SELinux: add basic policy.

This patch removes the chromium_zygote_t type and adds a
chromium_renderer_t type. Also, a basic policy for chromium_renderer_t
is included.

I decided not to try to have a different policy for the zygote since
it just makes things more complex for little reason.

BUG=none
TEST=none

http://codereview.chromium.org/1104002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44908 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 5 insertions, 0 deletions

diff --git a/ipc/ipc_channel_posix.cc b/ipc/ipc_channel_posix.cc
index f6b19f7..a2fdf38 100644
--- a/ipc/ipc_channel_posix.cc
+++ b/ipc/ipc_channel_posix.cc
@@ -653,6 +653,11 @@ bool Channel::ChannelImpl::ProcessIncomingMessages() {
                          << " header()->num_fds:" << m.header()->num_fds
                          << " num_fds:" << num_fds
                          << " fds_i:" << fds_i;
+#if defined(CHROMIUM_SELINUX)
+            LOG(WARNING) << "In the case of SELinux this can be caused when "
+                            "using a --user-data-dir to which the default "
+                            "policy doesn't give the renderer access to. ";
+#endif
             // close the existing file descriptors so that we don't leak them
             for (unsigned i = fds_i; i < num_fds; ++i)
               HANDLE_EINTR(close(fds[i]));