1 files changed, 38 insertions, 0 deletions

diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 7af0ab6a7..060adbfab 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -1331,6 +1331,25 @@ interface(`xserver_kill',`
 
 ########################################
 ## <summary>
+##      Allow reading xserver_t files to get cgroup and sessionid
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`xserver_read_state',`
+	gen_require(`
+		type xserver_t;
+	')
+
+	allow $1 xserver_t:dir search;
+	allow $1 xserver_t:file read_file_perms;
+')
+
+########################################
+## <summary>
 ##	Read and write X server Sys V Shared
 ##	memory segments.
 ## </summary>
@@ -1427,6 +1446,25 @@ interface(`xserver_read_tmp_files',`
 
 ########################################
 ## <summary>
+##      talk to xserver_t by dbus
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`xserver_dbus_chat',`
+	gen_require(`
+		type xserver_t;
+	')
+
+	allow $1 xserver_t:dbus send_msg;
+	allow xserver_t $1:dbus send_msg;
+')
+
+########################################
+## <summary>
 ##	Interface to provide X object permissions on a given X server to
 ##	an X client domain.  Gives the domain permission to read the
 ##      virtual core keyboard and virtual core pointer devices.