From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 6 Feb 2011 16:09:18 +0100
Subject: [refpolicy] [PATCH 1/1] Allow xserver to process keyboard events
Message-ID: <20110206150917.GA12328@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On an Xorg 1.9 system with evdev driver (for keyboard InputClass), the
xserver_t domain needs to be able to read from the proper device nodes as
well as query the udev_tbl_t directory and udev itself.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/services/xserver.te |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 145fc4b..33b91be 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -610,6 +610,7 @@ allow xserver_t self:unix_dgram_socket { create_socket_perms sendto };
 allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
 allow xserver_t self:tcp_socket create_stream_socket_perms;
 allow xserver_t self:udp_socket create_socket_perms;
+allow xserver_t self:netlink_kobject_uevent_socket create_socket_perms;
 
 manage_dirs_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
 manage_files_pattern(xserver_t, xserver_tmp_t, xserver_tmp_t)
@@ -778,6 +779,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	udev_read_db(xserver_t)
+')
+
+optional_policy(`
 	unconfined_domain_noaudit(xserver_t)
 	unconfined_domtrans(xserver_t)
 ')
-- 
1.7.3.4