fs_dontaudit_getattr_all_fs(chrome_sandbox_t)
userdom_rw_inherited_user_tmpfs_files(chrome_sandbox_t)
+userdom_execute_user_tmpfs_files(chrome_sandbox_t)
userdom_use_user_ptys(chrome_sandbox_t)
userdom_write_inherited_user_tmp_files(chrome_sandbox_t)
allow chrome_sandbox_nacl_t self:fifo_file manage_fifo_file_perms;
allow chrome_sandbox_nacl_t self:unix_stream_socket create_stream_socket_perms;
allow chrome_sandbox_nacl_t self:shm create_shm_perms;
-allow chrome_sandbox_nacl_t self:unix_dgram_socket create_socket_perms;
+allow chrome_sandbox_nacl_t self:unix_dgram_socket { create_socket_perms sendto };
allow chrome_sandbox_nacl_t chrome_sandbox_t:shm rw_shm_perms;
allow chrome_sandbox_nacl_t chrome_sandbox_tmpfs_t:file rw_inherited_file_perms;
userdom_use_inherited_user_ptys(chrome_sandbox_nacl_t)
userdom_rw_inherited_user_tmpfs_files(chrome_sandbox_nacl_t)
userdom_execute_user_tmpfs_files(chrome_sandbox_nacl_t)
+userdom_read_inherited_user_tmp_files(chrome_sandbox_nacl_t)
/opt/google-earth/.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/google-earth/.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/google/.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/google/chrome/.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/nspluginwrapper/np.*\.so -- gen_context(system_u:object_r:lib_t,s0)
dontaudit $1 user_tmp_t:dir setattr;
')
+########################################
+## <summary>
+## Read all inherited users files in /tmp
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_read_inherited_user_tmp_files',`
+ gen_require(`
+ type user_tmp_t;
+ ')
+
+ allow $1 user_tmp_t:file read_inherited_file_perms;
+')
+
########################################
## <summary>
## Write all inherited users files in /tmp