1f93d9bca5
Bug: 279809333
Test: build
Change-Id: If6ef4c3b02d06212923e757fb68aa74e38c68db3
(cherry picked from commit 39dd515546)
14 lines
719 B
Text
14 lines
719 B
Text
typeattribute incident_helper coredomain;
|
|
|
|
type incident_helper_exec, system_file_type, exec_type, file_type;
|
|
|
|
# switch to incident_helper domain for incident_helper command
|
|
domain_auto_trans(incidentd, incident_helper_exec, incident_helper)
|
|
|
|
# use pipe to transmit data from/to incidentd/incident_helper for parsing
|
|
allow incident_helper { shell incident incidentd dumpstate }:fd use;
|
|
allow incident_helper { shell incident incidentd dumpstate }:fifo_file { getattr read write };
|
|
allow incident_helper incidentd:unix_stream_socket { read write };
|
|
|
|
# only allow incidentd and shell to call incident_helper
|
|
neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };
|