systemd_login_list_pid_dirs(gnome_remote_desktop_t)
 	systemd_login_read_pid_files(gnome_remote_desktop_t)