From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1035837-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id D9417138334
	for <garchives@archives.gentoo.org>; Thu, 12 Jul 2018 14:37:17 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id AFF24E0880;
	Thu, 12 Jul 2018 14:37:15 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 7A8ECE0880
	for <gentoo-commits@lists.gentoo.org>; Thu, 12 Jul 2018 14:37:15 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 25739335CC4
	for <gentoo-commits@lists.gentoo.org>; Thu, 12 Jul 2018 14:37:14 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 69D8E370
	for <gentoo-commits@lists.gentoo.org>; Thu, 12 Jul 2018 14:37:12 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1531320095.08115177f277119abef4b9186ef84ef575f9dde6.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/services/xserver.fc policy/modules/services/xserver.if policy/modules/services/xserver.te
X-VCS-Directories: policy/modules/services/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 08115177f277119abef4b9186ef84ef575f9dde6
X-VCS-Branch: master
Date: Thu, 12 Jul 2018 14:37:12 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 4f2864fa-a486-41f8-a2c6-dc0b50444651
X-Archives-Hash: b84197e28bc2ce0ba269928a74c05ed9

commit:     08115177f277119abef4b9186ef84ef575f9dde6
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Jul 10 15:03:16 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Wed Jul 11 14:41:35 2018 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=08115177

xserver: label .cache/fontconfig as user_fonts_cache_t

 policy/modules/services/xserver.fc | 1 +
 policy/modules/services/xserver.if | 1 +
 policy/modules/services/xserver.te | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
index 171a8df1..b7f8612d 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -2,6 +2,7 @@
 # HOME_DIR
 #
 HOME_DIR/\.cache/mesa_shader_cache(/.*)?	gen_context(system_u:object_r:mesa_shader_cache_t,s0)
+HOME_DIR/\.cache/fontconfig(/.*)?	gen_context(system_u:object_r:user_fonts_cache_t,s0)
 HOME_DIR/\.dmrc		--	gen_context(system_u:object_r:dmrc_home_t,s0)
 HOME_DIR/\.fonts\.conf	--	gen_context(system_u:object_r:user_fonts_config_t,s0)
 HOME_DIR/\.fonts(/.*)?		gen_context(system_u:object_r:user_fonts_t,s0)

diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index c1c07b32..24caccad 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -516,6 +516,7 @@ interface(`xserver_use_user_fonts',`
 	allow $1 user_fonts_config_t:file read_file_perms;
 
 	userdom_search_user_home_dirs($1)
+	xdg_search_cache_dirs($1)
 ')
 
 ########################################

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index 4ce36384..1202b8e5 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -125,7 +125,7 @@ userdom_user_home_content(user_fonts_t)
 type user_fonts_cache_t;
 typealias user_fonts_cache_t alias { staff_fonts_cache_t sysadm_fonts_cache_t };
 typealias user_fonts_cache_t alias { auditadm_fonts_cache_t secadm_fonts_cache_t };
-userdom_user_home_content(user_fonts_cache_t)
+xdg_cache_content(user_fonts_cache_t)
 
 type user_fonts_config_t;
 typealias user_fonts_config_t alias { staff_fonts_config_t sysadm_fonts_config_t };