From: pebenito@ieee.org (Chris PeBenito) Date: Wed, 3 Oct 2018 21:59:42 -0400 Subject: [refpolicy] [PATCH] xserver: Allow user fonts (and caches) to be mmap()ed. In-Reply-To: <20181002200255.29926-1-aranea@aixah.de> References: <20181002200255.29926-1-aranea@aixah.de> Message-ID: <171b1f46-9231-27ee-d421-f43fd8cf454a@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 10/02/2018 04:02 PM, Luis Ressel via refpolicy wrote: > Applications can optionally map fonts and fontconfig caches into memory. > miscfiles_read_fonts() already grants those perms, but it seems > xserver_use_user_fonts() was forgotten. > --- > policy/modules/services/xserver.if | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if > index 1b25ff5c1..ec944672b 100644 > --- a/policy/modules/services/xserver.if > +++ b/policy/modules/services/xserver.if > @@ -506,11 +506,12 @@ interface(`xserver_use_user_fonts',` > > # Read per user fonts > allow $1 user_fonts_t:dir list_dir_perms; > - allow $1 user_fonts_t:file read_file_perms; > + allow $1 user_fonts_t:file { map read_file_perms }; > > # Manipulate the global font cache > manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t) > manage_files_pattern($1, user_fonts_cache_t, user_fonts_cache_t) > + allow $1 user_fonts_cache_t:file { map read_file_perms }; > > # Read per user font config > allow $1 user_fonts_config_t:dir list_dir_perms; Merged. -- Chris PeBenito