Generating allow and downtaudit rules
Now we generate allow and donataudit rules for our Libre Office policy.
Switch your SELinux to Permissive mode: setenforce 0, and run /usr/bin/libreoffice. You will receive many alerts in UDDTray. Type libre_office in a Filter field of alerts tab [1]. Select all chosen alerts [2], or type for it Ctrl+A. Press Append to editor button [3], and activate Generate policy button. When Generate policy was unchecked you could see allow rules in SELinux policy tab [5].
Append generated rules in libre_office.te files. If you don't want to grant some permission for Libre Office and want to ignore received messages replace keyword allow with dontaudit.
Append allow and dontaudit rules for libre_office_secret_t domain (run /usr/bin/libreoffice_secret) in the same way. Then rebuild and install policy.
After installation you can try to switch SELinux in Enforcing mode. Type setenforce 1 in a root console. When you run Libre Office again you will receive new alerts. Append rules for it too.
Warning! Some alerts are not shown at the alerts tab, because there are not system. You could try to generate policy for it using Generate policy for /var/log/messages function. Other alerts are not shown because there are dontaudit rules for it in other policies. If you want to see alerts for dontaudit rules rebuild your policy: semodule -D. If you want hide these events type semodule -DB in your root console.