From d0a6df5c47da00ffea50ad77a795b82f1b404783 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mar 09 2010 15:44:55 +0000
Subject: Miscfiles patch from Dan Walsh.


---

diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index 569c7d0..7711464 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -42,6 +42,7 @@ ifdef(`distro_redhat',`
 /usr/man(/.*)?			gen_context(system_u:object_r:man_t,s0)
 
 /usr/share/fonts(/.*)?		gen_context(system_u:object_r:fonts_t,s0)
+/usr/share/X11/fonts(/.*)?	gen_context(system_u:object_r:fonts_t,s0)
 /usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
 /usr/share/locale(/.*)?		gen_context(system_u:object_r:locale_t,s0)
 /usr/share/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
@@ -70,15 +71,18 @@ ifdef(`distro_redhat',`
 
 /var/lib/texmf(/.*)?		gen_context(system_u:object_r:tetex_data_t,s0)
 
-/var/cache/fontconfig(/.*)?	gen_context(system_u:object_r:fonts_t,s0)
+/var/cache/fontconfig(/.*)?	gen_context(system_u:object_r:fonts_cache_t,s0)
 /var/cache/fonts(/.*)?		gen_context(system_u:object_r:tetex_data_t,s0)
 /var/cache/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
 
-/var/www/cobbler/images(/.*)?	gen_context(system_u:object_r:public_content_rw_t, s0)
 /var/lib/cobbler/webui_sessions(/.*)? gen_context(system_u:object_r:public_content_rw_t, s0)
 
+/var/named/chroot/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
+
 /var/spool/texmf(/.*)?		gen_context(system_u:object_r:tetex_data_t,s0)
 
+/var/www/cobbler/images(/.*)?	gen_context(system_u:object_r:public_content_rw_t, s0)
+
 ifdef(`distro_debian',`
 /var/lib/msttcorefonts(/.*)?	gen_context(system_u:object_r:fonts_t,s0)
 /var/lib/usbutils(/.*)?		gen_context(system_u:object_r:hwdata_t,s0)
diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index 5b840aa..a70ed72 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -73,7 +73,7 @@ interface(`miscfiles_manage_cert_files',`
 #
 interface(`miscfiles_read_fonts',`
 	gen_require(`
-		type fonts_t;
+		type fonts_t, fonts_cache_t;
 	')
 
 	# cjp: fonts can be in either of these dirs
@@ -83,6 +83,10 @@ interface(`miscfiles_read_fonts',`
 	allow $1 fonts_t:dir list_dir_perms;
 	read_files_pattern($1, fonts_t, fonts_t)
 	read_lnk_files_pattern($1, fonts_t, fonts_t)
+
+	allow $1 fonts_cache_t:dir list_dir_perms;
+	read_files_pattern($1, fonts_cache_t, fonts_cache_t)
+	read_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t)
 ')
 
 ########################################
@@ -171,6 +175,66 @@ interface(`miscfiles_manage_fonts',`
 
 ########################################
 ## <summary>
+##	Set the attributes on a fonts cache directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`miscfiles_setattr_fonts_cache_dirs',`
+	gen_require(`
+		type fonts_cache_t;
+	')
+
+	allow $1 fonts_cache_t:dir setattr;
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to set the attributes
+##	on a fonts cache directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`miscfiles_dontaudit_setattr_fonts_cache_dirs',`
+	gen_require(`
+		type fonts_cache_t;
+	')
+
+	dontaudit $1 fonts_cache_t:dir setattr;
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete fonts cache.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`miscfiles_manage_fonts_cache',`
+	gen_require(`
+		type fonts_cache_t;
+	')
+
+	files_search_var($1)
+
+	manage_dirs_pattern($1, fonts_cache_t, fonts_cache_t)
+	manage_files_pattern($1, fonts_cache_t, fonts_cache_t)
+	manage_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t)
+')
+
+########################################
+## <summary>
 ##	Read hardware identification data.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
index ad79340..c7db8d8 100644
--- a/policy/modules/system/miscfiles.te
+++ b/policy/modules/system/miscfiles.te
@@ -1,5 +1,5 @@
 
-policy_module(miscfiles, 1.7.2)
+policy_module(miscfiles, 1.7.3)
 
 ########################################
 #
@@ -19,6 +19,9 @@ files_type(cert_t)
 type fonts_t;
 files_type(fonts_t)
 
+type fonts_cache_t;
+files_type(fonts_cache_t)
+
 #
 # type for /usr/share/hwdata
 #