| Inseob Kim | 75806ef | 2024-03-27 17:18:41 +0900 | [diff] [blame] | 1 | # Do not allow domains to transition to vendor toolbox |
| 2 | # or read, execute the vendor_toolbox file. |
| 3 | full_treble_only(` |
| 4 | # Do not allow non-vendor domains to transition |
| 5 | # to vendor toolbox except for the allowlisted domains. |
| 6 | neverallow { |
| 7 | coredomain |
| 8 | -init |
| 9 | -modprobe |
| Paul Lawrence | 840b607 | 2025-01-28 07:41:05 -0800 | [diff] [blame^] | 10 | userdebug_or_eng(`-overlay_remounter') |
| Inseob Kim | 75806ef | 2024-03-27 17:18:41 +0900 | [diff] [blame] | 11 | } vendor_toolbox_exec:file { entrypoint execute execute_no_trans }; |
| 12 | ') |