Home | History | Annotate | Download | only in common 
      1 type netmgrd, domain;
      2 type netmgrd_exec, exec_type, vendor_file_type, file_type;
      3 
      4 net_domain(netmgrd)
      5 init_daemon_domain(netmgrd)
      6 
      7 set_prop(netmgrd, vendor_net_radio_prop)
      8 
      9 allow netmgrd netmgrd_socket:dir w_dir_perms;
     10 allow netmgrd netmgrd_socket:sock_file create_file_perms;
     11 allow netmgrd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write };
     12 allow netmgrd self:netlink_generic_socket create_socket_perms_no_ioctl;
     13 allow netmgrd self:netlink_route_socket nlmsg_write;
     14 allow netmgrd self:netlink_socket create_socket_perms_no_ioctl;
     15 allow netmgrd self:socket create_socket_perms;
     16 allowxperm netmgrd self:socket ioctl msm_sock_ipc_ioctls;
     17 allowxperm netmgrd self:udp_socket ioctl priv_sock_ioctls;
     18 
     19 allow netmgrd sysfs_net:dir r_dir_perms;
     20 allow netmgrd sysfs_net:file rw_file_perms;
     21 allow netmgrd sysfs_soc:dir search;
     22 allow netmgrd sysfs_soc:file r_file_perms;
     23 allow netmgrd sysfs_msm_subsys:dir r_dir_perms;
     24 allow netmgrd sysfs_msm_subsys:file r_file_perms;
     25 
     26 userdebug_or_eng(`
     27   allow netmgrd diag_device:chr_file rw_file_perms;
     28 ')
     29 
     30 r_dir_file(netmgrd, sysfs_msm_subsys)
     31 
     32 wakelock_use(netmgrd)
     33 
     34 #Allow netutils usage
     35 domain_auto_trans(netmgrd, netutils_wrapper_exec, netutils_wrapper)
     36 allow netmgrd netutils_wrapper:process sigkill;
     37 
     38 #Allow diag logging
     39 allow netmgrd sysfs_timestamp_switch:file { read open };
     40 userdebug_or_eng(`
     41   r_dir_file(netmgrd, sysfs_diag)
     42 ')
     43 
     44 #Ignore if device loading for private IOCTL failed
     45 dontaudit netmgrd kernel:system { module_request };
     46 
     47 allow netmgrd proc_net:file rw_file_perms;
     48 allow netmgrd netmgr_data_file:dir rw_dir_perms;
     49 allow netmgrd netmgr_data_file:file create_file_perms;
     50 allow netmgrd netmgr_recovery_data_file:file create_file_perms;
     51 allow netmgrd netmgr_recovery_data_file:dir rw_dir_perms;
     52 
     53 allow netmgrd self:capability { net_admin net_raw setgid setpcap setuid };
     54 
     55 allow netmgrd vendor_toolbox_exec:file rx_file_perms;
     56 
     57 # Allow netmgrd to use netd HAL
     58 allow netmgrd system_net_netd_hwservice:hwservice_manager find;
     59 get_prop(netmgrd, hwservicemanager_prop)
     60 binder_call(netmgrd, netd)
     61 hwbinder_use(netmgrd)
     62 
     63 dontaudit netmgrd kernel:system module_request;
     64 dontaudit netmgrd self:system module_request;
     65 dontaudit netmgrd self:capability sys_module;
     66