From 2a724571c9bfcc2b7af682f067ed4d1b03a4bfdc Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Mon, 20 Sep 2010 19:40:18 +0200 Subject: [PATCH] Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. --- policy/modules/services/postfix.if | 4 +- policy/modules/services/postgresql.if | 4 +- policy/modules/services/ppp.if | 2 +- policy/modules/services/prelude.if | 16 +++---- policy/modules/services/procmail.if | 3 +- policy/modules/services/psad.if | 1 - policy/modules/services/puppet.if | 2 +- policy/modules/services/pyzor.if | 4 +- policy/modules/services/qpidd.if | 58 +++++++++++------------- policy/modules/services/razor.if | 2 +- policy/modules/services/rgmanager.if | 26 +++++------ policy/modules/services/rhcs.if | 57 ++++++++++++------------ policy/modules/services/ricci.if | 64 +++++++++++++-------------- policy/modules/services/rpc.if | 2 +- policy/modules/services/rpcbind.if | 4 +- policy/modules/services/rsync.if | 12 ++--- policy/modules/services/rtkit.if | 4 +- policy/modules/services/rwho.if | 4 +- policy/modules/services/varnishd.if | 2 +- policy/modules/services/vnstatd.if | 21 ++++----- policy/modules/services/xserver.if | 2 +- 21 files changed, 139 insertions(+), 155 deletions(-) diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if index aed37207..7391f7ed 100644 --- a/policy/modules/services/postfix.if +++ b/policy/modules/services/postfix.if @@ -710,8 +710,8 @@ interface(`postfix_admin',` allow $1 postfix_smtpd_t:process { ptrace signal_perms }; ps_process_pattern($1, postfix_smtpd_t) - postfix_run_map($1,$2) - postfix_run_postdrop($1,$2) + postfix_run_map($1, $2) + postfix_run_postdrop($1, $2) postfix_initrc_domtrans($1) domain_system_change_exemption($1) diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if index d78db2cc..9284534b 100644 --- a/policy/modules/services/postgresql.if +++ b/policy/modules/services/postgresql.if @@ -10,7 +10,7 @@ ## ## ## -## +## ## The type of the user domain. ## ## @@ -312,7 +312,7 @@ interface(`postgresql_stream_connect',` files_search_pids($1) files_search_tmp($1) - stream_connect_pattern($1, { postgresql_var_run_t postgresql_tmp_t}, { postgresql_var_run_t postgresql_tmp_t}, postgresql_t) + stream_connect_pattern($1, { postgresql_var_run_t postgresql_tmp_t }, { postgresql_var_run_t postgresql_tmp_t }, postgresql_t) ') ######################################## diff --git a/policy/modules/services/ppp.if b/policy/modules/services/ppp.if index 0cb9b4e7..19d9b593 100644 --- a/policy/modules/services/ppp.if +++ b/policy/modules/services/ppp.if @@ -355,7 +355,7 @@ interface(`ppp_admin',` type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t; type pppd_etc_t, pppd_secret_t, pppd_var_run_t; type pptp_t, pptp_log_t, pptp_var_run_t; - type pppd_initrc_exec_t, pppd_etc_rw_t; + type pppd_initrc_exec_t, pppd_etc_rw_t; ') allow $1 pppd_t:process { ptrace signal_perms }; diff --git a/policy/modules/services/prelude.if b/policy/modules/services/prelude.if index 737aa106..77ef7686 100644 --- a/policy/modules/services/prelude.if +++ b/policy/modules/services/prelude.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run prelude. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`prelude_domtrans',` @@ -23,9 +23,9 @@ interface(`prelude_domtrans',` ## Execute a domain transition to run prelude_audisp. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`prelude_domtrans_audisp',` @@ -41,9 +41,9 @@ interface(`prelude_domtrans_audisp',` ## Signal the prelude_audisp domain. ## ## -## +## ## Domain allowed acccess. -## +## ## # interface(`prelude_signal_audisp',` @@ -78,9 +78,9 @@ interface(`prelude_read_spool',` ## Manage to prelude-manager spool files. