| type cros_cryptohome_proxy, domain, chromeos_domain; |
| permissive cros_cryptohome_proxy; |
| |
| domain_auto_trans(minijail, cros_cryptohome_proxy_exec, cros_cryptohome_proxy); |
| |
| arc_cts_fails_release(` |
| allow cros_cryptohome_proxy cros_dbus_daemon:unix_stream_socket connectto; |
| allow cros_cryptohome_proxy cros_run:dir mounton; |
| allow cros_cryptohome_proxy cros_run_dbus:dir r_dir_perms; |
| allow cros_cryptohome_proxy cros_system_bus_socket:sock_file w_file_perms; |
| allow cros_cryptohome_proxy device:dir mounton; |
| allow cros_cryptohome_proxy device:filesystem unmount; |
| allow cros_cryptohome_proxy labeledfs:filesystem { remount unmount }; |
| allow cros_cryptohome_proxy logger_device:sock_file r_file_perms; |
| allow cros_cryptohome_proxy minijail:fd use; |
| allow cros_cryptohome_proxy minijail:fifo_file read; |
| allow cros_cryptohome_proxy proc:filesystem remount; |
| allow cros_cryptohome_proxy rootfs:dir { mounton r_dir_perms }; |
| allow cros_cryptohome_proxy self:capability { chown setgid setpcap setuid sys_chroot }; |
| allow cros_cryptohome_proxy tmpfs:chr_file create; |
| allow cros_cryptohome_proxy tmpfs:dir mounton; |
| allow cros_cryptohome_proxy tmpfs:file { create_file_perms mounton }; |
| allow cros_cryptohome_proxy tmpfs:filesystem { mount remount }; |
| allow cros_cryptohome_proxy tmpfs:lnk_file create_file_perms; |
| allow cros_cryptohome_proxy unlabeled:dir { getattr mounton }; |
| allow cros_cryptohome_proxy self:capability sys_admin; |
| ', (cros_cryptohome_proxy)); |
| |
| log_writer(cros_cryptohome_proxy); |
| uma_writer(cros_cryptohome_proxy); |