/usr/lib/chromium-browser/chrome-sandbox -- gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
-/opt/google/chrome/nacl_helper_bootstrap -- gen_context(system_u:object_r:chrome_sandbox_bootstrap_exec_t,s0)
-/usr/lib/chromium-browser/nacl_helper_bootstrap -- gen_context(system_u:object_r:chrome_sandbox_bootstrap_exec_t,s0)
+/opt/google/chrome/nacl_helper_bootstrap -- gen_context(system_u:object_r:chrome_sandbox_nacl_exec_t,s0)
+/usr/lib/chromium-browser/nacl_helper_bootstrap -- gen_context(system_u:object_r:chrome_sandbox_nacl_exec_t,s0)
interface(`chrome_run_sandbox',`
gen_require(`
type chrome_sandbox_t;
- type chrome_sandbox_bootstrap_t;
+ type chrome_sandbox_nacl_t;
')
chrome_domtrans_sandbox($1)
role $2 types chrome_sandbox_t;
- role $2 types chrome_sandbox_bootstrap_t;
+ role $2 types chrome_sandbox_nacl_t;
')
########################################
gen_require(`
type chrome_sandbox_t;
type chrome_sandbox_tmpfs_t;
- type chrome_sandbox_bootstrap_t;
+ type chrome_sandbox_nacl_t;
')
role $1 types chrome_sandbox_t;
- role $1 types chrome_sandbox_bootstrap_t;
+ role $1 types chrome_sandbox_nacl_t;
ps_process_pattern($2, chrome_sandbox_t)
allow $2 chrome_sandbox_t:process signal_perms;
files_tmpfs_file(chrome_sandbox_tmpfs_t)
ubac_constrained(chrome_sandbox_tmpfs_t)
-type chrome_sandbox_bootstrap_t;
-type chrome_sandbox_bootstrap_exec_t;
-application_domain(chrome_sandbox_bootstrap_t, chrome_sandbox_bootstrap_exec_t)
-role system_r types chrome_sandbox_bootstrap_t;
+type chrome_sandbox_nacl_t;
+type chrome_sandbox_nacl_exec_t;
+application_domain(chrome_sandbox_nacl_t, chrome_sandbox_nacl_exec_t)
+role system_r types chrome_sandbox_nacl_t;
-permissive chrome_sandbox_bootstrap_t;
+permissive chrome_sandbox_nacl_t;
########################################
#
########################################
#
-# chrome_sandbox_bootstrap local policy
+# chrome_sandbox_nacl local policy
#
-allow chrome_sandbox_bootstrap_t self:fifo_file manage_fifo_file_perms;
-allow chrome_sandbox_bootstrap_t self:unix_stream_socket create_stream_socket_perms;
-domain_use_interactive_fds(chrome_sandbox_bootstrap_t)
-allow chrome_sandbox_t chrome_sandbox_bootstrap_t:process share;
+allow chrome_sandbox_nacl_t self:fifo_file manage_fifo_file_perms;
+allow chrome_sandbox_nacl_t self:unix_stream_socket create_stream_socket_perms;
+domain_use_interactive_fds(chrome_sandbox_nacl_t)
+allow chrome_sandbox_t chrome_sandbox_nacl_t:process share;
-dontaudit chrome_sandbox_bootstrap_t self:memprotect mmap_zero;
+dontaudit chrome_sandbox_nacl_t self:memprotect mmap_zero;
-domtrans_pattern(chrome_sandbox_t, chrome_sandbox_bootstrap_exec_t, chrome_sandbox_bootstrap_t)
+domtrans_pattern(chrome_sandbox_t, chrome_sandbox_nacl_exec_t, chrome_sandbox_nacl_t)
-files_read_etc_files(chrome_sandbox_bootstrap_t)
+files_read_etc_files(chrome_sandbox_nacl_t)
-miscfiles_read_localization(chrome_sandbox_bootstrap_t)
+miscfiles_read_localization(chrome_sandbox_nacl_t)
projects / people / stevee / selinux-policy.git / commitdiff
