Lines Matching refs:racoon
7402 #line 1 "external/sepolicy/racoon.te"
7404 type racoon, domain;
7407 typeattribute racoon mlstrustedsubject;
7409 typeattribute racoon unconfineddomain;
7426 allow init racoon:process transition;
7430 allow racoon racoon_exec:file { entrypoint read execute };
7434 allow racoon init:process sigchld;
7438 dontaudit init racoon:process noatsecure;
7442 allow init racoon:process { siginh rlimitinh };
7448 type_transition init racoon_exec:process racoon;
7456 type_transition racoon tmpfs:file racoon_tmpfs;
7458 allow racoon racoon_tmpfs:file { read write };
7463 typeattribute racoon mlstrustedsubject;
7469 allow racoon servicemanager:binder { call transfer };
7473 allow servicemanager racoon:binder transfer;
7477 allow racoon servicemanager:fd use;
7484 allow racoon keystore:binder { call transfer };
7488 allow keystore racoon:binder transfer;
7492 allow racoon keystore:fd use;
7496 allow racoon tun_device:chr_file { getattr open read ioctl lock };
7497 allow racoon cgroup:dir { add_name create };
7498 allow racoon kernel:system module_request;
7499 allow racoon port:udp_socket name_bind;
7500 allow racoon node:udp_socket node_bind;
7502 allow racoon self:{ key_socket udp_socket } { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
7503 allow racoon self:tun_socket create;
7504 allow racoon self:capability { net_admin net_bind_service net_raw setuid };
7506 # XXX: should we give ip-up-vpn its own label (currently racoon domain)
7507 allow racoon system_file:file { { getattr open read ioctl lock } { getattr execute execute_no_trans } };
7508 allow racoon vpn_data_file:file { create setattr { { getattr open read ioctl lock } { open append write } } { getattr link unlink rename } };
7509 allow racoon vpn_data_file:dir { open search write add_name remove_name };
8651 allow system_server racoon:unix_stream_socket connectto;
