Google Git
Sign in
cos / third_party / overlays / chromiumos-overlay / 1a23ecdac21cd60db3392429e57302859d8115ab^! / .
commit1a23ecdac21cd60db3392429e57302859d8115ab[log] [tgz]
authorThomas Cedeno <thomascedeno@google.com>Wed Aug 12 18:03:12 2020 +0000
committerCommit Bot <commit-bot@chromium.org>Thu Oct 14 01:03:35 2021 +0000
treefc9701c8e16728b96f663940eb85c9887f91581c
parent0ec1af4e1b9170254ae8c867e98bf38033de4736 [diff]
SafeSetID: Update ebuilds for setuid policies

Update the various files these ebuild's insert into
setuid_restrictions

BUG=chromium:1077756
TEST=None

Cq-Depend: chromium:2353029
Change-Id: Id0a858dbb9739ba97bfac22b1ae5f85b6a8494ff
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/2352758
Tested-by: Thomas Cedeno <thomascedeno@google.com>
Commit-Queue: Thomas Cedeno <thomascedeno@google.com>
Reviewed-by: Felipe Andrade <fsandrade@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>

diff --git a/chromeos-base/authpolicy/authpolicy-9999.ebuild b/chromeos-base/authpolicy/authpolicy-9999.ebuild
index 8ac51fe5..3b36adc 100644
--- a/chromeos-base/authpolicy/authpolicy-9999.ebuild
+++ b/chromeos-base/authpolicy/authpolicy-9999.ebuild

@@ -61,7 +61,7 @@
 	insinto /usr/share/policy
 	doins seccomp_filters/*.policy
 	insinto /usr/share/cros/startup/process_management_policies
-	doins setuid_restrictions/authpolicyd_whitelist.txt
+	doins setuid_restrictions/authpolicyd_uid_allowlist.txt
 
 	# Create daemon store folder prototype, see
 	# https://chromium.googlesource.com/chromiumos/docs/+/master/sandboxing.md#securely-mounting-cryptohome-daemon-store-folders

diff --git a/chromeos-base/cros-disks/cros-disks-9999.ebuild b/chromeos-base/cros-disks/cros-disks-9999.ebuild
index 642ed91..57afa31 100644
--- a/chromeos-base/cros-disks/cros-disks-9999.ebuild
+++ b/chromeos-base/cros-disks/cros-disks-9999.ebuild

@@ -98,7 +98,7 @@
 
 	# Install setuid restrictions file.
 	insinto /usr/share/cros/startup/process_management_policies
-	doins setuid_restrictions/cros_disks_whitelist.txt
+	doins setuid_restrictions/cros_disks_uid_allowlist.txt
 
 	# Install powerd prefs for FUSE freeze ordering.
 	insinto /usr/share/power_manager

diff --git a/chromeos-base/kerberos/kerberos-9999.ebuild b/chromeos-base/kerberos/kerberos-9999.ebuild
index 94f2064..574f745 100644
--- a/chromeos-base/kerberos/kerberos-9999.ebuild
+++ b/chromeos-base/kerberos/kerberos-9999.ebuild

@@ -64,7 +64,7 @@
 	newins seccomp/kerberosd-seccomp-"${ARCH}".policy kerberosd-seccomp.policy
 
 	insinto /usr/share/cros/startup/process_management_policies
-	doins setuid_restrictions/kerberosd_whitelist.txt
+	doins setuid_restrictions/kerberosd_uid_allowlist.txt
 
 	# Create daemon store folder prototype, see
 	# https://chromium.googlesource.com/chromiumos/docs/+/master/sandboxing.md#securely-mounting-cryptohome-daemon-store-folders

diff --git a/chromeos-base/shill/shill-9999.ebuild b/chromeos-base/shill/shill-9999.ebuild
index 7d9d72c..f34d57a 100644
--- a/chromeos-base/shill/shill-9999.ebuild
+++ b/chromeos-base/shill/shill-9999.ebuild

@@ -197,7 +197,7 @@
 	dotmpfiles tmpfiles.d/*.conf
 
 	insinto /usr/share/cros/startup/process_management_policies
-	doins setuid_restrictions/shill_allowed.txt
+	doins setuid_restrictions/shill_uid_allowlist.txt
 
 	udev_dorules udev/*.rules