SELinuxProject · etbe · Sep 23, 2025 · Sep 23, 2025 · pebenito · Sep 25, 2025
diff --git a/policy/modules/apps/evolution.te b/policy/modules/apps/evolution.te
@@ -308,15 +308,36 @@ corecmd_exec_bin(evolution_alarm_t)
 dev_read_urand(evolution_alarm_t)
 
 files_read_usr_files(evolution_alarm_t)
+files_map_usr_files(evolution_alarm_t)
+files_watch_etc_dirs(evolution_alarm_t)
+files_watch_usr_dirs(evolution_alarm_t)
+files_watch_var_lib_dirs(evolution_alarm_t)
 
 fs_dontaudit_getattr_xattr_fs(evolution_alarm_t)
 fs_search_auto_mountpoints(evolution_alarm_t)
 
+logging_send_syslog_msg(evolution_alarm_t)
+
 auth_use_nsswitch(evolution_alarm_t)
 
+gnome_mmap_read_xdg_config_files(evolution_alarm_t)
+
 miscfiles_read_localization(evolution_alarm_t)
 
 userdom_dontaudit_read_user_home_content_files(evolution_alarm_t)
+userdom_search_user_runtime(evolution_alarm_t)
+userdom_write_user_tmp_sockets(evolution_alarm_t)
+userdom_list_user_tmp(evolution_alarm_t)
+userdom_rw_user_tmp_files(evolution_alarm_t)
+userdom_map_user_tmp_files(evolution_alarm_t)
+userdom_watch_user_home_dirs(evolution_alarm_t)
+
+wm_mmap_rw_tmpfs_files(evolution_alarm_t)
+
+xdg_search_config_dirs(evolution_alarm_t)
+xdg_search_data_dirs(evolution_alarm_t)
+xdg_read_config_files(evolution_alarm_t)
+xdg_read_data_files(evolution_alarm_t)
 
 xserver_user_x_domain_template(evolution_alarm, evolution_alarm_t, evolution_alarm_tmpfs_t)
 xserver_read_xkb_libs(evolution_alarm_t)
@@ -336,6 +357,7 @@ tunable_policy(`use_samba_home_dirs',`
 optional_policy(`
 	dbus_all_session_bus_client(evolution_alarm_t)
 	dbus_connect_all_session_bus(evolution_alarm_t)
+	dbus_write_session_runtime_socket(evolution_alarm_t)
 
 	optional_policy(`
 		evolution_dbus_chat(evolution_alarm_t)
@@ -346,6 +368,10 @@ optional_policy(`
 	gnome_stream_connect_gconf(evolution_alarm_t)
 ')
 
+optional_policy(`
+	wm_send_fd(evolution_alarm_t)
+')
+
 ########################################
 #
 # Exchange local policy

diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
@@ -113,6 +113,10 @@ template(`gnome_role_template',`
 			gnome_dbus_chat_gkeyringd($1, $3)
 		')
 
+		optional_policy(`
+			systemd_dbus_chat_logind($1_gkeyringd_t)
+		')
+
 		optional_policy(`
 			wm_dbus_chat($1, $1_gkeyringd_t)
 		')
@@ -821,6 +825,25 @@ interface(`gnome_mmap_gstreamer_orcexec',`
 	allow $1 gstreamer_orcexec_t:file mmap_exec_file_perms;
 ')
 
+########################################
+## <summary>
+##     mmap read gnome_xdg_config_t files
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`gnome_mmap_read_xdg_config_files',`
+	gen_require(`
+		type gnome_xdg_config_t;
+	')
+
+	allow $1 gnome_xdg_config_t:dir list_dir_perms;
+	allow $1 gnome_xdg_config_t:file mmap_read_file_perms;
+')
+
 ########################################
 ## <summary>
 ##     watch gnome_xdg_config_t dirs

diff --git a/policy/modules/apps/wm.if b/policy/modules/apps/wm.if
@@ -236,6 +236,24 @@ interface(`wm_dontaudit_exec_tmpfs_files',`
 	dontaudit $1 wm_tmpfs_t:file exec_file_perms;
 ')
 
+########################################
+## <summary>
+##     Allow sending fd to wm domain
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain to allow
+##     </summary>
+## </param>
+#
+interface(`wm_send_fd',`
+	gen_require(`
+		attribute wm_domain;
+	')
+
+	allow wm_domain $1:fd use;
+')
+
 ########################################
 ## <summary>
 ##	Create a domain for applications