| Yi Jin | bc24ba7 | 2018-01-22 14:00:46 -0800 | [diff] [blame] | 1 | typeattribute incident_helper coredomain; |
| 2 | |
| Nick Kralevich | 5e37271 | 2018-09-27 10:21:37 -0700 | [diff] [blame] | 3 | type incident_helper_exec, system_file_type, exec_type, file_type; |
| Yi Jin | bc24ba7 | 2018-01-22 14:00:46 -0800 | [diff] [blame] | 4 | |
| 5 | # switch to incident_helper domain for incident_helper command |
| 6 | domain_auto_trans(incidentd, incident_helper_exec, incident_helper) |
| 7 | |
| 8 | # use pipe to transmit data from/to incidentd/incident_helper for parsing |
| Mike Ma | de3a3e4 | 2018-12-03 10:35:40 -0800 | [diff] [blame] | 9 | allow incident_helper { shell incident incidentd dumpstate }:fd use; |
| 10 | allow incident_helper { shell incident incidentd dumpstate }:fifo_file { getattr read write }; |
| Yi Jin | 76238cd | 2018-03-30 10:14:08 -0700 | [diff] [blame] | 11 | allow incident_helper incidentd:unix_stream_socket { read write }; |
| Yi Jin | bc24ba7 | 2018-01-22 14:00:46 -0800 | [diff] [blame] | 12 | |
| 13 | # only allow incidentd and shell to call incident_helper |
| Paul Lawrence | 840b607 | 2025-01-28 07:41:05 -0800 | [diff] [blame^] | 14 | neverallow { |
| 15 | domain |
| 16 | -incidentd |
| 17 | -incident_helper |
| 18 | -shell |
| 19 | userdebug_or_eng(`-overlay_remounter') |
| 20 | } incident_helper_exec:file { |
| 21 | execute |
| 22 | execute_no_trans |
| 23 | }; |