Home | History | Annotate | Download | only in sepolicy
      1 # network manager
      2 type netd, domain;
      3 type netd_exec, exec_type, file_type;
      4 
      5 init_daemon_domain(netd)
      6 typeattribute netd mlstrustedsubject;
      7 allow netd self:capability { net_admin net_raw sys_module };
      8 allow netd self:netlink_kobject_uevent_socket *;
      9 allow netd self:netlink_route_socket *;
     10 allow netd self:netlink_nflog_socket *;
     11 allow netd self:rawip_socket *;
     12 allow netd self:udp_socket *;
     13 allow netd node:udp_socket node_bind;
     14 allow netd port:udp_socket name_bind;
     15 allow netd self:unix_stream_socket *;
     16 allow netd shell_exec:file rx_file_perms;
     17 allow netd system_file:file x_file_perms;
     18 allow netd devpts:chr_file rw_file_perms;
     19 
     20 # For /proc/sys/net/ipv[46]/route/flush.
     21 # XXX Split /proc/sys/net into its own type.
     22 allow netd proc:file write;
     23 
     24 # For /sys/modules/bcmdhd/parameters/firmware_path
     25 # XXX Split into its own type.
     26 allow netd sysfs:file write;
     27 
     28 # Network driver loading.
     29 allow netd kernel:system module_request;
     30 
     31