SELinux-Refpolicy Archive on lore.kernel.org
 help / Atom feed
* [refpolicy] [PATCH] xserver: Allow user fonts (and caches) to be mmap()ed.
@ 2018-10-02 20:02 aranea
  2018-10-04  1:59 ` pebenito
  0 siblings, 1 reply; 2+ messages in thread
From: aranea @ 2018-10-02 20:02 UTC (permalink / raw)
  To: refpolicy

Applications can optionally map fonts and fontconfig caches into memory.
miscfiles_read_fonts() already grants those perms, but it seems
xserver_use_user_fonts() was forgotten.
---
 policy/modules/services/xserver.if | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 1b25ff5c1..ec944672b 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -506,11 +506,12 @@ interface(`xserver_use_user_fonts',`
 
 	# Read per user fonts
 	allow $1 user_fonts_t:dir list_dir_perms;
-	allow $1 user_fonts_t:file read_file_perms;
+	allow $1 user_fonts_t:file { map read_file_perms };
 
 	# Manipulate the global font cache
 	manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
 	manage_files_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
+	allow $1 user_fonts_cache_t:file { map read_file_perms };
 
 	# Read per user font config
 	allow $1 user_fonts_config_t:dir list_dir_perms;
-- 
2.19.0

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [refpolicy] [PATCH] xserver: Allow user fonts (and caches) to be mmap()ed.
  2018-10-02 20:02 [refpolicy] [PATCH] xserver: Allow user fonts (and caches) to be mmap()ed aranea
@ 2018-10-04  1:59 ` pebenito
  0 siblings, 0 replies; 2+ messages in thread
From: pebenito @ 2018-10-04  1:59 UTC (permalink / raw)
  To: refpolicy

On 10/02/2018 04:02 PM, Luis Ressel via refpolicy wrote:
> Applications can optionally map fonts and fontconfig caches into memory.
> miscfiles_read_fonts() already grants those perms, but it seems
> xserver_use_user_fonts() was forgotten.
> ---
>   policy/modules/services/xserver.if | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
> index 1b25ff5c1..ec944672b 100644
> --- a/policy/modules/services/xserver.if
> +++ b/policy/modules/services/xserver.if
> @@ -506,11 +506,12 @@ interface(`xserver_use_user_fonts',`
>   
>   	# Read per user fonts
>   	allow $1 user_fonts_t:dir list_dir_perms;
> -	allow $1 user_fonts_t:file read_file_perms;
> +	allow $1 user_fonts_t:file { map read_file_perms };
>   
>   	# Manipulate the global font cache
>   	manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
>   	manage_files_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
> +	allow $1 user_fonts_cache_t:file { map read_file_perms };
>   
>   	# Read per user font config
>   	allow $1 user_fonts_config_t:dir list_dir_perms;

Merged.

-- 
Chris PeBenito

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-02 20:02 [refpolicy] [PATCH] xserver: Allow user fonts (and caches) to be mmap()ed aranea
2018-10-04  1:59 ` pebenito

SELinux-Refpolicy Archive on lore.kernel.org

Archives are clonable: git clone --mirror https://lore.kernel.org/selinux-refpolicy/0 selinux-refpolicy/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux-refpolicy selinux-refpolicy/ https://lore.kernel.org/selinux-refpolicy \
		selinux-refpolicy@vger.kernel.org selinux-refpolicy@archiver.kernel.org
	public-inbox-index selinux-refpolicy


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux-refpolicy


AGPL code for this site: git clone https://public-inbox.org/ public-inbox