Return-Path: <SRS0=lgLh=PT=vger.kernel.org=selinux-refpolicy-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.6 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_PASS autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7E4DBC43387
	for <selinux-refpolicy@archiver.kernel.org>; Fri, 11 Jan 2019 01:30:49 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 2E3EF20879
	for <selinux-refpolicy@archiver.kernel.org>; Fri, 11 Jan 2019 01:30:49 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=ieee.org header.i=@ieee.org header.b="FOtXIlqa"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726369AbfAKBas (ORCPT
        <rfc822;selinux-refpolicy@archiver.kernel.org>);
        Thu, 10 Jan 2019 20:30:48 -0500
Received: from mail-qt1-f195.google.com ([209.85.160.195]:46469 "EHLO
        mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727846AbfAKBas (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Thu, 10 Jan 2019 20:30:48 -0500
Received: by mail-qt1-f195.google.com with SMTP id y20so16415761qtm.13
        for <selinux-refpolicy@vger.kernel.org>; Thu, 10 Jan 2019 17:30:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ieee.org; s=google;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=yHskKh6MGJ+7rLsQlL0aGskqMClhkRdY/D2T7ojbwLw=;
        b=FOtXIlqaOkilgPMhS76C7zJGxbwDv7Dl3IxvC+3+DSzS65lssQK+t21OEgKdBu3evi
         vgk6yGoi7sz9bCHti6wdNzZkdV8Z7tjiNLkHkFFMSJ/NMiLDcw64BEHun5q76TEMCdRR
         v3wASIJRCtjYpf6bWgjmS0/SmVVRbhQ2e4Y5Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=yHskKh6MGJ+7rLsQlL0aGskqMClhkRdY/D2T7ojbwLw=;
        b=qsmhbU2dwfRzBzUx4QWUFF0wwfKcelYeA4K4g/DdzP1NoUtZtajtiIo4+QG62hWIS+
         Zn69QQ5gj7EPo8R0JT2csdq4AREbdwKSNhofhTswfIQ+7sJZgrTS+HvXAEEWsFq2PqWh
         saGID/Bmty9zN1jJUhUprO7dpC+D7cGWAr+Rtk8KUBgTx5PeDIzRjuevoaD6rNmgMXIH
         VHHVYQobAyYVWD8kq0SvFdKuhXilRPgf1XMT/ncUhBn2yb3wXMYQgwZ4xrK9wwV6ODpi
         oZr+0PrQks6AERp1mKENqOhbUInpRzhfHGVgwkm4AtnLzNwG7sDBuLwPd1bu06vuLpL2
         Bl4Q==
X-Gm-Message-State: AJcUuken6h3qIOcMyDCNOSw8NQv86wsFNSODUdAns+EbLLeQygRJjhQf
        oSH8vsTFsJzbOI8APxbIAr30VvGNHaw=
X-Google-Smtp-Source: ALg8bN5Ze+PWYZijCJAfxMK5O16Di+uB/aZ25Inr2EuMEe7/hsNB8OcGrOdOF2mAf+KgoacKRl/ZgA==
X-Received: by 2002:ac8:2ccc:: with SMTP id 12mr11807535qtx.277.1547170247500;
        Thu, 10 Jan 2019 17:30:47 -0800 (PST)
Received: from [192.168.1.190] (pool-108-15-23-247.bltmmd.fios.verizon.net. [108.15.23.247])
        by smtp.gmail.com with ESMTPSA id b20sm47210626qkb.17.2019.01.10.17.30.46
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 10 Jan 2019 17:30:47 -0800 (PST)
Subject: Re: [PATCH] chrome/chromium
To:     russell@coker.com.au
Cc:     selinux-refpolicy@vger.kernel.org
References: <20190108084939.GA28652@xev>
 <f4be7e95-9b5d-985d-3033-6faec99e2742@ieee.org> <11639347.phjdDo44MW@xev>
From:   Chris PeBenito <pebenito@ieee.org>
Message-ID: <857d83a0-1aba-6e03-59fb-f1c6b451452c@ieee.org>
Date:   Thu, 10 Jan 2019 20:17:36 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.3.0
MIME-Version: 1.0
In-Reply-To: <11639347.phjdDo44MW@xev>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

On 1/10/19 12:17 AM, Russell Coker wrote:
> On Thursday, 10 January 2019 11:06:23 AM AEDT Chris PeBenito wrote:
>>> allow $2 mozilla_t:fd use;
>>> allow $2 mozilla_t:shm rw_shm_perms;
>>> +       allow chrome_sandbox_t $2:fd use;
>>> +       allow chrome_sandbox_t $2:fifo_file write;
>>> +       allow chrome_sandbox_t $3:chr_file { read write };
>>
>> Beyond that, this simply won't fly because all the seemingly conflicting
>> types.  A user might think, "what does mozilla have to do with chrome? I
>> don't even have mozilla installed!"  For this to work, we'd have to go
>> down a generic browser policy, with correspondingly generic type names.
>> I'm not opposed to this, but that'd be the first step.
> 
> Fair point.  Would you like me to submit a patch s/mozilla/webbrowser/g as the
> first step towards this?

Sure.  Don't forget the compat aliases for mozilla.

-- 
Chris PeBenito