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`prelude_manage_spool',` diff --git a/policy/modules/services/procmail.if b/policy/modules/services/procmail.if index 5bfbd7b6..166e9c33 100644 --- a/policy/modules/services/procmail.if +++ b/policy/modules/services/procmail.if @@ -93,7 +93,6 @@ interface(`procmail_read_home_files',` type procmail_home_t; ') - userdom_search_user_home_dirs($1) + userdom_search_user_home_dirs($1) read_files_pattern($1, procmail_home_t, procmail_home_t) ') - diff --git a/policy/modules/services/psad.if b/policy/modules/services/psad.if index 3fc51637..a45fc223 100644 --- a/policy/modules/services/psad.if +++ b/policy/modules/services/psad.if @@ -91,7 +91,6 @@ interface(`psad_manage_config',` files_search_etc($1) manage_dirs_pattern($1, psad_etc_t, psad_etc_t) manage_files_pattern($1, psad_etc_t, psad_etc_t) - ') ######################################## diff --git a/policy/modules/services/puppet.if b/policy/modules/services/puppet.if index 2855a443..0456b110 100644 --- a/policy/modules/services/puppet.if +++ b/policy/modules/services/puppet.if @@ -21,7 +21,7 @@ ## ## # -interface(`puppet_rw_tmp', ` +interface(`puppet_rw_tmp',` gen_require(` type puppet_tmp_t; ') diff --git a/policy/modules/services/pyzor.if b/policy/modules/services/pyzor.if index 748e7d33..0059cc7d 100644 --- a/policy/modules/services/pyzor.if +++ b/policy/modules/services/pyzor.if @@ -114,7 +114,7 @@ interface(`pyzor_admin',` allow $1 pyzord_t:process { ptrace signal_perms }; ps_process_pattern($1, pyzord_t) - + init_labeled_script_domtrans($1, pyzord_initrc_exec_t) domain_system_change_exemption($1) role_transition $2 pyzord_initrc_exec_t system_r; @@ -132,5 +132,3 @@ interface(`pyzor_admin',` files_list_var_lib($1) admin_pattern($1, pyzor_var_lib_t) ') - - diff --git a/policy/modules/services/qpidd.if b/policy/modules/services/qpidd.if index f97e16cf..3102e242 100644 --- a/policy/modules/services/qpidd.if +++ b/policy/modules/services/qpidd.if @@ -1,4 +1,3 @@ - ## policy for qpidd ######################################## @@ -6,9 +5,9 @@ ## Execute a domain transition to run qpidd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`qpidd_domtrans',` @@ -19,7 +18,6 @@ interface(`qpidd_domtrans',` domtrans_pattern($1, qpidd_exec_t, qpidd_t) ') - ######################################## ## ## Execute qpidd server in the qpidd domain. @@ -72,12 +70,11 @@ interface(`qpidd_manage_var_run',` type qpidd_var_run_t; ') - manage_dirs_pattern($1, qpidd_var_run_t, qpidd_var_run_t) - manage_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t) - manage_lnk_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t) + manage_dirs_pattern($1, qpidd_var_run_t, qpidd_var_run_t) + manage_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t) + manage_lnk_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t) ') - ######################################## ## ## Search qpidd lib directories. @@ -113,7 +110,7 @@ interface(`qpidd_read_lib_files',` ') files_search_var_lib($1) - read_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) + read_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) ') ######################################## @@ -133,7 +130,7 @@ interface(`qpidd_manage_lib_files',` ') files_search_var_lib($1) - manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) + manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) ') ######################################## @@ -151,12 +148,11 @@ interface(`qpidd_manage_var_lib',` type qpidd_var_lib_t; ') - manage_dirs_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) - manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) - manage_lnk_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) + manage_dirs_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) + manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) + manage_lnk_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) ') - ######################################## ## ## All of the rules required to administrate @@ -181,7 +177,6 @@ interface(`qpidd_admin',` allow $1 qpidd_t:process { ptrace signal_perms }; ps_process_pattern($1, qpidd_t) - # Allow qpidd_t to restart the apache service qpidd_initrc_domtrans($1) @@ -192,41 +187,40 @@ interface(`qpidd_admin',` qpidd_manage_var_run($1) qpidd_manage_var_lib($1) - ') ##################################### ## -## Allow read and write access to qpidd semaphores. +## Allow read and write access to qpidd semaphores. