security_SandboxedServices: Update baseline.
-With Mike's latest changes a bunch of services report "caps" as "Yes".
-Add a few "Yes" for NoNewPrivs.
-Remove X from the baseline.
-Add a few new services to the baseline.
*conntrackd
*arc_camera_serv
BUG=chromium:709990
TEST=Passes on kevin.
Change-Id: Iae25e6d3161a171d4a2a12f80f8974c069e5a35a
Reviewed-on: https://chromium-review.googlesource.com/527502
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
diff --git a/client/site_tests/security_SandboxedServices/baseline b/client/site_tests/security_SandboxedServices/baseline
index 9b53efb..a26c9dc 100644
--- a/client/site_tests/security_SandboxedServices/baseline
+++ b/client/site_tests/security_SandboxedServices/baseline
@@ -9,44 +9,45 @@
frecon,root,root,No,No,No,No
session_manager,root,root,No,No,No,No
-rsyslogd,syslog,syslog,No,No,No,No
-dbus-daemon,messagebus,messagebus,No,No,No,No
-wpa_supplicant,wpa,wpa,No,No,No,No
+rsyslogd,syslog,syslog,No,Yes,No,No
+dbus-daemon,messagebus,messagebus,No,Yes,No,No
+wpa_supplicant,wpa,wpa,No,Yes,No,No
shill,root,root,No,No,No,No
-X,xorg,xorg,No,No,No,No
-chapsd,chaps,chronos-access,No,No,No,No
+chapsd,chaps,chronos-access,No,Yes,No,No
cryptohomed,root,root,No,No,No,No
-powerd,power,power,No,No,No,No
-ModemManager,modem,modem,No,No,No,No
-dhcpcd,dhcp,dhcp,No,No,No,No
+powerd,power,power,No,Yes,No,No
+ModemManager,modem,modem,No,Yes,No,No
+dhcpcd,dhcp,dhcp,No,Yes,No,No
metrics_daemon,root,root,No,No,No,No
disks,root,root,No,No,No,No
update_engine,root,root,No,No,No,No
-bluetoothd,bluetooth,bluetooth,No,Yes,No,No
+bluetoothd,bluetooth,bluetooth,No,Yes,Yes,No
debugd,root,root,No,No,No,No
-cras,cras,cras,No,No,No,No
-tcsd,tss,root,No,No,No,No
+cras,cras,cras,No,Yes,Yes,No
+tcsd,tss,root,No,Yes,No,No
cromo,cromo,cromo,No,No,No,No
wimax-manager,root,root,No,No,No,No
-mtpd,mtp,mtp,No,No,No,Yes
-tlsdated,tlsdate,tlsdate,No,No,No,No
+mtpd,mtp,mtp,No,Yes,Yes,Yes
+tlsdated,tlsdate,tlsdate,No,Yes,No,No
+tlsdated-setter,root,root,No,No,Yes,Yes
lid_touchpad_he,root,root,No,No,No,No
thermal.sh,root,root,No,No,No,No
daisydog,watchdog,watchdog,No,No,No,No
-permission_brok,devbroker,root,No,Yes,No,No
+permission_brok,devbroker,root,No,Yes,Yes,No
netfilter-queue,nfqueue,nfqueue,No,Yes,No,Yes
warn_collector,root,root,No,No,No,No
-tlsdated-setter,root,root,No,No,No,No
attestationd,attestation,attestation,No,No,No,No
periodic_schedu,root,root,No,No,No,No
esif_ufd,root,root,No,No,No,No
easy_unlock,easy-unlock,easy-unlock,No,No,No,No
-sslh-fork,sslh,sslh,Yes,No,No,No
+sslh-fork,sslh,sslh,Yes,Yes,No,Yes
+arc_camera_serv,arc-camera,arc-camera,No,Yes,No,No
arc-networkd,root,root,Yes,No,No,No
arc-obb-mounter,root,root,Yes,No,No,No
upstart-socket-,root,root,No,No,No,No
timberslide,root,root,No,No,No,No
firewalld,firewall,firewall,Yes,Yes,Yes,No
+conntrackd,nfqueue,nfqueue,No,Yes,Yes,Yes
# Broadcomm bluetooth firmware patch downloader runs on some veyron boards.
brcm_patchram_p,root,root,No,No,No,No
diff --git a/client/site_tests/security_SandboxedServices/exclude b/client/site_tests/security_SandboxedServices/exclude
index 5f52c2a..df53251 100644
--- a/client/site_tests/security_SandboxedServices/exclude
+++ b/client/site_tests/security_SandboxedServices/exclude
@@ -13,6 +13,7 @@
login
nacl_helper
nacl_helper_boo
+nacl_helper_non
ping
ps
ply-image