summaryrefslogtreecommitdiff
path: root/prebuilts/api/32.0/private/incident_helper.te
diff options
context:
space:
mode:
Diffstat (limited to 'prebuilts/api/32.0/private/incident_helper.te')
-rw-r--r--prebuilts/api/32.0/private/incident_helper.te14
1 files changed, 14 insertions, 0 deletions
diff --git a/prebuilts/api/32.0/private/incident_helper.te b/prebuilts/api/32.0/private/incident_helper.te
new file mode 100644
index 000000000..b45385568
--- /dev/null
+++ b/prebuilts/api/32.0/private/incident_helper.te
@@ -0,0 +1,14 @@
+typeattribute incident_helper coredomain;
+
+type incident_helper_exec, system_file_type, exec_type, file_type;
+
+# switch to incident_helper domain for incident_helper command
+domain_auto_trans(incidentd, incident_helper_exec, incident_helper)
+
+# use pipe to transmit data from/to incidentd/incident_helper for parsing
+allow incident_helper { shell incident incidentd dumpstate }:fd use;
+allow incident_helper { shell incident incidentd dumpstate }:fifo_file { getattr read write };
+allow incident_helper incidentd:unix_stream_socket { read write };
+
+# only allow incidentd and shell to call incident_helper
+neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 06:08:48 +0000