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`qpidd_rw_semaphores',` - gen_require(` - type qpidd_t; - ') + gen_require(` + type qpidd_t; + ') - allow $1 qpidd_t:sem rw_sem_perms; + allow $1 qpidd_t:sem rw_sem_perms; ') ######################################## ## -## Read and write to qpidd shared memory. +## Read and write to qpidd shared memory. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`qpidd_rw_shm',` - gen_require(` - type qpidd_t; - ') + gen_require(` + type qpidd_t; + ') - allow $1 qpidd_t:shm rw_shm_perms; + allow $1 qpidd_t:shm rw_shm_perms; ') diff --git a/policy/modules/services/razor.if b/policy/modules/services/razor.if index 13ad2fe0..353bcae9 100644 --- a/policy/modules/services/razor.if +++ b/policy/modules/services/razor.if @@ -26,6 +26,7 @@ template(`razor_common_domain_template',` gen_require(` type razor_exec_t, razor_etc_t, razor_log_t, razor_var_lib_t; ') + type $1_t; domain_type($1_t) domain_entry_file($1_t, razor_exec_t) @@ -197,4 +198,3 @@ interface(`razor_read_lib_files',` files_search_var_lib($1) read_files_pattern($1, razor_var_lib_t, razor_var_lib_t) ') - diff --git a/policy/modules/services/rgmanager.if b/policy/modules/services/rgmanager.if index 7ef312ea..c8b7eec1 100644 --- a/policy/modules/services/rgmanager.if +++ b/policy/modules/services/rgmanager.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run rgmanager. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`rgmanager_domtrans',` @@ -78,20 +78,20 @@ interface(`rgmanager_manage_tmpfs_files',` ####################################### ## -## Allow read and write access to rgmanager semaphores. +## Allow read and write access to rgmanager semaphores. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`rgmanager_rw_semaphores',` - gen_require(` - type rgmanager_t; - ') + gen_require(` + type rgmanager_t; + ') - allow $1 rgmanager_t:sem { unix_read unix_write associate read write }; + allow $1 rgmanager_t:sem { unix_read unix_write associate read write }; ') ###################################### @@ -100,9 +100,9 @@ interface(`rgmanager_rw_semaphores',` ## an rgmanager environment ## ## -## +## ## Domain allowed access. -## +## ## ## ## @@ -115,7 +115,7 @@ interface(`rgmanager_admin',` gen_require(` type rgmanager_t, rgmanager_initrc_exec_t, rgmanager_tmp_t; type rgmanager_tmpfs_t, rgmanager_var_log_t, rgmanager_var_run_t; - ') + ') allow $1 rgmanager_t:process { ptrace signal_perms }; ps_process_pattern($1, rgmanager_t) diff --git a/policy/modules/services/rhcs.if b/policy/modules/services/rhcs.if index 30c9aff9..fc1a9457 100644 --- a/policy/modules/services/rhcs.if +++ b/policy/modules/services/rhcs.if @@ -51,7 +51,6 @@ template(`rhcs_domain_template',` manage_fifo_files_pattern($1_t, $1_var_run_t, $1_var_run_t) manage_sock_files_pattern($1_t, $1_var_run_t, $1_var_run_t) files_pid_filetrans($1_t, $1_var_run_t, { file fifo_file }) - ') ###################################### @@ -59,9 +58,9 @@ template(`rhcs_domain_template',` ## Execute a domain transition to run dlm_controld. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`rhcs_domtrans_dlm_controld',` @@ -358,40 +357,40 @@ interface(`rhcs_rw_cluster_shm',` #################################### ## -## Read and write access to cluster domains semaphores. +## Read and write access to cluster domains semaphores. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`rhcs_rw_cluster_semaphores',` - gen_require(` + gen_require(` attribute cluster_domain; - ') + ') - allow $1 cluster_domain:sem { rw_sem_perms destroy }; + allow $1 cluster_domain:sem { rw_sem_perms destroy }; ') #################################### ## -## Connect to cluster domains over a unix domain -## stream socket. +## Connect to cluster domains over a unix domain +## stream socket. