prebuilts/api/202404/public/vendor_toolbox.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # Toolbox installation for vendor binaries / scripts
 # Non-vendor processes are not allowed to execute the binary
 # and is always executed without transition.
 type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;

 # Do not allow domains to transition to vendor toolbox
 # or read, execute the vendor_toolbox file.
 full_treble_only(`
     # Do not allow non-vendor domains to transition
     # to vendor toolbox except for the allowlisted domains.
     neverallow {
         coredomain
         -init
         -modprobe
     } vendor_toolbox_exec:file { entrypoint execute execute_no_trans };
 ')
	# Toolbox installation for vendor binaries / scripts
	# Non-vendor processes are not allowed to execute the binary
	# and is always executed without transition.
	type vendor_toolbox_exec, exec_type, vendor_file_type, file_type;

	# Do not allow domains to transition to vendor toolbox
	# or read, execute the vendor_toolbox file.
	full_treble_only(`
	# Do not allow non-vendor domains to transition
	# to vendor toolbox except for the allowlisted domains.
	neverallow {
	coredomain
	-init
	-modprobe
	} vendor_toolbox_exec:file { entrypoint execute execute_no_trans };
	')