1*e4a36f41SAndroid Build Coastguard Worker# Do not allow domains to transition to vendor toolbox 2*e4a36f41SAndroid Build Coastguard Worker# or read, execute the vendor_toolbox file. 3*e4a36f41SAndroid Build Coastguard Workerfull_treble_only(` 4*e4a36f41SAndroid Build Coastguard Worker # Do not allow non-vendor domains to transition 5*e4a36f41SAndroid Build Coastguard Worker # to vendor toolbox except for the allowlisted domains. 6*e4a36f41SAndroid Build Coastguard Worker neverallow { 7*e4a36f41SAndroid Build Coastguard Worker coredomain 8*e4a36f41SAndroid Build Coastguard Worker -init 9*e4a36f41SAndroid Build Coastguard Worker -modprobe 10*e4a36f41SAndroid Build Coastguard Worker } vendor_toolbox_exec:file { entrypoint execute execute_no_trans }; 11*e4a36f41SAndroid Build Coastguard Worker') 12