diff --git a/policy/modules/apps/evolution.te b/policy/modules/apps/evolution.te
index 4a31d47b8d..e5e77a192f 100644
--- a/policy/modules/apps/evolution.te
+++ b/policy/modules/apps/evolution.te
@@ -308,15 +308,36 @@ corecmd_exec_bin(evolution_alarm_t)
dev_read_urand(evolution_alarm_t)
files_read_usr_files(evolution_alarm_t)
+files_map_usr_files(evolution_alarm_t)
+files_watch_etc_dirs(evolution_alarm_t)
+files_watch_usr_dirs(evolution_alarm_t)
+files_watch_var_lib_dirs(evolution_alarm_t)
fs_dontaudit_getattr_xattr_fs(evolution_alarm_t)
fs_search_auto_mountpoints(evolution_alarm_t)
+logging_send_syslog_msg(evolution_alarm_t)
+
auth_use_nsswitch(evolution_alarm_t)
+gnome_mmap_read_xdg_config_files(evolution_alarm_t)
+
miscfiles_read_localization(evolution_alarm_t)
userdom_dontaudit_read_user_home_content_files(evolution_alarm_t)
+userdom_search_user_runtime(evolution_alarm_t)
+userdom_write_user_tmp_sockets(evolution_alarm_t)
+userdom_list_user_tmp(evolution_alarm_t)
+userdom_rw_user_tmp_files(evolution_alarm_t)
+userdom_map_user_tmp_files(evolution_alarm_t)
+userdom_watch_user_home_dirs(evolution_alarm_t)
+
+wm_mmap_rw_tmpfs_files(evolution_alarm_t)
+
+xdg_search_config_dirs(evolution_alarm_t)
+xdg_search_data_dirs(evolution_alarm_t)
+xdg_read_config_files(evolution_alarm_t)
+xdg_read_data_files(evolution_alarm_t)
xserver_user_x_domain_template(evolution_alarm, evolution_alarm_t, evolution_alarm_tmpfs_t)
xserver_read_xkb_libs(evolution_alarm_t)
@@ -336,6 +357,7 @@ tunable_policy(`use_samba_home_dirs',`
optional_policy(`
dbus_all_session_bus_client(evolution_alarm_t)
dbus_connect_all_session_bus(evolution_alarm_t)
+ dbus_write_session_runtime_socket(evolution_alarm_t)
optional_policy(`
evolution_dbus_chat(evolution_alarm_t)
@@ -346,6 +368,10 @@ optional_policy(`
gnome_stream_connect_gconf(evolution_alarm_t)
')
+optional_policy(`
+ wm_send_fd(evolution_alarm_t)
+')
+
########################################
#
# Exchange local policy
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index fe0fe951eb..ee74085655 100644
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -113,6 +113,10 @@ template(`gnome_role_template',`
gnome_dbus_chat_gkeyringd($1, $3)
')
+ optional_policy(`
+ systemd_dbus_chat_logind($1_gkeyringd_t)
+ ')
+
optional_policy(`
wm_dbus_chat($1, $1_gkeyringd_t)
')
@@ -821,6 +825,25 @@ interface(`gnome_mmap_gstreamer_orcexec',`
allow $1 gstreamer_orcexec_t:file mmap_exec_file_perms;
')
+########################################
+##
+## mmap read gnome_xdg_config_t files
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`gnome_mmap_read_xdg_config_files',`
+ gen_require(`
+ type gnome_xdg_config_t;
+ ')
+
+ allow $1 gnome_xdg_config_t:dir list_dir_perms;
+ allow $1 gnome_xdg_config_t:file mmap_read_file_perms;
+')
+
########################################
##
## watch gnome_xdg_config_t dirs
diff --git a/policy/modules/apps/wm.if b/policy/modules/apps/wm.if
index b52f06ca97..49c577142a 100644
--- a/policy/modules/apps/wm.if
+++ b/policy/modules/apps/wm.if
@@ -236,6 +236,24 @@ interface(`wm_dontaudit_exec_tmpfs_files',`
dontaudit $1 wm_tmpfs_t:file exec_file_perms;
')
+########################################
+##
+## Allow sending fd to wm domain
+##
+##
+##
+## Domain to allow
+##
+##
+#
+interface(`wm_send_fd',`
+ gen_require(`
+ attribute wm_domain;
+ ')
+
+ allow wm_domain $1:fd use;
+')
+
########################################
##
## Create a domain for applications