Inseob Kim | 75806ef | 2024-03-27 17:18:41 +0900 | [diff] [blame] | 1 | # Do not allow domains to transition to vendor toolbox |
2 | # or read, execute the vendor_toolbox file. | ||||
3 | full_treble_only(` | ||||
4 | # Do not allow non-vendor domains to transition | ||||
5 | # to vendor toolbox except for the allowlisted domains. | ||||
6 | neverallow { | ||||
7 | coredomain | ||||
8 | -init | ||||
9 | -modprobe | ||||
10 | } vendor_toolbox_exec:file { entrypoint execute execute_no_trans }; | ||||
11 | ') |