Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(418)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: sandbox/linux/selinux/chromium-browser.te

Issue 14771026: Linux: remove unmaintained SELinux code. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/selinux/chromium-browser.if ('k') | sandbox/linux/services/libc_urandom_override.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/selinux/chromium-browser.te
diff --git a/sandbox/linux/selinux/chromium-browser.te b/sandbox/linux/selinux/chromium-browser.te
deleted file mode 100644
index ae2f8b7a46ad144526530c0dc1c9b35a53876a3d..0000000000000000000000000000000000000000
--- a/sandbox/linux/selinux/chromium-browser.te
+++ /dev/null
@@ -1,40 +0,0 @@
-policy_module(chromium-browser,1.0.0)
-
-gen_require(`
- type gnome_home_t;
- type proc_t;
- type tmpfs_t;
- type unconfined_t;
- type urandom_device_t;
- type user_devpts_t;
- type user_tmpfs_t;
-')
-
-type chromium_renderer_t;
-domain_base_type(chromium_renderer_t)
-role unconfined_r types chromium_renderer_t;
-
-allow unconfined_t chromium_renderer_t:process { dyntransition };
-
-allow chromium_renderer_t unconfined_t:unix_stream_socket { read write send_msg recv_msg };
-allow unconfined_t chromium_renderer_t:unix_stream_socket { read write send_msg recv_msg };
-
-allow chromium_renderer_t urandom_device_t:chr_file { read };
-allow chromium_renderer_t user_devpts_t:chr_file { write };
-allow chromium_renderer_t self:process { execmem };
-allow chromium_renderer_t self:fifo_file { read write };
-allow chromium_renderer_t self:unix_dgram_socket { read write create send_msg recv_msg sendto };
-allow chromium_renderer_t unconfined_t:unix_dgram_socket { read write send_msg recv_msg };
-allow unconfined_t chromium_renderer_t:unix_dgram_socket { read write send_msg recv_msg };
-allow chromium_renderer_t user_tmpfs_t:file { read write append open getattr };
-allow chromium_renderer_t tmpfs_t:file { read write };
-allow chromium_renderer_t self:shm { create destroy getattr setattr read write associate unix_read unix_write };
-
-# For reading dictionaries out of the user-data-dir
-allow chromium_renderer_t gnome_home_t:file { read getattr };
-
-miscfiles_read_localization(chromium_renderer_t);
-miscfiles_read_fonts(chromium_renderer_t);
-
-# The renderer will attempt to read meminfo
-dontaudit chromium_renderer_t proc_t:file { read };
« no previous file with comments | « sandbox/linux/selinux/chromium-browser.if ('k') | sandbox/linux/services/libc_urandom_override.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698