diff --git a/policycoreutils.spec b/policycoreutils.spec
new file mode 100644
index 0000000000000000000000000000000000000000..12747a8850d42b05b7110134148fdb155acd1cd2
--- /dev/null
+++ b/policycoreutils.spec
@@ -0,0 +1,410 @@
+%global libauditver     3.0
+%global libsepolver     3.3-1
+%global libsemanagever  3.3-1
+%global libselinuxver   3.3-1
+
+%global generatorsdir %{_prefix}/lib/systemd/system-generators
+
+# Disable automatic compilation of Python files in extra directories
+%global _python_bytecompile_extra 0
+
+Summary: SELinux policy core utilities
+Name:    policycoreutils
+Version: 3.3
+Release: 1%{?dist}
+License: GPLv2
+# https://github.com/SELinuxProject/selinux/wiki/Releases
+Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3/selinux-3.3.tar.gz
+URL:     https://github.com/SELinuxProject/selinux
+
+Obsoletes: policycoreutils < 2.0.61-2
+Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
+Conflicts: initscripts < 9.66
+Provides: /sbin/fixfiles
+Provides: /sbin/restorecon
+
+BuildRequires: gcc make
+BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}  libcap-devel audit-libs-devel >=  %{libauditver} gettext
+BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
+BuildRequires: python3-devel
+BuildRequires: systemd
+BuildRequires: git-core
+Requires: util-linux grep gawk diffutils rpm sed
+Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >=  %{libselinuxver}
+
+%description
+Security-enhanced Linux is a feature of the Linux® kernel and a number
+of utilities with enhanced security functionality designed to add
+mandatory access controls to Linux.  The Security-enhanced Linux
+kernel contains new architectural components originally developed to
+improve the security of the Flask operating system. These
+architectural components provide general support for the enforcement
+of many kinds of mandatory access control policies, including those
+based on the concepts of Type Enforcement®, Role-based Access
+Control, and Multi-level Security.
+
+policycoreutils contains the policy core utilities that are required
+for basic operation of a SELinux system.  These utilities include
+load_policy to load policies, setfiles to label filesystems, newrole
+to switch roles.
+
+%prep -p /usr/bin/bash
+%autosetup -n selinux-%{version} -p 1
+
+%build
+%set_build_flags
+export PYTHON=%{__python3}
+
+make -C policycoreutils SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C python SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C gui SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C sandbox SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C dbus SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C semodule-utils SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C restorecond SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+
+%install
+mkdir -p %{buildroot}%{_bindir}
+mkdir -p %{buildroot}%{_sbindir}
+mkdir -p %{buildroot}%{_mandir}/man1
+mkdir -p %{buildroot}%{_mandir}/man5
+mkdir -p %{buildroot}%{_mandir}/man8
+%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
+
+%make_install -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a"
+
+%make_install -C python PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
+
+%make_install -C gui PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
+
+%make_install -C sandbox PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
+
+%make_install -C dbus PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
+
+%make_install -C semodule-utils PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
+
+%make_install -C restorecond PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
+
+# Fix perms on newrole so that objcopy can process it
+chmod 0755 %{buildroot}%{_bindir}/newrole
+
+# Systemd
+rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
+
+rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
+rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8*
+rm -f %{buildroot}/usr/share/man/ru/man8/semodule_deps.8.gz
+rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
+rm -f %{buildroot}/usr/sbin/open_init_pty
+rm -f %{buildroot}/usr/sbin/run_init
+rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8*
+rm -f %{buildroot}/usr/share/man/man8/run_init.8*
+rm -f %{buildroot}/etc/pam.d/run_init*
+
+# change /usr/bin/python to %%{__python3} in policycoreutils-python3
+pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib}
+
+# change /usr/bin/python to %%{__python3} in policycoreutils-python-utils
+pathfix.py -i "%{__python3} -Es" -p \
+    %{buildroot}%{_sbindir}/semanage \
+    %{buildroot}%{_bindir}/chcat \
+    %{buildroot}%{_bindir}/sandbox \
+    %{buildroot}%{_datadir}/sandbox/start \
+    %{buildroot}%{_bindir}/audit2allow \
+    %{buildroot}%{_bindir}/sepolicy \
+    %{buildroot}%{_bindir}/sepolgen-ifgen \
+    %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \
+    %{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \
+    %nil
+
+find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
+     %{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_datadir} \
+     -type f -name '*~' | xargs rm -f
+
+# Manually invoke the python byte compile macro for each path that needs byte
+# compilation.
