blob: eb292cafb3645847e5f04afe78f198c9eb019e11 [file] [log] [blame]
# Toolbox installation for vendor binaries / scripts
# Non-vendor processes are not allowed to execute the binary
# and is always executed without transition.
type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;
# Do not allow domains to transition to vendor toolbox
# or read, execute the vendor_toolbox file.
# Do not allow non-vendor domains to transition
# to vendor toolbox except for the whitelisted domains.
neverallow {
} vendor_toolbox_exec:file { entrypoint execute execute_no_trans };