1 # Policy for /system/bin/cnss-daemon 2 type cnss-daemon, domain; 3 type cnss-daemon_exec, exec_type, file_type; 4 5 # STOPSHIP b/28340421 6 # Temporarily grant this permission and log its use. 7 allow cnss-daemon self:capability net_admin; 8 auditallow cnss-daemon self:capability net_admin; 9 10 init_daemon_domain(cnss-daemon) 11 12 allow cnss-daemon self:capability { setgid setuid }; 13 14 # whitelist socket ioctl commands 15 allow cnss-daemon self:netlink_socket create_socket_perms; 16 allow cnss-daemon self:socket create_socket_perms; 17 allowxperm cnss-daemon self:socket ioctl msm_sock_ipc_ioctls; 18 19 allow cnss-daemon proc_net:file rw_file_perms; 20 allow cnss-daemon sysfs_wifi:file write; 21 allow cnss-daemon sysfs_pcie:file write; 22 allow cnss-daemon sysfs_msm_core:file write; 23 r_dir_file(cnss-daemon, sysfs_type) 24 25 # access to /dev/diag on debug builds 26 userdebug_or_eng(` 27 allow cnss-daemon diag_device:chr_file rw_file_perms; 28 ') 29
