1 # Network utilities (radio process) 2 type netmgrd, domain; 3 type netmgrd_exec, exec_type, file_type; 4 5 # Uses network sockets. 6 net_domain(netmgrd) 7 8 # Talk to qmuxd (qmux_radio) 9 qmux_socket(netmgrd) 10 11 # Runs commands via sh. 12 allow netmgrd shell_exec:file rx_file_perms; 13 14 # Starts as (root,radio) changes to (radio,radio) 15 allow netmgrd self:capability { setuid setgid net_admin net_raw }; 16 17 # Started by init 18 init_daemon_domain(netmgrd) 19 20 allow netmgrd shared_log_device:chr_file rw_file_perms; 21 22 # Access to /proc/sys/net/* 23 allow netmgrd proc_net:file rw_file_perms; 24 allow netmgrd proc_net:dir r_dir_perms; 25 26 # Runs /system/bin/toolbox 27 allow netmgrd system_file:file rx_file_perms; 28 29 #Allow operations on different types of sockets 30 allow netmgrd self:netlink_socket create_socket_perms; 31 allow netmgrd self:rawip_socket create_socket_perms; 32 allow netmgrd self:netlink_route_socket nlmsg_write; 33 allow netmgrd self:netlink_xfrm_socket { create_socket_perms nlmsg_write nlmsg_read }; 34 35 # b/17065650 36 allow netmgrd self:socket create_socket_perms; 37 38 #Allow communication with cnd 39 unix_socket_connect(netmgrd, cnd, cnd) 40 41 # CONFIG_MODULES not set in shamu_defconfig 42 dontaudit netmgrd self:capability sys_module; 43 44 # Set net_radio properties 45 unix_socket_connect(netmgrd, property, init) 46 allow netmgrd net_radio_prop:property_service set; 47 48 #Set netmgrd properties 49 allow netmgrd qcom_netmgrd_prop:property_service set; 50 51 # Permission to run netd commands 52 allow netmgrd netd_socket:sock_file write; 53 54 #Allow access to files associated with netd 55 allow netmgrd net_data_file:file r_file_perms; 56 allow netmgrd net_data_file:dir r_dir_perms; 57
