Allow map xserver_misc_device_t for nvidia driver

policy/modules/kernel/devices.if

@@ -5079,6 +5079,24 @@ interface(`dev_rw_xserver_misc',`
 	rw_chr_files_pattern($1, device_t, xserver_misc_device_t)
 ')
 
+########################################
+## <summary>
+##	Map X server miscellaneous devices.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_map_xserver_misc',`
+	gen_require(`
+		type xserver_misc_device_t;
+	')
+
+	allow $1 xserver_misc_device_t:chr_file map;
+')
+
 ########################################
 ## <summary>
 ##	Read and write to the zero device (/dev/zero).

policy/modules/services/xserver.if

@@ -82,6 +82,7 @@ interface(`xserver_restricted_role',`
 	allow $2 xserver_tmp_t:file { getattr read };
 
 	dev_rw_xserver_misc($2)
+	dev_map_xserver_misc($2)
 	dev_rw_power_management($2)
 	dev_read_input($2)
 	dev_read_misc($2)

policy/modules/services/xserver.te

@@ -749,6 +749,7 @@ dev_read_raw_memory(xserver_t)
 dev_wx_raw_memory(xserver_t)
 # for other device nodes such as the NVidia binary-only driver
 dev_rw_xserver_misc(xserver_t)
+dev_map_xserver_misc(xserver_t)
 # read events - the synaptics touchpad driver reads raw events
 dev_rw_input_dev(xserver_t)
 dev_rwx_zero(xserver_t)

policy/modules/system/init.te

@@ -635,6 +635,7 @@ dev_delete_generic_symlinks(initrc_t)
 dev_getattr_all_blk_files(initrc_t)
 dev_getattr_all_chr_files(initrc_t)
 dev_rw_xserver_misc(initrc_t)
+dev_map_xserver_misc(initrc_t)
 
 domain_kill_all_domains(initrc_t)
 domain_signal_all_domains(initrc_t)