1# Do not allow domains to transition to vendor toolbox 2# or read, execute the vendor_toolbox file. 3full_treble_only(` 4 # Do not allow non-vendor domains to transition 5 # to vendor toolbox except for the allowlisted domains. 6 neverallow { 7 coredomain 8 -init 9 -modprobe 10 } vendor_toolbox_exec:file { entrypoint execute execute_no_trans }; 11') 12