android_device_xiaomi_sdm66.../sepolicy/vendor/vendor_tinyalse.te
Michael Bestas 4f0e9000c9
sdm660-common: Build vendor variant of tinymix
* Avoid SELinux neverallows, vendor services should use vendor tools

Change-Id: I2a97658db9a31dd0403f1b62386db2987bd9749c
2019-12-01 10:27:53 +01:00

16 lines
605 B
Text

# Tinyalsa installation for vendor binaries / scripts
# Non-vendor processes are not allowed to execute the binary
# and is always executed without transition.
type vendor_tinyalsa_exec, exec_type, vendor_file_type, file_type;
# Do not allow domains to transition to vendor tinyalsa
# or read, execute the vendor_tinyalsa file.
full_treble_only(`
# Do not allow non-vendor domains to transition
# to vendor tinyalsa except for the whitelisted domains.
neverallow {
coredomain
-init
-modprobe
} vendor_tinyalsa_exec:file { entrypoint execute execute_no_trans };
')