+%py_byte_compile %{__python3} %{buildroot}%{_datadir}/system-config-selinux
+
+%find_lang policycoreutils
+
+%package python-utils
+Summary:    SELinux policy core python utilities
+Requires:   python3-policycoreutils = %{version}-%{release}
+Obsoletes:  policycoreutils-python <= 2.4-4
+BuildArch:  noarch
+
+%description python-utils
+The policycoreutils-python-utils package contains the management tools use to manage
+an SELinux environment.
+
+%files python-utils
+%{_sbindir}/semanage
+%{_bindir}/chcat
+%{_bindir}/audit2allow
+%{_bindir}/audit2why
+%{_mandir}/man1/audit2allow.1*
+%{_mandir}/ru/man1/audit2allow.1*
+%{_mandir}/man1/audit2why.1*
+%{_mandir}/ru/man1/audit2why.1*
+%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
+%{_mandir}/man8/chcat.8*
+%{_mandir}/ru/man8/chcat.8*
+%{_mandir}/man8/semanage*.8*
+%{_mandir}/ru/man8/semanage*.8*
+%{_datadir}/bash-completion/completions/semanage
+
+%package dbus
+Summary:    SELinux policy core DBUS api
+Requires:   python3-policycoreutils = %{version}-%{release}
+Requires:   python3-gobject-base
+Requires:   polkit
+BuildArch:  noarch
+
+%description dbus
+The policycoreutils-dbus package contains the management DBUS API use to manage
+an SELinux environment.
+
+%files dbus
+%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
+%{_datadir}/dbus-1/system-services/org.selinux.service
+%{_datadir}/polkit-1/actions/org.selinux.policy
+%{_datadir}/polkit-1/actions/org.selinux.config.policy
+%{_datadir}/system-config-selinux/selinux_server.py
+%dir %{_datadir}/system-config-selinux/__pycache__
+%{_datadir}/system-config-selinux/__pycache__/selinux_server.*
+
+%package -n python3-policycoreutils
+%{?python_provide:%python_provide python3-policycoreutils}
+# Remove before F31
+Provides: %{name}-python3 = %{version}-%{release}
+Provides: %{name}-python3 = %{version}-%{release}
+Obsoletes: %{name}-python3 < %{version}-%{release}
+Summary: SELinux policy core python3 interfaces
+Requires:policycoreutils = %{version}-%{release}
+Requires:python3-libsemanage >= %{libsemanagever} python3-libselinux
+# no python3-audit-libs yet
+Requires:audit-libs-python3 >=  %{libauditver}
+Requires: checkpolicy
+Requires: python3-setools >= 4.4.0
+BuildArch: noarch
+
+%description -n python3-policycoreutils
+The python3-policycoreutils package contains the interfaces that can be used
+by python 3 in an SELinux environment.
+
+%files -n python3-policycoreutils
+%{python3_sitelib}/seobject.py*
+%{python3_sitelib}/__pycache__
+%{python3_sitelib}/sepolgen
+%dir %{python3_sitelib}/sepolicy
+%{python3_sitelib}/sepolicy/templates
+%dir %{python3_sitelib}/sepolicy/help
+%{python3_sitelib}/sepolicy/help/*
+%{python3_sitelib}/sepolicy/__init__.py*
+%{python3_sitelib}/sepolicy/booleans.py*
+%{python3_sitelib}/sepolicy/communicate.py*
+%{python3_sitelib}/sepolicy/generate.py*
+%{python3_sitelib}/sepolicy/interface.py*
+%{python3_sitelib}/sepolicy/manpage.py*
+%{python3_sitelib}/sepolicy/network.py*
+%{python3_sitelib}/sepolicy/transition.py*
+%{python3_sitelib}/sepolicy/sedbus.py*
+%{python3_sitelib}/sepolicy*.egg-info
+%{python3_sitelib}/sepolicy/__pycache__
+
+%package devel
+Summary: SELinux policy core policy devel utilities
+Requires: policycoreutils-python-utils = %{version}-%{release}
+Requires: /usr/bin/make dnf
+Requires: (selinux-policy-devel if selinux-policy)
+
+%description devel
+The policycoreutils-devel package contains the management tools use to develop policy in an SELinux environment.
