private/incident_helper.te - LeafOS-Project/android_system_sepolicy - Gitiles

 typeattribute incident_helper coredomain;

 type incident_helper_exec, system_file_type, exec_type, file_type;

 # switch to incident_helper domain for incident_helper command
 domain_auto_trans(incidentd, incident_helper_exec, incident_helper)

 # use pipe to transmit data from/to incidentd/incident_helper for parsing
 allow incident_helper { shell incident incidentd dumpstate }:fd use;
 allow incident_helper { shell incident incidentd dumpstate }:fifo_file { getattr read write };
 allow incident_helper incidentd:unix_stream_socket { read write };

 # only allow incidentd and shell to call incident_helper
 neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };
	typeattribute incident_helper coredomain;

	type incident_helper_exec, system_file_type, exec_type, file_type;

	# switch to incident_helper domain for incident_helper command
	domain_auto_trans(incidentd, incident_helper_exec, incident_helper)

	# use pipe to transmit data from/to incidentd/incident_helper for parsing
	allow incident_helper { shell incident incidentd dumpstate }:fd use;
	allow incident_helper { shell incident incidentd dumpstate }:fifo_file { getattr read write };
	allow incident_helper incidentd:unix_stream_socket { read write };

	# only allow incidentd and shell to call incident_helper
	neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };