Please create a new interface and use it here, no declaration of type…

…s from outside this module would be needed then.

policy/modules/contrib/dbus.te

@@ -412,8 +412,5 @@ kernel_stream_connect(session_bus_type)
 systemd_login_read_pid_files(session_bus_type)
 
 optional_policy(`
-	gen_require(`
-		type gnome_remote_desktop_t;
-	')
-	allow system_dbusd_t gnome_remote_desktop_t:tcp_socket { read write };
+	gnome_remote_desktop_rw_tcp_sockets(system_dbusd_t)
 ')

policy/modules/contrib/gnome_remote_desktop.if

@@ -153,3 +153,26 @@ interface(`gnome_remote_desktop_admin',`
 		systemd_read_fifo_file_passwd_run($1)
 	')
 ')
+
+## <summary>
+##	Read and write to TCP socket
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read and write to
+##  gnome_remote_desktop_port_t TCP socket
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`gnome_remote_desktop_rw_tcp_sockets', `
+	gen_require(`
+		type gnome_remote_desktop_t;
+	')
+
+	allow $1 gnome_remote_desktop_t:tcp_socket rw_socket_perms;
+')

policy/modules/services/xserver.te

@@ -1860,10 +1860,6 @@ tunable_policy(`selinuxuser_direct_dri_enabled',`
 
 #============= xdm_t ==============
 optional_policy(`
-	require {
-		type gnome_remote_desktop_t;
-		}
-
-	allow xdm_t gnome_remote_desktop_t:tcp_socket { getattr getopt read setopt shutdown write };
+	gnome_remote_desktop_rw_tcp_sockets(xdm_t)
 	dev_rw_dma_dev(xdm_t)
 ')