1 # Connectivity Engine Observer Interface daemon (cnd) 2 type cnd, domain, domain_deprecated; 3 type cnd_exec, exec_type, file_type; 4 5 init_daemon_domain(cnd) 6 7 file_type_auto_trans(cnd, socket_device, cnd_socket); 8 9 # Talk to qmuxd (qmux_radio) 10 qmux_socket(cnd) 11 12 # cnd is started as root uid/gid and transitions to system 13 allow cnd self:capability { setuid setgid net_raw }; 14 15 # Note: fsetid is deliberately not included above. fsetid checks are 16 # triggered by chmod on a directory or file owned by a group other 17 # than one of the groups assigned to the current process to see if 18 # the setgid bit should be cleared, regardless of whether the setgid 19 # bit was even set. We do not appear to truly need this capability 20 # for cnd to operate. 21 dontaudit cnd self:capability fsetid; 22 23 allow cnd self:socket create_socket_perms; 24 25 # create upd_socket to gather network info via ioctls (e.g. MTU size) 26 allow cnd self:udp_socket { create ioctl }; 27 28 userdebug_or_eng(` 29 allow cnd smem_log_device:chr_file rw_file_perms; 30 ') 31 32 wakelock_use(cnd) 33
