| type tombstone_transmit, domain, coredomain; |
| type tombstone_transmit_exec, exec_type, system_file_type, file_type; |
| |
| init_daemon_domain(tombstone_transmit) |
| |
| # permission required to read the file & remove it from directory |
| allow tombstone_transmit tombstone_data_file:dir { r_dir_perms write remove_name }; |
| allow tombstone_transmit tombstone_data_file:file { r_file_perms unlink }; |
| |
| allow tombstone_transmit self:{ vsock_socket } create_socket_perms_no_ioctl; |
| |
| # allow tombstone_transmit to notify its initialization |
| set_prop(tombstone_transmit, tombstone_transmit_status_prop) |
| |
| # Only tombstone_transmit can set its status |
| neverallow { domain -init -tombstone_transmit } tombstone_transmit_status_prop:property_service set; |