SafeSetID: Update ebuilds for setuid policies
Update the various files these ebuild's insert into
setuid_restrictions
BUG=chromium:1077756
TEST=None
Cq-Depend: chromium:2353029
Change-Id: Id0a858dbb9739ba97bfac22b1ae5f85b6a8494ff
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/2352758
Tested-by: Thomas Cedeno <thomascedeno@google.com>
Commit-Queue: Thomas Cedeno <thomascedeno@google.com>
Reviewed-by: Felipe Andrade <fsandrade@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
diff --git a/chromeos-base/authpolicy/authpolicy-9999.ebuild b/chromeos-base/authpolicy/authpolicy-9999.ebuild
index 8ac51fe5..3b36adc 100644
--- a/chromeos-base/authpolicy/authpolicy-9999.ebuild
+++ b/chromeos-base/authpolicy/authpolicy-9999.ebuild
@@ -61,7 +61,7 @@
insinto /usr/share/policy
doins seccomp_filters/*.policy
insinto /usr/share/cros/startup/process_management_policies
- doins setuid_restrictions/authpolicyd_whitelist.txt
+ doins setuid_restrictions/authpolicyd_uid_allowlist.txt
# Create daemon store folder prototype, see
# https://chromium.googlesource.com/chromiumos/docs/+/master/sandboxing.md#securely-mounting-cryptohome-daemon-store-folders
diff --git a/chromeos-base/cros-disks/cros-disks-9999.ebuild b/chromeos-base/cros-disks/cros-disks-9999.ebuild
index 642ed91..57afa31 100644
--- a/chromeos-base/cros-disks/cros-disks-9999.ebuild
+++ b/chromeos-base/cros-disks/cros-disks-9999.ebuild
@@ -98,7 +98,7 @@
# Install setuid restrictions file.
insinto /usr/share/cros/startup/process_management_policies
- doins setuid_restrictions/cros_disks_whitelist.txt
+ doins setuid_restrictions/cros_disks_uid_allowlist.txt
# Install powerd prefs for FUSE freeze ordering.
insinto /usr/share/power_manager
diff --git a/chromeos-base/kerberos/kerberos-9999.ebuild b/chromeos-base/kerberos/kerberos-9999.ebuild
index 94f2064..574f745 100644
--- a/chromeos-base/kerberos/kerberos-9999.ebuild
+++ b/chromeos-base/kerberos/kerberos-9999.ebuild
@@ -64,7 +64,7 @@
newins seccomp/kerberosd-seccomp-"${ARCH}".policy kerberosd-seccomp.policy
insinto /usr/share/cros/startup/process_management_policies
- doins setuid_restrictions/kerberosd_whitelist.txt
+ doins setuid_restrictions/kerberosd_uid_allowlist.txt
# Create daemon store folder prototype, see
# https://chromium.googlesource.com/chromiumos/docs/+/master/sandboxing.md#securely-mounting-cryptohome-daemon-store-folders
diff --git a/chromeos-base/shill/shill-9999.ebuild b/chromeos-base/shill/shill-9999.ebuild
index 7d9d72c..f34d57a 100644
--- a/chromeos-base/shill/shill-9999.ebuild
+++ b/chromeos-base/shill/shill-9999.ebuild
@@ -197,7 +197,7 @@
dotmpfiles tmpfiles.d/*.conf
insinto /usr/share/cros/startup/process_management_policies
- doins setuid_restrictions/shill_allowed.txt
+ doins setuid_restrictions/shill_uid_allowlist.txt
udev_dorules udev/*.rules