From 6829da4054150dfc49d9c0c12a97aa9267a51184 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <pebenito@ieee.org>
Date: Sun, 14 Aug 2016 15:13:24 -0400
Subject: [PATCH] Update for the xserver module:

- updated the file contexts for the Xsession script;
- created an interface for chatting over dbus with
  xdm (currently used by the userdomain module in
  the common user template);
- added permission to chat over dbus with colord.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/services/xserver.if | 21 +++++++++++++++++++++
 policy/modules/services/xserver.te |  6 +++++-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 6bf0ecc2d..690c2b674 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -711,6 +711,27 @@ interface(`xserver_dontaudit_rw_xdm_pipes',`
 	dontaudit $1 xdm_t:fifo_file rw_fifo_file_perms; 
 ')
 
+########################################
+## <summary>
+##	Send and receive messages from
+##	xdm over dbus.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_dbus_chat_xdm',`
+	gen_require(`
+		type xdm_t;
+		class dbus send_msg;
+        ')
+
+	allow $1 xdm_t:dbus send_msg;
+	allow xdm_t $1:dbus send_msg;
+')
+
 ########################################
 ## <summary>
 ##	Read xdm process state files.
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index f187e0acb..18982424a 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1,4 +1,4 @@
-policy_module(xserver, 3.11.3)
+policy_module(xserver, 3.11.4)
 
 gen_require(`
 	class x_drawable all_x_drawable_perms;
@@ -510,6 +510,10 @@ optional_policy(`
 	colord_dbus_chat(xdm_t)
 ')
 
+optional_policy(`
+	colord_dbus_chat(xdm_t)
+')
+
 optional_policy(`
 	consolekit_dbus_chat(xdm_t)
 ')