+
+%files devel
+%{_bindir}/sepolgen
+%{_bindir}/sepolgen-ifgen
+%{_bindir}/sepolgen-ifgen-attr-helper
+%dir  /var/lib/sepolgen
+/var/lib/sepolgen/perm_map
+%{_bindir}/sepolicy
+%{_mandir}/man8/sepolgen.8*
+%{_mandir}/ru/man8/sepolgen.8*
+%{_mandir}/man8/sepolicy-booleans.8*
+%{_mandir}/man8/sepolicy-generate.8*
+%{_mandir}/man8/sepolicy-interface.8*
+%{_mandir}/man8/sepolicy-network.8*
+%{_mandir}/man8/sepolicy.8*
+%{_mandir}/man8/sepolicy-communicate.8*
+%{_mandir}/man8/sepolicy-manpage.8*
+%{_mandir}/man8/sepolicy-transition.8*
+%{_mandir}/ru/man8/sepolicy*.8*
+%{_usr}/share/bash-completion/completions/sepolicy
+
+
+%package sandbox
+Summary: SELinux sandbox utilities
+Requires: python3-policycoreutils = %{version}-%{release}
+Requires: xorg-x11-server-Xephyr >= 1.14.1-2 /usr/bin/rsync /usr/bin/xmodmap
+Requires: matchbox-window-manager
+BuildRequires: libcap-ng-devel
+
+%description sandbox
+The policycoreutils-sandbox package contains the scripts to create graphical
+sandboxes
+
+%files sandbox
+%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
+%{_datadir}/sandbox/sandboxX.sh
+%{_datadir}/sandbox/start
+%caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
+%{_mandir}/man8/seunshare.8*
+%{_mandir}/ru/man8/seunshare.8*
+%{_bindir}/sandbox
+%{_mandir}/man5/sandbox.5*
+%{_mandir}/ru/man5/sandbox.5*
+%{_mandir}/man8/sandbox.8*
+%{_mandir}/ru/man8/sandbox.8*
+
+%package newrole
+Summary: The newrole application for RBAC/MLS
+Requires: policycoreutils = %{version}-%{release}
+
+%description newrole
+RBAC/MLS policy machines require newrole as a way of changing the role
+or level of a logged in user.
+
+%files newrole
+%attr(0755,root,root) %caps(cap_dac_read_search,cap_setpcap,cap_audit_write,cap_sys_admin,cap_fowner,cap_chown,cap_dac_override=pe) %{_bindir}/newrole
+%{_mandir}/man1/newrole.1.gz
+%{_mandir}/ru/man1/newrole.1.gz
+%config(noreplace) %{_sysconfdir}/pam.d/newrole
+
+%package gui
+Summary: SELinux configuration GUI
+Requires: policycoreutils-devel = %{version}-%{release}, python3-policycoreutils = %{version}-%{release}
+Requires: policycoreutils-dbus = %{version}-%{release}
+Requires: gtk3, python3-gobject
+BuildRequires: desktop-file-utils
+BuildArch: noarch
+
+%description gui
+system-config-selinux is a utility for managing the SELinux environment
+
+%files gui
+%{_bindir}/system-config-selinux
+%{_bindir}/selinux-polgengui
+%{_datadir}/applications/sepolicy.desktop
+%{_datadir}/applications/system-config-selinux.desktop
+%{_datadir}/applications/selinux-polgengui.desktop
+%{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png
+%{_datadir}/pixmaps/system-config-selinux.png
+%dir %{_datadir}/system-config-selinux
+%dir %{_datadir}/system-config-selinux/__pycache__
+%{_datadir}/system-config-selinux/system-config-selinux.png
+%{_datadir}/system-config-selinux/*Page.py
+%{_datadir}/system-config-selinux/__pycache__/*Page.*
+%{_datadir}/system-config-selinux/system-config-selinux.py
+%{_datadir}/system-config-selinux/__pycache__/system-config-selinux.*
+%{_datadir}/system-config-selinux/*.ui
+%{python3_sitelib}/sepolicy/gui.py*
+%{python3_sitelib}/sepolicy/sepolicy.glade
+%{_datadir}/icons/hicolor/*/apps/sepolicy.png
+%{_datadir}/pixmaps/sepolicy.png
