diff options
Diffstat (limited to 'policy/modules/services/xserver.if')
-rw-r--r-- | policy/modules/services/xserver.if | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index 7af0ab6a7..060adbfab 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -1331,6 +1331,25 @@ interface(`xserver_kill',` ######################################## ## <summary> +## Allow reading xserver_t files to get cgroup and sessionid +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`xserver_read_state',` + gen_require(` + type xserver_t; + ') + + allow $1 xserver_t:dir search; + allow $1 xserver_t:file read_file_perms; +') + +######################################## +## <summary> ## Read and write X server Sys V Shared ## memory segments. ## </summary> @@ -1427,6 +1446,25 @@ interface(`xserver_read_tmp_files',` ######################################## ## <summary> +## talk to xserver_t by dbus +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`xserver_dbus_chat',` + gen_require(` + type xserver_t; + ') + + allow $1 xserver_t:dbus send_msg; + allow xserver_t $1:dbus send_msg; +') + +######################################## +## <summary> ## Interface to provide X object permissions on a given X server to ## an X client domain. Gives the domain permission to read the ## virtual core keyboard and virtual core pointer devices. |