| Yi Jin | bc24ba7 | 2018-01-22 14:00:46 -0800 | [diff] [blame] | 1 | typeattribute incident_helper coredomain; |
| 2 | |
| Nick Kralevich | 5e37271 | 2018-09-27 10:21:37 -0700 | [diff] [blame] | 3 | type incident_helper_exec, system_file_type, exec_type, file_type; |
| Yi Jin | bc24ba7 | 2018-01-22 14:00:46 -0800 | [diff] [blame] | 4 | |
| 5 | # switch to incident_helper domain for incident_helper command |
| 6 | domain_auto_trans(incidentd, incident_helper_exec, incident_helper) |
| 7 | |
| 8 | # use pipe to transmit data from/to incidentd/incident_helper for parsing |
| Mike Ma | de3a3e4 | 2018-12-03 10:35:40 -0800 | [diff] [blame] | 9 | allow incident_helper { shell incident incidentd dumpstate }:fd use; |
| 10 | allow incident_helper { shell incident incidentd dumpstate }:fifo_file { getattr read write }; |
| Yi Jin | 76238cd | 2018-03-30 10:14:08 -0700 | [diff] [blame] | 11 | allow incident_helper incidentd:unix_stream_socket { read write }; |
| Yi Jin | bc24ba7 | 2018-01-22 14:00:46 -0800 | [diff] [blame] | 12 | |
| 13 | # only allow incidentd and shell to call incident_helper |
| Paul Lawrence | 874e974 | 2025-01-27 13:29:30 -0800 | [diff] [blame] | 14 | neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans }; |