[refpolicy] [PATCH] xserver: Allow user fonts (and caches) to be mmap()ed.

* [refpolicy] [PATCH] xserver: Allow user fonts (and caches) to be mmap()ed.
@ 2018-10-02 20:02 Luis Ressel
  2018-10-04  1:59 ` Chris PeBenito
  0 siblings, 1 reply; 2+ messages in thread
From: Luis Ressel @ 2018-10-02 20:02 UTC (permalink / raw)
  To: refpolicy

Applications can optionally map fonts and fontconfig caches into memory.
miscfiles_read_fonts() already grants those perms, but it seems
xserver_use_user_fonts() was forgotten.
---
 policy/modules/services/xserver.if | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 1b25ff5c1..ec944672b 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -506,11 +506,12 @@ interface(`xserver_use_user_fonts',`
 
 	# Read per user fonts
 	allow $1 user_fonts_t:dir list_dir_perms;
-	allow $1 user_fonts_t:file read_file_perms;
+	allow $1 user_fonts_t:file { map read_file_perms };
 
 	# Manipulate the global font cache
 	manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
 	manage_files_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
+	allow $1 user_fonts_cache_t:file { map read_file_perms };
 
 	# Read per user font config
 	allow $1 user_fonts_config_t:dir list_dir_perms;
-- 
2.19.0

^ permalink raw reply related	[flat|nested] 2+ messages in thread