shamu/sepolicy/netmgrd.te

# Network utilities (radio process)
type netmgrd, domain, domain_deprecated;
type netmgrd_exec, exec_type, file_type;

# Uses network sockets.
net_domain(netmgrd)

# Talk to qmuxd (qmux_radio)
qmux_socket(netmgrd)

# Runs commands via sh.
allow netmgrd shell_exec:file rx_file_perms;

# Starts as (root,radio) changes to (radio,radio)
allow netmgrd self:capability { setuid setgid net_admin net_raw };

# Started by init
init_daemon_domain(netmgrd)

allow netmgrd shared_log_device:chr_file rw_file_perms;

# Access to /proc/sys/net/*
allow netmgrd proc_net:file rw_file_perms;
allow netmgrd proc_net:dir r_dir_perms;

# Runs /system/bin/toolbox
allow netmgrd toolbox_exec:file rx_file_perms;
# Run other system commands.
allow netmgrd system_file:file rx_file_perms;

#Allow operations on different types of sockets
allow netmgrd self:netlink_socket create_socket_perms;
allow netmgrd self:rawip_socket create_socket_perms;
allow netmgrd self:netlink_route_socket nlmsg_write;
allow netmgrd self:netlink_xfrm_socket { create_socket_perms nlmsg_write nlmsg_read };

# b/17065650
allow netmgrd self:socket create_socket_perms;

#Allow communication with cnd
unix_socket_connect(netmgrd, cnd, cnd)

# CONFIG_MODULES not set in shamu_defconfig
dontaudit netmgrd self:capability sys_module;

# Set net_radio properties
set_prop(netmgrd, net_radio_prop)

#Set netmgrd properties
allow netmgrd qcom_netmgrd_prop:property_service set;

# Permission to run netd commands
allow netmgrd netd_socket:sock_file write;

#Allow access to files associated with netd
allow netmgrd net_data_file:file r_file_perms;
allow netmgrd net_data_file:dir r_dir_perms;