1typeattribute incident_helper coredomain; 2 3type incident_helper_exec, system_file_type, exec_type, file_type; 4 5# switch to incident_helper domain for incident_helper command 6domain_auto_trans(incidentd, incident_helper_exec, incident_helper) 7 8# use pipe to transmit data from/to incidentd/incident_helper for parsing 9allow incident_helper { shell incident incidentd dumpstate }:fd use; 10allow incident_helper { shell incident incidentd dumpstate }:fifo_file { getattr read write }; 11allow incident_helper incidentd:unix_stream_socket { read write }; 12 13# only allow incidentd and shell to call incident_helper 14neverallow { 15 domain 16 -incidentd 17 -incident_helper 18 -shell 19 userdebug_or_eng(`-overlay_remounter') 20} incident_helper_exec:file { 21 execute 22 execute_no_trans 23}; 24