1 # For IP Multimedia Subsystem(IMS) functionality 2 type ims, domain, device_domain_deprecated; 3 type ims_exec, exec_type, file_type; 4 5 # Started by init 6 init_daemon_domain(ims) 7 8 allow ims self:capability { net_raw net_admin }; 9 10 # Allow ims to create and use socket to communicate between ims processes. 11 allow ims self:socket create_socket_perms; 12 allowxperm ims self:socket ioctl msm_sock_ipc_ioctls; 13 14 # Allow ims to tell init to start the ims data service via property=sys.ims.QMI_DAEMON_STATUS 15 set_prop(ims, qcom_ims_prop); 16 17 # Allow ims to write to ims_socket 18 allow ims ims_socket:sock_file write; 19 20 # talk to connectivity engine observer interface daemon (cnd) 21 unix_socket_connect(ims, cnd, cnd) 22 # talk to netd 23 unix_socket_connect(ims, netd, netd) 24 # talk to qmux 25 qmux_socket(ims) 26 # communicate with the network driver 27 allow ims self:udp_socket { create ioctl }; 28 allowxperm ims self:udp_socket ioctl SIOCDEVPRIVATE_D; 29 30 # Runs /system/bin/sh for executing ndc commands via popen 31 allow ims shell_exec:file rx_file_perms; 32 33 # Runs /system/bin/ndc 34 allow ims system_file:file rx_file_perms; 35 allow ims vendor_file_type:file rx_file_perms; 36 37 # address qualcomm proprietary binary denials 38 allow ims self:netlink_socket create_socket_perms_no_ioctl; 39 allow ims self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read }; 40
