xserver: Allow user fonts (and caches) to be mmap()ed.

Applications can optionally map fonts and fontconfig caches into memory. miscfiles_read_fonts() already grants those perms, but it seems xserver_use_user_fonts() was forgotten. Signed-off-by: Jason Zaman <jason@perfinion.com>
author: Luis Ressel <aranea@aixah.de> 2018-10-02 22:02:54 +0200
committer: Jason Zaman <jason@perfinion.com> 2018-11-12 06:49:58 +0800
commit: 4dbae70829f2e1492de27c90fe3d2ec543d7a62b (patch)
tree: 460d8df93e7a044abb7a5196a2e858bc260515f1
parent: corecommands: Module version bump. (diff)
download: hardened-refpolicy-4dbae70829f2e1492de27c90fe3d2ec543d7a62b.tar.gz
hardened-refpolicy-4dbae70829f2e1492de27c90fe3d2ec543d7a62b.tar.bz2
hardened-refpolicy-4dbae70829f2e1492de27c90fe3d2ec543d7a62b.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 7e13483b2..ec944672b 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -511,6 +511,7 @@ interface(`xserver_use_user_fonts',`
 	# Manipulate the global font cache
 	manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
 	manage_files_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
+	allow $1 user_fonts_cache_t:file { map read_file_perms };
 
 	# Read per user font config
 	allow $1 user_fonts_config_t:dir list_dir_perms;
author	Luis Ressel <aranea@aixah.de>	2018-10-02 22:02:54 +0200
committer	Jason Zaman <jason@perfinion.com>	2018-11-12 06:49:58 +0800
commit	4dbae70829f2e1492de27c90fe3d2ec543d7a62b (patch)
tree	460d8df93e7a044abb7a5196a2e858bc260515f1
parent	corecommands: Module version bump. (diff)
download	hardened-refpolicy-4dbae70829f2e1492de27c90fe3d2ec543d7a62b.tar.gz hardened-refpolicy-4dbae70829f2e1492de27c90fe3d2ec543d7a62b.tar.bz2 hardened-refpolicy-4dbae70829f2e1492de27c90fe3d2ec543d7a62b.zip