a0e7a6da28
See https://source.android.com/setup/contribute/respectful-code for reference Bug: 161896447 Change-Id: I0caf39b349c48e44123775d98c52a773b0b504ff
17 lines
599 B
Plaintext
17 lines
599 B
Plaintext
# Toolbox installation for vendor binaries / scripts
|
|
# Non-vendor processes are not allowed to execute the binary
|
|
# and is always executed without transition.
|
|
type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
# Do not allow domains to transition to vendor toolbox
|
|
# or read, execute the vendor_toolbox file.
|
|
full_treble_only(`
|
|
# Do not allow non-vendor domains to transition
|
|
# to vendor toolbox except for the allowlisted domains.
|
|
neverallow {
|
|
coredomain
|
|
-init
|
|
-modprobe
|
|
} vendor_toolbox_exec:file { entrypoint execute execute_no_trans };
|
|
')
|