From mboxrd@z Thu Jan  1 00:00:00 1970
From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 19 Oct 2012 09:20:19 -0400
Subject: [refpolicy] [PATCH] Changes to the xserver policy module
In-Reply-To: <1350476918-5838-1-git-send-email-dominick.grift@gmail.com>
References: <1350476918-5838-1-git-send-email-dominick.grift@gmail.com>
Message-ID: <50815393.4060706@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 10/17/12 08:28, Dominick Grift wrote:
> 
> These interfaces are needed by at least plymouth
> 
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
> index 130ced9..15abcfa 100644
> --- a/policy/modules/services/xserver.if
> +++ b/policy/modules/services/xserver.if
> @@ -713,6 +713,47 @@
>  
>  ########################################
>  ## <summary>
> +##	Create, read, write, and delete
> +##	xdm_spool files.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_manage_spool_files_xdm',`
> +	gen_require(`
> +		type xdm_spool_t;
> +	')
> +
> +	files_search_spool($1)
> +	manage_files_pattern($1, xdm_spool_t, xdm_spool_t)
> +')
> +
> +########################################
> +## <summary>
> +##	Read xdm process state files.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed access.
> +##	</summary>
> +## </param>
> +#
> +interface(`xserver_read_state_xdm',`
> +	gen_require(`
> +		type xdm_t;
> +	')
> +
> +	kernel_search_proc($1)
> +	allow $1 xdm_t:dir list_dir_perms;
> +	allow $1 xdm_t:file read_file_perms;
> +	allow $1 xdm_t:lnk_file read_lnk_file_perms;
> +')

Merged.  I swapped the interfaces and renamed them.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com