1# Do not allow domains to transition to vendor toolbox
2# or read, execute the vendor_toolbox file.
3full_treble_only(`
4    # Do not allow non-vendor domains to transition
5    # to vendor toolbox except for the allowlisted domains.
6    neverallow {
7        coredomain
8        -init
9        -modprobe
10    } vendor_toolbox_exec:file { entrypoint execute execute_no_trans };
11')
12