Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(52)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/selinux/chromium-browser.te

Issue 14771026: Linux: remove unmaintained SELinux code. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « sandbox/linux/selinux/chromium-browser.if ('k') | sandbox/linux/services/libc_urandom_override.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 policy_module(chromium-browser,1.0.0)
2
3 gen_require(`
4 type gnome_home_t;
5 type proc_t;
6 type tmpfs_t;
7 type unconfined_t;
8 type urandom_device_t;
9 type user_devpts_t;
10 type user_tmpfs_t;
11 ')
12
13 type chromium_renderer_t;
14 domain_base_type(chromium_renderer_t)
15 role unconfined_r types chromium_renderer_t;
16
17 allow unconfined_t chromium_renderer_t:process { dyntransition };
18
19 allow chromium_renderer_t unconfined_t:unix_stream_socket { read write send_msg recv_msg };
20 allow unconfined_t chromium_renderer_t:unix_stream_socket { read write send_msg recv_msg };
21
22 allow chromium_renderer_t urandom_device_t:chr_file { read };
23 allow chromium_renderer_t user_devpts_t:chr_file { write };
24 allow chromium_renderer_t self:process { execmem };
25 allow chromium_renderer_t self:fifo_file { read write };
26 allow chromium_renderer_t self:unix_dgram_socket { read write create send_msg re cv_msg sendto };
27 allow chromium_renderer_t unconfined_t:unix_dgram_socket { read write send_msg r ecv_msg };
28 allow unconfined_t chromium_renderer_t:unix_dgram_socket { read write send_msg r ecv_msg };
29 allow chromium_renderer_t user_tmpfs_t:file { read write append open getattr };
30 allow chromium_renderer_t tmpfs_t:file { read write };
31 allow chromium_renderer_t self:shm { create destroy getattr setattr read write a ssociate unix_read unix_write };
32
33 # For reading dictionaries out of the user-data-dir
34 allow chromium_renderer_t gnome_home_t:file { read getattr };
35
36 miscfiles_read_localization(chromium_renderer_t);
37 miscfiles_read_fonts(chromium_renderer_t);
38
39 # The renderer will attempt to read meminfo
40 dontaudit chromium_renderer_t proc_t:file { read };
OLDNEW
« no previous file with comments | « sandbox/linux/selinux/chromium-browser.if ('k') | sandbox/linux/services/libc_urandom_override.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698