1 type vendor_toolbox, domain;
3 init_daemon_domain(vendor_toolbox)
5 # For the use of /vendor/bin/toybox_vendor from vendor init.rc fragments
6 domain_trans(init, vendor_toolbox_exec, vendor_toolbox)
8 # Allow vendor_toolbox to use these capabilities
9 #allow vendor_toolbox self:capability { sys_admin };
11 # Allow vendor_toolbox to execute /vendor/bin/toybox_vendor
12 allow vendor_toolbox vendor_toolbox_exec:file execute_no_trans;
14 # Allow vendor_toolbox to read directories in rootfs
15 allow vendor_toolbox rootfs:dir r_dir_perms;
17 # Allow vendor_toolbox to remove "security.*" xattrs from /efs
18 allow vendor_toolbox {
27 }:dir { r_dir_perms setattr };
29 allow vendor_toolbox {
31 baro_delta_factoryapp_efs_file
37 factorymode_factoryapp_efs_file
40 radio_factoryapp_efs_file
41 sensor_factoryapp_efs_file
44 }:file { r_file_perms setattr };