From 38fe90368439ad4cc2a9660fdf63bf0423a8ee08 Mon Sep 17 00:00:00 2001
From: Guido Trentalancia <guido@trentalancia.com>
Date: Tue, 5 Sep 2023 21:18:53 +0200
Subject: [PATCH] Include the X server tmpfs rw permissions in the X shared
 memory write access tunable policy under request from Christoper PeBenito.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
 policy/modules/services/xserver.if |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
---
 policy/modules/services/xserver.if | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index a34b508c0..b4c5a18bb 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -127,7 +127,7 @@ template(`xserver_restricted_role',`
 		allow $2 xserver_t:shm rw_shm_perms;
 	')
 
-	tunable_policy(`allow_write_xserver_tmpfs',`
+	tunable_policy(`allow_write_xshm || allow_write_xserver_tmpfs',`
 		allow $2 xserver_tmpfs_t:file rw_file_perms;
 	')
 
@@ -295,7 +295,7 @@ interface(`xserver_rw_session',`
 		allow $1 xserver_t:shm rw_shm_perms;
 	')
 
-	tunable_policy(`allow_write_xserver_tmpfs',`
+	tunable_policy(`allow_write_xshm || allow_write_xserver_tmpfs',`
 		allow $1 xserver_tmpfs_t:file rw_file_perms;
 	')
 ')
@@ -494,7 +494,7 @@ template(`xserver_user_x_domain_template',`
 		allow $2 xserver_t:shm rw_shm_perms;
 	')
 
-	tunable_policy(`allow_write_xserver_tmpfs',`
+	tunable_policy(`allow_write_xshm || allow_write_xserver_tmpfs',`
 		allow $2 xserver_tmpfs_t:file rw_file_perms;
 	')
 ')