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`rhcs_stream_connect_cluster',` - gen_require(` - attribute cluster_domain, cluster_pid; - ') + gen_require(` + attribute cluster_domain, cluster_pid; + ') - files_search_pids($1) - stream_connect_pattern($1, cluster_pid, cluster_pid, cluster_domain) + files_search_pids($1) + stream_connect_pattern($1, cluster_pid, cluster_pid, cluster_domain) ') ###################################### @@ -433,19 +432,19 @@ interface(`rhcs_read_qdiskd_tmpfs_files',` ###################################### ## -## Allow domain to read cluster lib files +## Allow domain to read cluster lib files ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`rhcs_read_cluster_lib_files',` - gen_require(` - type cluster_var_lib_t; - ') + gen_require(` + type cluster_var_lib_t; + ') - files_search_var_lib($1) - read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t) + files_search_var_lib($1) + read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t) ') diff --git a/policy/modules/services/ricci.if b/policy/modules/services/ricci.if index 8a28c318..236fd6d3 100644 --- a/policy/modules/services/ricci.if +++ b/policy/modules/services/ricci.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run ricci. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ricci_domtrans',` @@ -20,20 +20,20 @@ interface(`ricci_domtrans',` ####################################### ## -## Execute ricci server in the ricci domain. +## Execute ricci server in the ricci domain. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # -interface(`ricci_initrc_domtrans', ` - gen_require(` - type ricci_initrc_exec_t; - ') +interface(`ricci_initrc_domtrans',` + gen_require(` + type ricci_initrc_exec_t; + ') - init_labeled_script_domtrans($1, ricci_initrc_exec_t) + init_labeled_script_domtrans($1, ricci_initrc_exec_t) ') ######################################## @@ -41,9 +41,9 @@ interface(`ricci_initrc_domtrans', ` ## Execute a domain transition to run ricci_modcluster. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ricci_domtrans_modcluster',` @@ -134,9 +134,9 @@ interface(`ricci_rw_modclusterd_tmpfs_files',` ## Execute a domain transition to run ricci_modlog. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ricci_domtrans_modlog',` @@ -152,9 +152,9 @@ interface(`ricci_domtrans_modlog',` ## Execute a domain transition to run ricci_modrpm. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ricci_domtrans_modrpm',` @@ -170,9 +170,9 @@ interface(`ricci_domtrans_modrpm',` ## Execute a domain transition to run ricci_modservice. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ricci_domtrans_modservice',` @@ -188,9 +188,9 @@ interface(`ricci_domtrans_modservice',` ## Execute a domain transition to run ricci_modstorage. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ricci_domtrans_modstorage',` @@ -203,22 +203,22 @@ interface(`ricci_domtrans_modstorage',` #################################### ## -## Allow the specified domain to manage ricci's lib files. +## Allow the specified domain to manage ricci's lib files. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`ricci_manage_lib_files',` - gen_require(` - type ricci_var_lib_t; - ') + gen_require(` + type ricci_var_lib_t; + ') - files_search_var_lib($1) - manage_dirs_pattern($1, ricci_var_lib_t, ricci_var_lib_t) - manage_files_pattern($1, ricci_var_lib_t, ricci_var_lib_t) + files_search_var_lib($1) + manage_dirs_pattern($1, ricci_var_lib_t, ricci_var_lib_t) + manage_files_pattern($1, ricci_var_lib_t, ricci_var_lib_t) ') ######################################## @@ -254,7 +254,7 @@ interface(`ricci_admin',` files_list_tmp($1) admin_pattern($1, ricci_tmp_t) - + files_list_var_lib($1) admin_pattern($1, ricci_var_lib_t) diff --git a/policy/modules/services/rpc.if b/policy/modules/services/rpc.if index b65be0cc..1de66f7e 100644 --- a/policy/modules/services/rpc.if +++ b/policy/modules/services/rpc.if @@ -32,7 +32,7 @@ interface(`rpc_stub',` ## ## # -template(`rpc_domain_template', ` +template(`rpc_domain_template',` ######################################## # # Declarations diff --git a/policy/modules/services/rpcbind.if b/policy/modules/services/rpcbind.if index 14173f7e..0458ba73 100644 --- a/policy/modules/services/rpcbind.if +++ b/policy/modules/services/rpcbind.