Use inclusive language

PiperOrigin-RevId: 331116936
Change-Id: I7084b24440a1c78c0d70030da900330f0b8d954f

sandboxed_api/sandbox2/comms.cc

@@ -347,7 +347,7 @@ bool Comms::RecvFD(int* fd) {
 
   const auto op = [&msg](int fd) -> ssize_t {
     PotentiallyBlockingRegion region;
-    // Use syscall, otherwise we would need to whitelist socketcall() on PPC.
+    // Use syscall, otherwise we would need to allow socketcall() on PPC.
     return TEMP_FAILURE_RETRY(
         util::Syscall(__NR_recvmsg, fd, reinterpret_cast<uintptr_t>(&msg), 0));
   };

sandboxed_api/sandbox2/mounts.cc

@@ -501,7 +501,7 @@ std::string MountFlagsToString(uint64_t flags) {
       SAPI_MAP(MS_POSIXACL),
       SAPI_MAP(MS_UNBINDABLE),
       SAPI_MAP(MS_PRIVATE),
-      SAPI_MAP(MS_SLAVE),
+      SAPI_MAP(MS_SLAVE),  // Inclusive language: system constant
       SAPI_MAP(MS_SHARED),
       SAPI_MAP(MS_RELATIME),
       SAPI_MAP(MS_KERNMOUNT),

sandboxed_api/sandbox2/violation.proto

@@ -105,10 +105,10 @@ message SyscallDescription {
 }
 
 message FsDescription {
-  repeated string file_whitelist = 1;
+  repeated string file_allowlist = 1;
-  repeated string symlink_whitelist = 2;
+  repeated string symlink_allowlist = 2;
   repeated string file_greylist = 3;
-  repeated string file_blacklist = 4;
+  repeated string file_denylist = 4;
 }
 
 message PolicyBuilderDescription {
@@ -125,7 +125,7 @@ message NamespaceDescription {
 message PolicyDescription {
   bytes user_bpf_policy = 1;
   reserved 2 to 5;
-  // This requires additional fields. (e.g. whitelisted syscall #s)
+  // This requires additional fields. (e.g. allowed syscall numbers)
   PolicyBuilderDescription policy_builder_description = 6;
 
   // namespace