+%{_mandir}/man8/system-config-selinux.8*
+%{_mandir}/ru/man8/system-config-selinux.8*
+%{_mandir}/man8/selinux-polgengui.8*
+%{_mandir}/ru/man8/selinux-polgengui.8*
+%{_mandir}/man8/sepolicy-gui.8*
+%{_mandir}/ru/man8/sepolicy-gui.8*
+
+%files -f %{name}.lang
+%{_sbindir}/restorecon
+%{_sbindir}/restorecon_xattr
+%{_sbindir}/fixfiles
+%{_sbindir}/setfiles
+%{_sbindir}/load_policy
+%{_sbindir}/genhomedircon
+%{_sbindir}/setsebool
+%{_sbindir}/semodule
+# symlink to %%{_bindir}/sestatus
+%{_sbindir}/sestatus
+%{_bindir}/secon
+%{_bindir}/semodule_expand
+%{_bindir}/semodule_link
+%{_bindir}/semodule_package
+%{_bindir}/semodule_unpackage
+%{_bindir}/sestatus
+%{_libexecdir}/selinux/hll
+%config(noreplace) %{_sysconfdir}/sestatus.conf
+%{_mandir}/man5/selinux_config.5.gz
+%{_mandir}/ru/man5/selinux_config.5.gz
+%{_mandir}/man5/sestatus.conf.5.gz
+%{_mandir}/ru/man5/sestatus.conf.5.gz
+%{_mandir}/man8/fixfiles.8*
+%{_mandir}/ru/man8/fixfiles.8*
+%{_mandir}/man8/load_policy.8*
+%{_mandir}/ru/man8/load_policy.8*
+%{_mandir}/man8/restorecon.8*
+%{_mandir}/ru/man8/restorecon.8*
+%{_mandir}/man8/restorecon_xattr.8*
+%{_mandir}/ru/man8/restorecon_xattr.8*
+%{_mandir}/man8/semodule.8*
+%{_mandir}/ru/man8/semodule.8*
+%{_mandir}/man8/sestatus.8*
+%{_mandir}/ru/man8/sestatus.8*
+%{_mandir}/man8/setfiles.8*
+%{_mandir}/ru/man8/setfiles.8*
+%{_mandir}/man8/setsebool.8*
+%{_mandir}/ru/man8/setsebool.8*
+%{_mandir}/man1/secon.1*
+%{_mandir}/ru/man1/secon.1*
+%{_mandir}/man8/genhomedircon.8*
+%{_mandir}/ru/man8/genhomedircon.8*
+%{_mandir}/man8/semodule_expand.8*
+%{_mandir}/ru/man8/semodule_expand.8*
+%{_mandir}/man8/semodule_link.8*
+%{_mandir}/ru/man8/semodule_link.8*
+%{_mandir}/man8/semodule_unpackage.8*
+%{_mandir}/ru/man8/semodule_unpackage.8*
+%{_mandir}/man8/semodule_package.8*
+%{_mandir}/ru/man8/semodule_package.8*
+%dir %{_datadir}/bash-completion
+%{_datadir}/bash-completion/completions/setsebool
+%{!?_licensedir:%global license %%doc}
+%license policycoreutils/COPYING
+%doc %{_usr}/share/doc/%{name}
+
+%package restorecond
+Summary: SELinux restorecond utilities
+BuildRequires: systemd-units
+
+%description restorecond
+The policycoreutils-restorecond package contains the restorecond service.
+
+%files restorecond
+%{_sbindir}/restorecond
+%{_unitdir}/restorecond.service
+%{_userunitdir}/restorecond_user.service
+%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
+%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
+%{_sysconfdir}/xdg/autostart/restorecond.desktop
+%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
+%{_mandir}/man8/restorecond.8*
+%{_mandir}/ru/man8/restorecond.8*
+
+%{!?_licensedir:%global license %%doc}
+%license policycoreutils/COPYING
+
+%post restorecond
+%systemd_post restorecond.service
+
+%preun restorecond
+%systemd_preun restorecond.service
+
+%postun restorecond
+%systemd_postun_with_restart restorecond.service
+
+%changelog
+* Mon Mar  7 2022 Liwei Ge <liwei.glw@linux.alibaba.com> - 3.3-1
+- Init from upstream v3.3
diff --git a/selinux-3.3.tar.gz b/selinux-3.3.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..840464ce986ad50198324f839cbf349b278b3369
Binary files /dev/null and b/selinux-3.3.tar.gz differ