Allow gtk apps to map usr_t files

This is required to access gtk's icon cache. IIRC, past discussion on
the ML came to the conclusion that adding a new domain for this would be
overkill.

8 files changed, 8 insertions, 0 deletions

diff --git a/policy/modules/contrib/blueman.te b/policy/modules/contrib/blueman.te
index 3a5032e0..c00e3ccc 100644
--- a/policy/modules/contrib/blueman.te
+++ b/policy/modules/contrib/blueman.te
@@ -45,6 +45,7 @@ dev_rw_wireless(blueman_t)
 domain_use_interactive_fds(blueman_t)
 
 files_list_tmp(blueman_t)
+files_map_usr_files(blueman_t)
 files_read_usr_files(blueman_t)
 
 auth_use_nsswitch(blueman_t)
diff --git a/policy/modules/contrib/evolution.te b/policy/modules/contrib/evolution.te
index ed56f433..a9ffea32 100644
--- a/policy/modules/contrib/evolution.te
+++ b/policy/modules/contrib/evolution.te
@@ -182,6 +182,7 @@ dev_read_urand(evolution_t)
 
 domain_dontaudit_read_all_domains_state(evolution_t)
 
+files_map_usr_files(evolution_t)
 files_read_usr_files(evolution_t)
 
 fs_dontaudit_getattr_xattr_fs(evolution_t)
diff --git a/policy/modules/contrib/gpg.te b/policy/modules/contrib/gpg.te
index 03bbd9c3..262d8cc6 100644
--- a/policy/modules/contrib/gpg.te
+++ b/policy/modules/contrib/gpg.te
@@ -338,6 +338,7 @@ dev_read_rand(gpg_pinentry_t)
 
 domain_use_interactive_fds(gpg_pinentry_t)
 
+files_map_usr_files(gpg_pinentry_t)
 files_read_usr_files(gpg_pinentry_t)
 
 fs_dontaudit_getattr_xattr_fs(gpg_pinentry_t)
diff --git a/policy/modules/contrib/mozilla.te b/policy/modules/contrib/mozilla.te
index ddccbc79..ed6f3592 100644
--- a/policy/modules/contrib/mozilla.te
+++ b/policy/modules/contrib/mozilla.te
@@ -173,6 +173,7 @@ dev_write_sound(mozilla_t)
 domain_dontaudit_read_all_domains_state(mozilla_t)
 
 files_read_etc_runtime_files(mozilla_t)
+files_map_usr_files(mozilla_t)
 files_read_usr_files(mozilla_t)
 files_read_var_files(mozilla_t)
 files_read_var_lib_files(mozilla_t)
diff --git a/policy/modules/contrib/openoffice.te b/policy/modules/contrib/openoffice.te
index 3c42014d..eb10349d 100644
--- a/policy/modules/contrib/openoffice.te
+++ b/policy/modules/contrib/openoffice.te
@@ -80,6 +80,7 @@ files_getattr_all_dirs(ooffice_t)
 files_getattr_all_files(ooffice_t)
 files_getattr_all_symlinks(ooffice_t)
 files_read_etc_files(ooffice_t)
+files_map_usr_files(ooffice_t)
 files_read_usr_files(ooffice_t)
 
 fs_getattr_xattr_fs(ooffice_t)
diff --git a/policy/modules/contrib/thunderbird.te b/policy/modules/contrib/thunderbird.te
index eb9ab43e..c1387eac 100644
--- a/policy/modules/contrib/thunderbird.te
+++ b/policy/modules/contrib/thunderbird.te
@@ -86,6 +86,7 @@ dev_read_urand(thunderbird_t)
 dev_dontaudit_search_sysfs(thunderbird_t)
 
 files_list_tmp(thunderbird_t)
+files_map_usr_files(thunderbird_t)
 files_read_usr_files(thunderbird_t)
 files_read_etc_runtime_files(thunderbird_t)
 files_read_var_files(thunderbird_t)
diff --git a/policy/modules/contrib/wireshark.te b/policy/modules/contrib/wireshark.te
index a398fd7d..ca4289f4 100644
--- a/policy/modules/contrib/wireshark.te
+++ b/policy/modules/contrib/wireshark.te
@@ -86,6 +86,7 @@ dev_read_rand(wireshark_t)
 dev_read_sysfs(wireshark_t)
 dev_read_urand(wireshark_t)
 
+files_map_usr_files(wireshark_t)
 files_read_usr_files(wireshark_t)
 
 fs_getattr_all_fs(wireshark_t)
diff --git a/policy/modules/contrib/wm.te b/policy/modules/contrib/wm.te
index b9c04988..e54f2830 100644
--- a/policy/modules/contrib/wm.te
+++ b/policy/modules/contrib/wm.te
@@ -56,6 +56,7 @@ dev_rw_wireless(wm_domain)
 dev_write_sound(wm_domain)
 
 files_read_etc_runtime_files(wm_domain)
+files_map_usr_files(wm_domain)
 files_read_usr_files(wm_domain)
 
 fs_getattr_all_fs(wm_domain)