1 # Network utilities (radio process) 2 type netmgrd, domain, domain_deprecated; 3 type netmgrd_exec, exec_type, file_type; 4 5 # Uses network sockets. 6 net_domain(netmgrd) 7 8 # Talk to qmuxd (qmux_radio) 9 qmux_socket(netmgrd) 10 11 # Runs commands via sh. 12 allow netmgrd shell_exec:file rx_file_perms; 13 14 # Starts as (root,radio) changes to (radio,radio) 15 allow netmgrd self:capability { setuid setgid net_admin net_raw setpcap }; 16 17 # Started by init 18 init_daemon_domain(netmgrd) 19 20 allow netmgrd smem_log_device:chr_file rw_file_perms; 21 22 # Access to /proc/sys/net/* 23 allow netmgrd proc_net:file rw_file_perms; 24 allow netmgrd proc_net:dir r_dir_perms; 25 26 # Runs /system/bin/toolbox 27 allow netmgrd system_file:file rx_file_perms; 28 29 allow netmgrd self:netlink_socket create_socket_perms; 30 allow netmgrd self:netlink_route_socket nlmsg_write; 31 allow netmgrd self:netlink_xfrm_socket { create_socket_perms nlmsg_write nlmsg_read }; 32 33 # b/17065650 34 allow netmgrd self:socket {create ioctl read write}; 35 36 # CONFIG_MODULES not set in shamu_defconfig 37 dontaudit netmgrd self:capability sys_module; 38 39 # Set net_radio properties 40 set_prop(netmgrd, net_radio_prop) 41 42 # Permission to run netd commands 43 allow netmgrd netd_socket:sock_file write; 44 45 #Allow access to files associated with netd 46 allow netmgrd net_data_file:file r_file_perms; 47 allow netmgrd net_data_file:dir r_dir_perms; 48 49 allow netmgrd shell_exec:file { execute r_file_perms execute_no_trans }; 50 51 r_dir_file(netmgrd, sysfs_ssr); 52 53 allow netmgrd sysfs:file write; 54 allow netmgrd sysfs_usb:file write; 55 56 allow netmgrd kernel:system module_request; 57 58 # talk to cnd 59 unix_socket_connect(netmgrd, cnd, cnd) 60 61 # execute toybox/toolbox 62 allow netmgrd toolbox_exec:file rx_file_perms; 63 64 #Allow netmgrd to use wakelock 65 wakelock_use(netmgrd) 66
