!63 selinux: call init_nnp_daemon_domain for domain to allow for systemd

From: @jia-wenhao1017 
Reviewed-by: @mailofzxf 
Signed-off-by: @mailofzxf

Hygon-Add-support-for-TCM-devices.patch

@@ -0,0 +1,42 @@
+From a12832040ba73e44e0b04a662df05eedbe3614fd Mon Sep 17 00:00:00 2001
+From: chench00 <chench@hygon.cn>
+Date: Wed, 27 Mar 2024 15:56:35 +0800
+Subject: [PATCH] [newfeature][all] Add support for TCM devices
+
+---
+ dist/tpm2-abrmd.service.in | 5 +++--
+ src/tabrmd-defaults.h      | 2 +-
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/dist/tpm2-abrmd.service.in b/dist/tpm2-abrmd.service.in
+index b0b562c..0effaa9 100644
+--- a/dist/tpm2-abrmd.service.in
++++ b/dist/tpm2-abrmd.service.in
+@@ -2,8 +2,9 @@
+ Description=TPM2 Access Broker and Resource Management Daemon
+ # These settings are needed when using the device TCTI. If the
+ # TCP mssim is used then the settings should be commented out.
+-After=dev-tpm0.device
+-Requires=dev-tpm0.device
++After=dev-tpm0.device dev-tcm0.device
++ConditionPathExists=|/dev/tpm0
++ConditionPathExists=|/dev/tcm0
+ 
+ [Service]
+ Type=dbus
+diff --git a/src/tabrmd-defaults.h b/src/tabrmd-defaults.h
+index 7387a47..0396189 100644
+--- a/src/tabrmd-defaults.h
++++ b/src/tabrmd-defaults.h
+@@ -16,7 +16,7 @@
+ #define TABRMD_ENTROPY_SRC_DEFAULT "/dev/urandom"
+ #define TABRMD_SESSIONS_MAX_DEFAULT 4
+ #define TABRMD_SESSIONS_MAX 64
+-#define TABRMD_TCTI_CONF_DEFAULT "device:/dev/tpm0"
++#define TABRMD_TCTI_CONF_DEFAULT ((!access("/dev/tcm0", F_OK)) ? ("device:/dev/tcm0") : ("device:/dev/tpm0"))
+ #define TABRMD_TRANSIENT_MAX_DEFAULT 27
+ #define TABRMD_TRANSIENT_MAX 100
+ 
+-- 
+2.25.1
+

backport-call-init_nnp_daemon_domain-for-domain-to-allow.patch

@@ -0,0 +1,25 @@
+From 2740de19da2153df8eb0e2ab0a98544e7db2d7da Mon Sep 17 00:00:00 2001
+From: jiawenhao <jiawenhao@xfusion.com>
+Date: Sun, 20 Apr 2025 09:33:56 +0800
+Subject: [PATCH] call-init_nnp_daemon_domain-for-domain-to-allow-for-systemd
+
+---
+ selinux/tabrmd.te | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/selinux/tabrmd.te b/selinux/tabrmd.te
+index 8996a46..efd2336 100644
+--- a/selinux/tabrmd.te
++++ b/selinux/tabrmd.te
+@@ -9,7 +9,7 @@ gen_tunable(`tabrmd_connect_all_unreserved', false)
+ 
+ type tabrmd_t;
+ type tabrmd_exec_t;
+-init_daemon_domain(tabrmd_t, tabrmd_exec_t)
++init_nnp_daemon_domain(tabrmd_t, tabrmd_exec_t)
+ 
+ allow tabrmd_t self:unix_dgram_socket { create_socket_perms };
+ 
+-- 
+2.43.0
+

backport-fix-in-SELinux-interface-file-a-typo.patch

@@ -0,0 +1,25 @@
+From 259f00ee59c98d97ce218143ca073066dac60d1f Mon Sep 17 00:00:00 2001
+From: jiawenhao <jiawenhao@xfusion.com>
+Date: Fri, 18 Apr 2025 15:39:06 +0800
+Subject: [PATCH] fix-in-SELinux-interface-file-a-typo
+
+---
+ selinux/tabrmd.if | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/selinux/tabrmd.if b/selinux/tabrmd.if
+index c04eca0..81c7853 100644
+--- a/selinux/tabrmd.if
++++ b/selinux/tabrmd.if
+@@ -29,7 +29,7 @@ interface(`tabrmd_create_unix_stream_sockets',`
+ ##      </summary>
+ ## </param>
+ #
+-interface(`tabr,d_dbus_chat',`
++interface(`tabrmd_dbus_chat',`
+         gen_require(`
+                 type tabrmd_t;
+                 class dbus send_msg;
+-- 
+2.27.0
+

tpm2-abrmd.spec

@@ -2,16 +2,20 @@
 
 Name:            tpm2-abrmd
 Version:         3.0.0
-Release:         1
+Release:         6
 Summary:         A system daemon implementing the TPM2 access broker (TAB) & Resource Manager (RM) spec from the TCG
 License:         BSD
 URL:             https://github.com/tpm2-software/tpm2-abrmd
 Source0:         https://github.com/tpm2-software/tpm2-abrmd/releases/download/%{version}/%{name}-%{version}.tar.gz
 
+Patch3001:       Hygon-Add-support-for-TCM-devices.patch
+Patch3002:       backport-fix-in-SELinux-interface-file-a-typo.patch
+Patch3003:       backport-call-init_nnp_daemon_domain-for-domain-to-allow.patch
+
 BuildRequires:   systemd pkgconfig(cmocka) pkgconfig(dbus-1) pkgconfig(gio-unix-2.0) pkgconfig(tss2-mu) pkgconfig(tss2-sys)
 BuildRequires:   tpm2-tss-devel >= 2.4.0 libtool autoconf-archive libgcrypt libgcrypt-devel
 BuildRequires:   chrpath
-BuildRequires:   selinux-policy-devel pkgconfig(systemd)
+BuildRequires:   selinux-policy-devel pkgconfig(systemd) dbus-daemon
 
 # tpm2-abrmd depends on the package that contains itsSELinux policy module
 Requires: (%{name}-selinux >= 2.3.3-2 if selinux-policy)
@@ -136,6 +140,36 @@ fi
 %{_datadir}/selinux/packages/tabrmd.pp.bz2
 
 %changelog
+* Sun Apr 20 2025 jiawenhao <jiawenhao@xfusion.com> - 3.0.0-6
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: call init_nnp_daemon_domain for domain to allow for systemd
+
+* Fri Apr 18 2025 jiawenhao <jiawenhao@xfusion.com> - 3.0.0-5
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: Fix in SELinux interface file a typo
+
+* Thu Nov 07 2024 liningjie <liningjie@xfusion.com> - 3.0.0-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: fix bad date in changelog
+
+* Tue Sep 10 2024 chench <chench@hygon.cn> - 3.0.0-3
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC: add support for TCM devices
+
+* Wed Apr 10 2024 wangxiaomeng <wangxiaomeng@kylinos.cn> - 3.0.0-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:Fix build check error
+
 * Tue Jul 18 2023 jinlun<jinlun@huawei.com> - 3.0.0-1
 - Type:enhancement
 - ID:NA
@@ -154,7 +188,7 @@ fi
 - SUG:NA
 - DESC:update to 2.4.1
 
-* Thu Nov 3 wuzx<wuzx1226@qq.com> - 2.4.0-3
+* Thu Nov 3 2022 wuzx<wuzx1226@qq.com> - 2.4.0-3
 - Type:feature
 - CVE:NA
 - SUG:NA