diff --git a/_service b/_service
deleted file mode 100644
index b975507..0000000
--- a/_service
+++ /dev/null
@@ -1,11 +0,0 @@
-
-
-
- https://github.com/intel/tpm2-abrmd.git
- git
- 2.3.3
- @PARENT_TAG@
- disable
-
-
-
diff --git a/tpm2-abrmd-2.3.3.tar.gz b/tpm2-abrmd-2.3.3.tar.gz
deleted file mode 100644
index ef98fee..0000000
--- a/tpm2-abrmd-2.3.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1e587808c6739079d59f124d9c1a0058f8d34dd84f1f656c946667fa0a181c48
-size 573449
diff --git a/tpm2-abrmd-2.4.0.tar.gz b/tpm2-abrmd-2.4.0.tar.gz
new file mode 100644
index 0000000..572ad82
--- /dev/null
+++ b/tpm2-abrmd-2.4.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:044522f1568f3d5334878f0564f808ec9fdd6a4ac5d0f3bd75ae6f2c7551a96c
+size 575440
diff --git a/tpm2.0-abrmd.changes b/tpm2.0-abrmd.changes
index bbd8622..010029a 100644
--- a/tpm2.0-abrmd.changes
+++ b/tpm2.0-abrmd.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Wed Jul 14 13:41:59 UTC 2021 - Callum Farmer
+
+- Update to version 2.4.0:
+ - Service start depends on systemd device unit: dev-tpm0.device.
+ - Numerous memory leaks.
+ - udev settle service deprecation warnings.
+ - StandardOutput=syslog deprecation warnings.
+- Add selinux module files
+- Move dbus files out of /etc
+
-------------------------------------------------------------------
Wed Jun 9 09:37:38 UTC 2021 - Alberto Planas Dominguez
diff --git a/tpm2.0-abrmd.spec b/tpm2.0-abrmd.spec
index 7f2be16..1c93f86 100644
--- a/tpm2.0-abrmd.spec
+++ b/tpm2.0-abrmd.spec
@@ -15,9 +15,10 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
-
+%global selinuxtype targeted
+%global modulename tabrmd
Name: tpm2.0-abrmd
-Version: 2.3.3
+Version: 2.4.0
Release: 0
Summary: Intel's TCG Software Stack Access Broker & Resource Manager for TPM 2.0 chips
License: BSD-2-Clause
@@ -27,18 +28,25 @@ Source0: https://github.com/tpm2-software/tpm2-abrmd/releases/download/%{
Source1: tpm2.0-abrmd.rpmlintrc
BuildRequires: autoconf-archive
BuildRequires: automake
+BuildRequires: checkpolicy
BuildRequires: gcc-c++
BuildRequires: libtool
-BuildRequires: pkg-config
+BuildRequires: pkgconfig
+BuildRequires: policycoreutils
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(gio-unix-2.0)
BuildRequires: pkgconfig(tss2-sys)
-Requires(pre): shadow
+BuildRequires: selinux-policy-devel
+# due to %%selinux_requires
+BuildRequires: pkgconfig(systemd)
+#
+BuildRequires: selinux-policy-targeted
+Requires(pre): user(tss)
Requires: libtss2-tcti-device0
Requires: libtss2-tcti-tabrmd0
Requires: tpm2-0-tss
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
+Requires: (%{name}-selinux if selinux-policy-base)
# the auto activation is not whitelisted for <= SLE12-SP3
%if 0%{?sle_version} > 120300 || 0%{?is_opensuse}
%define install_dbus_files 1
@@ -60,6 +68,16 @@ Requires: tpm2.0-abrmd = %{version}
This package provides the development files for the Access Broker & Resource
Manager for coordinating access to TPM 2.0 chips.
+%package selinux
+Summary: SELinux module for the Access Broker & Resource Manager for TPM 2.0 chips
+Group: System/Management
+BuildArch: noarch
+Requires: tpm2.0-abrmd = %{version}
+%selinux_requires
+
+%description selinux
+This package provides the SELinux module for the Access Broker & Resource Manager for TPM 2.0 chips.
+
%package -n libtss2-tcti-tabrmd0
Summary: Client interface library for tpm2-abrmd
Group: System/Libraries
@@ -72,15 +90,19 @@ use with the SAPI library (libtss2-sys) like any other TCTI.
%postun -n libtss2-tcti-tabrmd0 -p /sbin/ldconfig
%prep
-%setup -q -n tpm2-abrmd-%{version}
+%autosetup -n tpm2-abrmd-%{version}
%build
-export CFLAGS="%optflags -fPIE"
-export LDFLAGS="-pie -fPIE"
-%configure --disable-static --with-systemdsystemunitdir=%{_unitdir}
+export CFLAGS="%{optflags} -fPIE"
+export LDFLAGS="$LDFLAGS -pie"
+%configure \
+ --disable-static \
+ --with-sepolicy=yes \
+ --with-systemdsystemunitdir=%{_unitdir} \
+ --with-dbuspolicydir=%{_datadir}/dbus-1/system.d
+ %{nil}
make %{?_smp_mflags} PTHREAD_LDFLAGS=-pthread
-# TODO: add the tss user again
%install
%make_install
# don't package libtool files as is best practice
@@ -93,6 +115,8 @@ rm %{buildroot}/usr/lib*/systemd/system-preset/tpm2-abrmd.preset
rm %{buildroot}/%{_sysconfdir}/dbus-1/system.d/tpm2-abrmd.conf
rm %{buildroot}/%{_datadir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service
%endif
+mkdir %{buildroot}%{_datadir}/selinux/packages/targeted
+mv %{buildroot}%{_datadir}/selinux/packages/tab* %{buildroot}%{_datadir}/selinux/packages/targeted
%pre
%service_add_pre tpm2-abrmd.service
@@ -106,8 +130,21 @@ rm %{buildroot}/%{_datadir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service
%preun
%service_del_preun tpm2-abrmd.service
+%pre selinux
+%selinux_relabel_pre -s %{selinuxtype}
+
+%post selinux
+%selinux_modules_install -s %{selinuxtype} -p 200 %{_datadir}/selinux/packages/targeted/%{modulename}.pp.bz2
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+ %selinux_modules_uninstall -s %{selinuxtype} -p 200 %{modulename}
+fi
+
+%posttrans selinux
+%selinux_relabel_post -s %{selinuxtype}
+
%files
-%defattr(-,root,root)
%doc *.md
%license LICENSE
%{_mandir}/man7/tss2-*
@@ -117,19 +154,22 @@ rm %{buildroot}/%{_datadir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service
%{_unitdir}/tpm2-abrmd.service
%if 0%{?install_dbus_files}
# the auto activation is not whitelisted for <= SLE12-SP3
-%config %{_sysconfdir}/dbus-1/system.d/tpm2-abrmd.conf
+%{_datadir}/dbus-1/system.d/tpm2-abrmd.conf
%{_datadir}/dbus-1/system-services/com.intel.tss2.Tabrmd.service
%endif
+%files selinux
+%{_datadir}/selinux/packages/targeted/tabrmd.pp.bz2
+%{_datadir}/selinux/devel/include/contrib/tabrmd.if
+%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
+
%files devel
-%defattr(-,root,root)
%{_includedir}/tss2
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%{_mandir}/man3/Tss2*
%files -n libtss2-tcti-tabrmd0
-%defattr(-,root,root)
%{_libdir}/libtss2-tcti-tabrmd.so.*
%changelog