if application uses fonts, they may be mapped

Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
author: Amadeusz Sławiński <amade@asmblr.net> 2017-10-17 22:46:33 +0200
committer: Jason Zaman <jason@perfinion.com> 2017-10-29 21:57:28 +0800
commit: b690cc49e498479f60f74d5880b87c6f64cd3870 (patch)
tree: ff114f2b7161bf6397849f19ce629c3fb1536ecf /policy/modules/services/xserver.if
parent: lvm: allow map perms on lvm_etc_t (diff)
download: hardened-refpolicy-b690cc49e498479f60f74d5880b87c6f64cd3870.tar.gz
hardened-refpolicy-b690cc49e498479f60f74d5880b87c6f64cd3870.tar.bz2
hardened-refpolicy-b690cc49e498479f60f74d5880b87c6f64cd3870.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index e0c5be82..0718d016 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -466,7 +466,7 @@ interface(`xserver_use_user_fonts',`
 
 	# Read per user fonts
 	allow $1 user_fonts_t:dir list_dir_perms;
-	allow $1 user_fonts_t:file read_file_perms;
+	allow $1 user_fonts_t:file { map read_file_perms };
 
 	# Manipulate the global font cache
 	manage_dirs_pattern($1, user_fonts_cache_t, user_fonts_cache_t)
author	Amadeusz Sławiński <amade@asmblr.net>	2017-10-17 22:46:33 +0200
committer	Jason Zaman <jason@perfinion.com>	2017-10-29 21:57:28 +0800
commit	b690cc49e498479f60f74d5880b87c6f64cd3870 (patch)
tree	ff114f2b7161bf6397849f19ce629c3fb1536ecf /policy/modules/services/xserver.if
parent	lvm: allow map perms on lvm_etc_t (diff)
download	hardened-refpolicy-b690cc49e498479f60f74d5880b87c6f64cd3870.tar.gz hardened-refpolicy-b690cc49e498479f60f74d5880b87c6f64cd3870.tar.bz2 hardened-refpolicy-b690cc49e498479f60f74d5880b87c6f64cd3870.zip