Merge pull request #42 from dsugar100/master

policy/modules/kernel/devices.if

@@ -1939,6 +1939,24 @@ interface(`dev_setattr_dri_dev',`
 	setattr_chr_files_pattern($1, device_t, dri_device_t)
 ')
 
+########################################
+## <summary>
+##	IOCTL the dri devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_ioctl_dri_dev',`
+	gen_require(`
+		type device_t, dri_device_t;
+	')
+
+	allow $1 dri_device_t:chr_file ioctl;
+')
+
 ########################################
 ## <summary>
 ##	Read and write the dri devices.

policy/modules/kernel/kernel.te

@@ -397,9 +397,12 @@ optional_policy(`
 ')
 
 optional_policy(`
-	plymouthd_read_lib_files(kernel_t)
+	dev_ioctl_dri_dev(kernel_t)
+
+	plymouthd_delete_pid_files(kernel_t)
 	plymouthd_read_pid_files(kernel_t)
 	plymouthd_read_spool_files(kernel_t)
+	plymouthd_rw_lib_files(kernel_t)
 
 	term_use_ptmx(kernel_t)
 	term_use_unallocated_ttys(kernel_t)

policy/modules/services/plymouthd.if

@@ -192,6 +192,25 @@ interface(`plymouthd_read_lib_files',`
 	read_files_pattern($1, plymouthd_var_lib_t, plymouthd_var_lib_t)
 ')
 
+########################################
+## <summary>
+##	Read and write plymouthd lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`plymouthd_rw_lib_files',`
+	gen_require(`
+		type plymouthd_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	rw_files_pattern($1, plymouthd_var_lib_t, plymouthd_var_lib_t)
+')
+
 ########################################
 ## <summary>
 ##	Create, read, write, and delete
@@ -232,6 +251,25 @@ interface(`plymouthd_read_pid_files',`
 	allow $1 plymouthd_var_run_t:file read_file_perms;
 ')
 
+########################################
+## <summary>
+##	Delete the plymouthd pid files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`plymouthd_delete_pid_files',`
+	gen_require(`
+		type plymouthd_var_run_t;
+	')
+
+	files_search_pids($1)
+	delete_files_pattern($1, plymouthd_var_run_t, plymouthd_var_run_t)
+')
+
 ########################################
 ## <summary>
 ##	All of the rules required to

policy/modules/services/xserver.te

@@ -615,6 +615,10 @@ optional_policy(`
 	mta_dontaudit_getattr_spool_files(xdm_t)
 ')
 
+optional_policy(`
+	plymouthd_domtrans_plymouth(xdm_t)
+')
+
 optional_policy(`
 	resmgr_stream_connect(xdm_t)
 ')