xserver: fix iceauth_home_t file context creation

This patch fixes the xserver module so that the hidden .ICEauthority
file is created with the proper context (file transition).

It also optimizes a similar interface used for xauth home files.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>

1 files changed, 32 insertions, 1 deletions

diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index eae74b67..35879363 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -167,6 +167,8 @@ interface(`xserver_role',`
 	relabel_dirs_pattern($2, user_fonts_config_t, user_fonts_config_t)
 	relabel_files_pattern($2, user_fonts_config_t, user_fonts_config_t)
 
+	xserver_user_home_dir_filetrans_user_iceauth($2, ".ICEauthority")
+
 	xserver_read_xkb_libs($2)
 ')
 
@@ -561,13 +563,42 @@ interface(`xserver_domtrans_xauth',`
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
 #
 interface(`xserver_user_home_dir_filetrans_user_xauth',`
 	gen_require(`
 		type xauth_home_t;
 	')
 
-	userdom_user_home_dir_filetrans($1, xauth_home_t, file)
+	userdom_user_home_dir_filetrans($1, xauth_home_t, file, $2)
+')
+
+#######################################
+## <summary>
+##	Create a ICEauthority file in
+##	the user home directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="name" optional="true">
+##	<summary>
+##	The name of the object being created.
+##	</summary>
+## </param>
+#
+interface(`xserver_user_home_dir_filetrans_user_iceauth',`
+	gen_require(`
+		type iceauth_home_t;
+	')
+
+	userdom_user_home_dir_filetrans($1, iceauth_home_t, file, $2)
 ')
 
 ########################################