## Chromium browser ##

####################################### ##

## Role access for chromium ##

## ##

## Role allowed access ##

## ## ##

## User domain for the role ##

## # interface(`chromium_role',` gen_require(` type chromium_t; type chromium_renderer_t; type chromium_exec_t; ') role $1 types chromium_t; role $1 types chromium_renderer_t; # Transition from the user domain to the derived domain chromium_domtrans($2) # Allow ps to show chromium processes and allow the user to signal it ps_process_pattern($2, chromium_t) ps_process_pattern($2, chromium_renderer_t) allow $2 chromium_t:process signal_perms; allow $2 chromium_renderer_t:process signal_perms; ') ####################################### ##

## Read-write access to Chromiums' temporary fifo files ##

## ##

## Domain allowed access ##

## # interface(`chromium_rw_tmp_pipes',` gen_require(` type chromium_tmp_t; ') rw_fifo_files_pattern($1, chromium_tmp_t, chromium_tmp_t) ') ############################################## ##

## Automatically use the specified type for resources created in chromium's ## temporary locations ##

## ##

## Domain that creates the resource(s) ##

## ## ##

## Type of the resource created ##

## ## ##

## The name of the resource being created ##

## # interface(`chromium_tmp_filetrans',` gen_require(` type chromium_tmp_t; ') search_dirs_pattern($1, chromium_tmp_t, chromium_tmp_t) filetrans_pattern($1, chromium_tmp_t, $2, $3, $4) ') ####################################### ##

## Execute a domain transition to the chromium domain (chromium_t) ##

## ##

## Domain allowed access ##

## # interface(`chromium_domtrans',` gen_require(` type chromium_t; type chromium_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, chromium_exec_t, chromium_t) ') ####################################### ##

## Execute chromium in the chromium domain and allow the specified role to access the chromium domain ##

## ##

## Domain allowed access ##

## ## ##

## Role allowed access ##

## # interface(`chromium_run',` gen_require(` type chromium_t; ') chromium_domtrans($1) role $2 types chromium_t; ')