1 # Policy for /system/bin/cnss-daemon 2 type cnss-daemon, domain; 3 type cnss-daemon_exec, exec_type, file_type; 4 5 # STOPSHIP b/28340421 6 # Temporarily grant this permission and log its use. 7 allow cnss-daemon self:capability { 8 net_admin 9 net_bind_service 10 }; 11 auditallow cnss-daemon self:capability net_admin; 12 13 init_daemon_domain(cnss-daemon) 14 15 allow cnss-daemon self:capability { setgid setuid }; 16 17 # whitelist socket ioctl commands 18 allow cnss-daemon self:netlink_socket create_socket_perms; 19 allow cnss-daemon self:socket create_socket_perms; 20 allowxperm cnss-daemon self:socket ioctl msm_sock_ipc_ioctls; 21 22 allow cnss-daemon proc_net:file rw_file_perms; 23 allow cnss-daemon sysfs_wifi:file write; 24 allow cnss-daemon sysfs_pcie:file write; 25 allow cnss-daemon sysfs_msm_core:file write; 26 r_dir_file(cnss-daemon, sysfs_type) 27 28 # access to /dev/diag on debug builds 29 userdebug_or_eng(` 30 allow cnss-daemon diag_device:chr_file rw_file_perms; 31 ') 32
