RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chromium: Move naclhelper lines. 

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
This commit is contained in:
Chris PeBenito 2021-01-19 08:39:00 -05:00
parent 34a8c10cb9
commit 437e0c4b97
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
policy/modules/apps/chromium.te
View File

@ -372,8 +372,15 @@ allow chromium_sandbox_t chromium_naclhelper_t:process share;
allow chromium_naclhelper_t chromium_t:unix_stream_socket { getattr read write };
allow chromium_naclhelper_t chromium_sandbox_t:unix_stream_socket { getattr read write };
dev_read_sysfs(chromium_naclhelper_t)
dev_read_urand(chromium_naclhelper_t)
domain_mmap_low_uncond(chromium_naclhelper_t)
kernel_list_proc(chromium_naclhelper_t)
miscfiles_read_localization(chromium_naclhelper_t)
userdom_use_user_ptys(chromium_naclhelper_t)
tunable_policy(`chromium_read_system_info',`
@ -383,9 +390,3 @@ tunable_policy(`chromium_read_system_info',`
kernel_dontaudit_read_kernel_sysctl(chromium_naclhelper_t)
kernel_dontaudit_read_system_state(chromium_naclhelper_t)
')
dev_read_sysfs(chromium_naclhelper_t)
dev_read_urand(chromium_naclhelper_t)
kernel_list_proc(chromium_naclhelper_t)
miscfiles_read_localization(chromium_naclhelper_t)