| type cros_ssh_session, domain, chromeos_domain; |
| |
| permissive cros_ssh_session; |
| |
| has_arc( |
| typeattribute cros_ssh_session netdomain; |
| ) |
| |
| type cros_audit_basic_test_file, file_type, cros_file_type, cros_tmpfile_type; |
| # NOTE: if you change this, you'll also need to update tast tests that |
| # reference it. Search for "cros_selinux_audit_basic_test" in the tast repo. |
| filetrans_pattern(cros_ssh_session, tmpfs, cros_audit_basic_test_file, dir, "cros_selinux_audit_basic_test") |
| allow cros_ssh_session cros_audit_basic_test_file:file create_file_perms; |
| allow cros_ssh_session cros_audit_basic_test_file:dir create_file_perms; |
| # Intentially audit this to test in tast tests. |
| auditallow cros_ssh_session cros_audit_basic_test_file:file create; |
| |
| # Tast tests run in the cros_ssh_session context. Crash-related tast tests may |
| # need to create or read files in this directory, and in particular for tests |
| # that test SELinux violation handling, it is important that we not create |
| # spurious audit log entries. |
| rw_dir_file(cros_ssh_session, cros_run_crash_reporter); |