| Yi Jin | bc24ba7 | 2018-01-22 14:00:46 -0800 | [diff] [blame^] | 1 | typeattribute incident_helper coredomain; |
| 2 | |
| 3 | type incident_helper_exec, exec_type, file_type; |
| 4 | |
| 5 | # switch to incident_helper domain for incident_helper command |
| 6 | domain_auto_trans(incidentd, incident_helper_exec, incident_helper) |
| 7 | |
| 8 | # use pipe to transmit data from/to incidentd/incident_helper for parsing |
| 9 | allow incident_helper { shell incident incidentd }:fd use; |
| 10 | allow incident_helper { shell incident incidentd }:fifo_file { getattr read write }; |
| 11 | |
| 12 | # only allow incidentd and shell to call incident_helper |
| 13 | neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans }; |