selinux-policy/strict/macros/program/fontconfig_macros.te

#
# Fontconfig related types 
#
# Author: Ivan Gyurdiev <ivg2@cornell.edu>
#
# fontconfig_domain(role_prefix) - create fontconfig domain
#
# read_fonts(domain, role_prefix) - 
#         allow domain to read fonts, optionally per/user
#  

define(`fontconfig_domain', `

type $1_fonts_t, file_type, $1_file_type, sysadmfile;
type $1_fonts_config_t, file_type, $1_file_type, sysadmfile;
type $1_fonts_cache_t, file_type, $1_file_type, sysadmfile;

create_dir_file($1_t, $1_fonts_t)
allow $1_t $1_fonts_t:{ dir file } { relabelto relabelfrom };

create_dir_file($1_t, $1_fonts_config_t)
allow $1_t $1_fonts_config_t:file { relabelto relabelfrom };

# For startup relabel
allow $1_t $1_fonts_cache_t:{ dir file } { relabelto relabelfrom };

') dnl fontconfig_domain

####################

define(`read_fonts', `

# Read global fonts and font config
r_dir_file($1, fonts_t)
r_dir_file($1, etc_t)

ifelse(`$2', `', `', `

# Manipulate the global font cache
create_dir_file($1, $2_fonts_cache_t)

# Read per user fonts and font config
r_dir_file($1, $2_fonts_t)
r_dir_file($1, $2_fonts_config_t)

# There are some fonts in .gnome2
ifdef(`gnome.te', `
allow $1 $2_gnome_settings_t:dir { getattr search };
')

') dnl ifelse
') dnl read_fonts