Make the updater work properly on SELinux (#518)

* Add DECKY_SELINUX env var

* if on selinux make binary executable with chcon

* No need to recursively change one file

backend/localplatform.py

@@ -40,4 +40,7 @@ def get_keep_systemd_service() -> bool:
 def get_log_level() -> int:
     return {"CRITICAL": 50, "ERROR": 40, "WARNING": 30, "INFO": 20, "DEBUG": 10}[
         os.getenv("LOG_LEVEL", "INFO")
-    ]
+    ]
+
+def get_selinux() -> bool:
+    return os.getenv("DECKY_SELINUX", "0") == "1"

backend/updater.py

@@ -6,7 +6,7 @@ from ensurepip import version
 from json.decoder import JSONDecodeError
 from logging import getLogger
 from os import getcwd, path, remove
-from localplatform import chmod, service_restart, ON_LINUX, get_keep_systemd_service
+from localplatform import chmod, service_restart, ON_LINUX, get_keep_systemd_service, get_selinux
 
 from aiohttp import ClientSession, web
 
@@ -208,6 +208,9 @@ class Updater:
                 remove(path.join(getcwd(), download_filename))
                 shutil.move(path.join(getcwd(), download_temp_filename), path.join(getcwd(), download_filename))
                 chmod(path.join(getcwd(), download_filename), 777, False)
+                if get_selinux():
+                    from subprocess import call
+                    call(["chcon", "-t", "bin_t", path.join(getcwd(), download_filename)])
 
             logger.info("Updated loader installation.")
             await tab.evaluate_js("window.DeckyUpdater.finish()", False, False)