1 # Wifi manager 2 type netmgr, domain; 3 type netmgr_exec, exec_type, vendor_file_type, file_type; 4 5 init_daemon_domain(netmgr) 6 net_domain(netmgr) 7 8 allow netmgr execns:fd use; 9 10 # Set ctrl.restart property to restart hostapd when config changes 11 set_prop(netmgr, ctl_default_prop); 12 # Modify hostapd config file 13 allow netmgr hostapd_data_file:file rw_file_perms; 14 allow netmgr hostapd_data_file:dir rw_dir_perms; 15 # Assign addresses to new interfaces as hostapd brings them up 16 allow netmgr self:capability { net_raw net_admin }; 17 allow netmgr self:socket { create ioctl }; 18 allow netmgr self:packet_socket { ioctl getopt }; 19 allow netmgr self:udp_socket { ioctl }; 20 allow netmgr proc_net:file { read getattr open }; 21 allowxperm netmgr self:socket ioctl { SIOCETHTOOL }; 22 allowxperm netmgr self:udp_socket ioctl { SIOCSIFADDR SIOCSIFNETMASK SIOCSIFBRDADDR }; 23 allowxperm netmgr self:packet_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR }; 24 25 # Allow netmgr to run iptables to block and unblock network traffic 26 # TODO(b/113124961): clean up this Treble violation. 27 typeattribute netmgr vendor_executes_system_violators; 28 allow netmgr system_file:file execute_no_trans; 29 allow netmgr system_file:file lock; 30 # Packet socket for wifi forwarding 31 allow netmgr self:packet_socket { bind create read setopt write }; 32
