1 ### 2 ### Domain with network access 3 ### 4 5 # Use network sockets. 6 allow netdomain self:tcp_socket create_stream_socket_perms; 7 allow netdomain self:{ udp_socket rawip_socket } create_socket_perms; 8 # Connect to ports. 9 allow netdomain port_type:tcp_socket name_connect; 10 # Bind to ports. 11 allow {netdomain -ephemeral_app} node_type:{ tcp_socket udp_socket } node_bind; 12 allow {netdomain -ephemeral_app} port_type:udp_socket name_bind; 13 allow {netdomain -ephemeral_app} port_type:tcp_socket name_bind; 14 # See changes to the routing table. 15 allow netdomain self:netlink_route_socket { create read getattr write setattr lock append bind connect getopt setopt shutdown nlmsg_read }; 16 17 # Talks to netd via dnsproxyd socket. 18 unix_socket_connect(netdomain, dnsproxyd, netd) 19 20 # Talks to netd via fwmarkd socket. 21 unix_socket_connect(netdomain, fwmarkd, netd) 22 23 # Connect to mdnsd via mdnsd socket. 24 unix_socket_connect(netdomain, mdnsd, mdnsd) 25
