auth_use_pam($1_consolehelper_t)
+ userdom_manage_tmpfs_role($2, $1_consolehelper_t)
+
optional_policy(`
shutdown_run($1_consolehelper_t, $2)
shutdown_send_sigchld($3)
')
optional_policy(`
+ xserver_run_xauth($1_consolehelper_t, $2)
xserver_read_xdm_pid($1_consolehelper_t)
')
')
# consolehelper local policy
#
+allow consolehelper_domain self:shm create_shm_perms;
allow consolehelper_domain self:capability { setgid setuid };
dontaudit consolehelper_domain userhelper_conf_t:file write;
init_read_utmp(consolehelper_domain)
miscfiles_read_localization(consolehelper_domain)
+miscfiles_read_fonts(consolehelper_domain)
userhelper_exec(consolehelper_domain)
userdom_use_user_ptys(consolehelper_domain)
userdom_use_user_ttys(consolehelper_domain)
-userdom_search_user_home_content(consolehelper_domain)
+userdom_read_user_home_content_files(consolehelper_domain)
optional_policy(`
+ gnome_read_gconf_home_files(consolehelper_domain)
+')
+
+optional_policy(`
+ xserver_read_home_fonts(consolehelper_domain)
xserver_stream_connect(consolehelper_domain)
')
########################################
## <summary>
-## Read user homedir fonts.
+## Read/write inherited user homedir fonts.
## </summary>
## <param name="domain">
## <summary>
xserver_domtrans_xauth($1)
role $2 types xauth_t;
')
+
########################################
## <summary>
## Read user homedir fonts.
## </param>
## <rolecap/>
#
+interface(`xserver_read_home_fonts',`
+ gen_require(`
+ type user_fonts_t, user_fonts_config_t;
+ ')
+
+ list_dirs_pattern($1, user_fonts_t, user_fonts_t)
+ read_files_pattern($1, user_fonts_t, user_fonts_t)
+ read_lnk_files_pattern($1, user_fonts_t, user_fonts_t)
+
+ read_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
+')
+
+########################################
+## <summary>
+## Manage user homedir fonts.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
interface(`xserver_manage_home_fonts',`
gen_require(`
type user_fonts_t, user_fonts_config_t;