android_device_xiaomi_sdm66.../sepolicy/vendor/vendor_tinyalse.te

# Tinyalsa installation for vendor binaries / scripts
# Non-vendor processes are not allowed to execute the binary
# and is always executed without transition.
type vendor_tinyalsa_exec, exec_type, vendor_file_type, file_type;

# Do not allow domains to transition to vendor tinyalsa
# or read, execute the vendor_tinyalsa file.
full_treble_only(`
    # Do not allow non-vendor domains to transition
    # to vendor tinyalsa except for the whitelisted domains.
    neverallow {
        coredomain
        -init
        -modprobe
    } vendor_tinyalsa_exec:file { entrypoint execute execute_no_trans };
')
sdm660-common: Build vendor variant of tinymix * Avoid SELinux neverallows, vendor services should use vendor tools Change-Id: I2a97658db9a31dd0403f1b62386db2987bd9749c 2019-10-08 14:35:22 -04:00			`# Tinyalsa installation for vendor binaries / scripts`
			`# Non-vendor processes are not allowed to execute the binary`
			`# and is always executed without transition.`
			`type vendor_tinyalsa_exec, exec_type, vendor_file_type, file_type;`

			`# Do not allow domains to transition to vendor tinyalsa`
			`# or read, execute the vendor_tinyalsa file.`
			full_treble_only(`
			`# Do not allow non-vendor domains to transition`
			`# to vendor tinyalsa except for the whitelisted domains.`
			`neverallow {`
			`coredomain`
			`-init`
			`-modprobe`
			`} vendor_tinyalsa_exec:file { entrypoint execute execute_no_trans };`
			`')`