From: pebenito@ieee.org (Chris PeBenito)
Date: Wed, 3 Oct 2018 21:59:42 -0400
Subject: [refpolicy] [PATCH] xserver: Allow user fonts (and caches) to
 be mmap()ed.
In-Reply-To: <20181002200255.29926-1-aranea@aixah.de>
References: <20181002200255.29926-1-aranea@aixah.de>
Message-ID: <171b1f46-9231-27ee-d421-f43fd8cf454a@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 10/02/2018 04:02 PM, Luis Ressel via refpolicy wrote:
> Applications can optionally map fonts and fontconfig caches into memory.
> miscfiles_read_fonts() already grants those perms, but it seems
> xserver_use_user_fonts() was forgotten.
> ---
>   policy/modules/services/xserver.if | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
> index 1b25ff5c1..ec944672b 100644
> --- a/policy/modules/services/xserver.if
> +++ b/policy/modules/services/xserver.if
> @@ -506,11 +506,12 @@ interface(`xserver_use_user_fonts',`
>   
>   	# Read per user fonts
>   	allow $1 user_fonts_t:dir list_dir_perms;
> -	allow $1 user_fonts_t:file read_file_perms;
> +	allow $1 user_fonts_t:file { map read_file_perms };
>   
>   	# Manipulate the global font cache
>   	manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
>   	manage_files_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
> +	allow $1 user_fonts_cache_t:file { map read_file_perms };
>   
>   	# Read per user font config
>   	allow $1 user_fonts_config_t:dir list_dir_perms;

Merged.

-- 
Chris PeBenito