Create interfaces to write to inherited xserver log files.

Updated based on feedback

Signed-off-by: Dave Sugar <dsugar@tresys.com>

policy/modules/services/xserver.if

@@ -1056,6 +1056,26 @@ interface(`xserver_xsession_spec_domtrans',`
 	domain_transition_pattern($1, xsession_exec_t, $2)
 ')
 
+########################################
+## <summary>
+##	Write to inherited  xsession log
+##	files such as .xsession-errors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_write_inherited_xsession_log',`
+	gen_require(`
+		type xsession_log_t;
+	')
+
+	allow $1 xsession_log_t:file write_inherited_file_perms;
+')
+
+
 ########################################
 ## <summary>
 ##	Read and write xsession log
@@ -1094,6 +1114,25 @@ interface(`xserver_manage_xsession_log',`
 	allow $1 xsession_log_t:file manage_file_perms;
 ')
 
+########################################
+## <summary>
+##	Write to inherited X server log
+##  files like /var/log/lightdm/lightdm.log
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`xserver_write_inherited_log',`
+	gen_require(`
+		type xserver_log_t;
+	')
+
+	allow $1 xserver_log_t:file write_inherited_file_perms;
+')
+
 ########################################
 ## <summary>
 ##	Get the attributes of X server logs.

policy/support/obj_perm_sets.spt

@@ -157,6 +157,7 @@ define(`read_file_perms',`{ getattr open read lock ioctl }')
 define(`mmap_file_perms',`{ getattr open map read execute ioctl }')
 define(`exec_file_perms',`{ getattr open map read execute ioctl execute_no_trans }')
 define(`append_file_perms',`{ getattr open append lock ioctl }')
+define(`write_inherited_file_perms',`{ getattr write append lock ioctl }')
 define(`write_file_perms',`{ getattr open write append lock ioctl }')
 define(`rw_inherited_file_perms',`{ getattr read write append ioctl lock }')
 define(`rw_file_perms',`{ open rw_inherited_file_perms }')