#!/bin/bash

if ! [ -f /etc/selinux/config ]; then exit 0; fi
. /etc/selinux/config
if ! [ "$SELINUX" = enforcing ] || ! [ "$SELINUXTYPE" = mls ]; then exit 0; fi

if [ -d /home/live ]; then
	echo "Need to relabel some files in live..."
	restorecon -FRiv				/sbin					/etc					/home					/usr/share/config/kres-migratorrc 		/usr/libexec/getconf			/usr/lib64/git-core			/run					/var/lib				/var/spool/postfix			/var/log				/var/cache/dnf				/root					/tmp					/sys/firmware/efi
	echo "End of relabel some files in live"
	exit 0
fi

if grep -q ^wheel: /etc/group; then
	firstuser=$(grep ^wheel: /etc/group | head -n 1 | cut -d: -f4 | cut -d, -f1)
	echo "Need to set aib_u for $firstuser"
	semanage login -a -s aib_u -r s0 $firstuser
fi

echo "Need to relabel some files in /home..."
restorecon -FRiv /home
find /home -type d -name "[!.]*" -maxdepth 2 -exec chcon -l s0-s3 {} \;
echo "End of relabel some files in /home"

echo "Need to relabel /run/hplip..."
chcon -l s0-s3:c0.c1023 /run/hplip
echo "End of relabel /run/hplip/"

if find /var/cache/dnf/* -context '*unlabeled_t*' |grep -q ""; then
	echo "Need to relabel some files in /var/cache/dnf..."
	restorecon -FRiv /var/cache/dnf
	echo "End of relabel some files in /var/cache/dnf"
fi
restorecon -FRiv					/usr/share/config/kres-migratorrc 		/etc/audit/audit.rules

#TODO who make this dirs?
rm -rf /etc/skel/.compose-cache
rm -rf /etc/skel/.gvfs
#TODO who corrupt this?
dd if=/etc/X11/xorg.conf.d/00-keyboard.conf bs=8k |sed 's/\x22ru,us\x22/\x22us,ru\x22/g' |dd conv=notrunc of=/etc/X11/xorg.conf.d/00-keyboard.conf

echo "Need to set secure types for some files..."
# Use /usr/bin for /usr/sbin in semanage fcontext
semanage fcontext -m -ff -t secadm_file_t /usr/bin/semanage
chcon -t secadm_file_t /usr/sbin/semanage
if [ -f /usr/sbin/semodule ]; then chcon -t secadm_file_t /usr/sbin/semodule; fi

echo "Disable mls-first-boot.service"
systemctl disable mls-first-boot.service
