xserver: label .cache/fontconfig as user_fonts_cache_t

3 files changed, 3 insertions, 1 deletions

diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
index 171a8df1..b7f8612d 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -2,6 +2,7 @@
 # HOME_DIR
 #
 HOME_DIR/\.cache/mesa_shader_cache(/.*)?	gen_context(system_u:object_r:mesa_shader_cache_t,s0)
+HOME_DIR/\.cache/fontconfig(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
 HOME_DIR/\.dmrc		--	gen_context(system_u:object_r:dmrc_home_t,s0)
 HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
 HOME_DIR/\.fonts(/.*)?		gen_context(system_u:object_r:user_fonts_t,s0)
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index c1c07b32..24caccad 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -516,6 +516,7 @@ interface(`xserver_use_user_fonts',`
 	allow $1 user_fonts_config_t:file read_file_perms;
 
 	userdom_search_user_home_dirs($1)
+	xdg_search_cache_dirs($1)
 ')
 
 ########################################
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 4ce36384..1202b8e5 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -125,7 +125,7 @@ userdom_user_home_content(user_fonts_t)
 type user_fonts_cache_t;
 typealias user_fonts_cache_t alias { staff_fonts_cache_t sysadm_fonts_cache_t };
 typealias user_fonts_cache_t alias { auditadm_fonts_cache_t secadm_fonts_cache_t };
-userdom_user_home_content(user_fonts_cache_t)
+xdg_cache_content(user_fonts_cache_t)
 
 type user_fonts_config_t;
 typealias user_fonts_config_t alias { staff_fonts_config_t sysadm_fonts_config_t };