1 # Network utilities (radio process) 2 type netmgrd, domain; 3 type netmgrd_exec, exec_type, file_type; 4 5 # Uses network sockets. 6 net_domain(netmgrd) 7 8 # Talk to qmuxd (qmux_radio) 9 qmux_socket(netmgrd) 10 11 # Runs commands via sh. 12 allow netmgrd shell_exec:file rx_file_perms; 13 14 # Starts as (root,radio) changes to (radio,radio) 15 allow netmgrd self:capability { setuid setgid net_admin net_raw }; 16 17 # Started by init 18 init_daemon_domain(netmgrd) 19 20 allow netmgrd shared_log_device:chr_file rw_file_perms; 21 22 # Access to /proc/sys/net/* 23 allow netmgrd proc_net:file write; 24 25 # Runs /system/bin/toolbox 26 allow netmgrd system_file:file rx_file_perms; 27 28 allow netmgrd self:netlink_socket create_socket_perms; 29 allow netmgrd self:netlink_route_socket nlmsg_write; 30 allow netmgrd self:netlink_xfrm_socket create_socket_perms; 31 32 # b/17065650 33 allow netmgrd self:socket {create ioctl read}; 34 35 # CONFIG_MODULES not set in shamu_defconfig 36 dontaudit netmgrd self:capability sys_module; 37 38 # Set net_radio properties 39 unix_socket_connect(netmgrd, property, init) 40 allow netmgrd net_radio_prop:property_service set; 41 42 # Permission to run netd commands 43 allow netmgrd netd_socket:sock_file write; 44 45 #Allow access to files associated with netd 46 allow netmgrd net_data_file:dir r_dir_perms; 47 48
