1 type hostapd_nohidl, domain; 2 type hostapd_nohidl_exec, exec_type, vendor_file_type, file_type; 3 4 init_daemon_domain(hostapd_nohidl) 5 net_domain(hostapd_nohidl) 6 7 allow hostapd_nohidl execns:fd use; 8 9 allow hostapd_nohidl kernel:system module_request; 10 11 allow hostapd_nohidl hostapd_data_file:file r_file_perms; 12 allow hostapd_nohidl hostapd_data_file:dir r_dir_perms; 13 allow hostapd_nohidl self:capability { net_admin net_raw setgid setuid }; 14 allow hostapd_nohidl self:netlink_generic_socket { bind create getattr read setopt write }; 15 allow hostapd_nohidl self:netlink_route_socket nlmsg_write; 16 allow hostapd_nohidl self:packet_socket { create setopt read write }; 17 allowxperm hostapd_nohidl self:udp_socket ioctl priv_sock_ioctls; 18 19 # hostapd will attempt to search sysfs but it's not needed and will spam the log 20 dontaudit hostapd_nohidl sysfs_net:dir search; 21