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run rpcbind. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`rpcbind_domtrans',` diff --git a/policy/modules/services/rsync.if b/policy/modules/services/rsync.if index eefa3298..a4fddce4 100644 --- a/policy/modules/services/rsync.if +++ b/policy/modules/services/rsync.if @@ -109,9 +109,9 @@ interface(`rsync_exec',` ## Read rsync config files. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`rsync_read_config',` @@ -128,9 +128,9 @@ interface(`rsync_read_config',` ## Write to rsync config files. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`rsync_write_config',` @@ -147,9 +147,9 @@ interface(`rsync_write_config',` ## Manage rsync config files. ## ## -## +## ## Domain allowed. -## +## ## # interface(`rsync_manage_config',` diff --git a/policy/modules/services/rtkit.if b/policy/modules/services/rtkit.if index 21079f8f..62d2628b 100644 --- a/policy/modules/services/rtkit.if +++ b/policy/modules/services/rtkit.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run rtkit_daemon. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`rtkit_daemon_domtrans',` diff --git a/policy/modules/services/rwho.if b/policy/modules/services/rwho.if index 71ea0eab..664e68e7 100644 --- a/policy/modules/services/rwho.if +++ b/policy/modules/services/rwho.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run rwho. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`rwho_domtrans',` diff --git a/policy/modules/services/varnishd.if b/policy/modules/services/varnishd.if index 0f8e2138..b6121a6e 100644 --- a/policy/modules/services/varnishd.if +++ b/policy/modules/services/varnishd.if @@ -58,7 +58,7 @@ interface(`varnishd_read_config',` ##################################### ## -## Read varnish lib files. +## Read varnish lib files. ## ## ## diff --git a/policy/modules/services/vnstatd.if b/policy/modules/services/vnstatd.if index 6144fb1f..8780a8ac 100644 --- a/policy/modules/services/vnstatd.if +++ b/policy/modules/services/vnstatd.if @@ -1,15 +1,13 @@ - ## policy for vnstatd - ######################################## ## ## Execute a domain transition to run vnstatd. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`vnstatd_domtrans',` @@ -20,16 +18,14 @@ interface(`vnstatd_domtrans',` domtrans_pattern($1, vnstatd_exec_t, vnstatd_t) ') - - ######################################## ## ## Execute a domain transition to run vnstat. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`vnstatd_domtrans_vnstat',` @@ -75,7 +71,7 @@ interface(`vnstatd_read_lib_files',` ') files_search_var_lib($1) - read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) + read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) ') ######################################## @@ -95,7 +91,7 @@ interface(`vnstatd_manage_lib_files',` ') files_search_var_lib($1) - manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) + manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) ') ######################################## @@ -114,7 +110,7 @@ interface(`vnstatd_manage_lib_dirs',` ') files_search_var_lib($1) - manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) + manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) ') @@ -138,7 +134,7 @@ interface(`vnstatd_manage_lib_dirs',` interface(`vnstatd_admin',` gen_require(` type vnstatd_t; - type vnstatd_var_lib_t; + type vnstatd_var_lib_t; ') allow $1 vnstatd_t:process { ptrace signal_perms }; @@ -146,5 +142,4 @@ interface(`vnstatd_admin',` files_list_var_lib($1) admin_pattern($1, vnstatd_var_lib_t) - ') diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index 88b6040c..cd2798a9 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -243,7 +243,7 @@ interface(`xserver_rw_session',` type xserver_t, xserver_tmpfs_t; ') - xserver_ro_session($1,$2) + xserver_ro_session($1, $2) allow $1 xserver_t:shm rw_shm_perms; allow $1 xserver_tmpfs_t:file rw_file_perms; ')