1 # Policy for /system/bin/cnss-daemon 2 type cnss-daemon, domain; 3 type cnss-daemon_exec, exec_type, vendor_file_type, file_type; 4 5 allow cnss-daemon self:capability { 6 net_bind_service 7 }; 8 9 init_daemon_domain(cnss-daemon) 10 11 allow cnss-daemon self:capability { setgid setuid }; 12 13 # whitelist socket ioctl commands 14 allow cnss-daemon self:netlink_socket create_socket_perms_no_ioctl; 15 allow cnss-daemon self:socket create_socket_perms; 16 allowxperm cnss-daemon self:socket ioctl msm_sock_ipc_ioctls; 17 18 allow cnss-daemon proc_net:file rw_file_perms; 19 allow cnss-daemon sysfs:dir r_dir_perms; 20 allow cnss-daemon sysfs_net:dir search; 21 allow cnss-daemon sysfs_net:file rw_file_perms; 22 allow cnss-daemon sysfs_pcie:dir search; 23 allow cnss-daemon sysfs_pcie:file w_file_perms; 24 allow cnss-daemon sysfs_soc:dir search; 25 allow cnss-daemon sysfs_soc:file r_file_perms; 26 r_dir_file(cnss-daemon, sysfs_msm_subsys) 27 28 # access to /dev/diag on debug builds 29 userdebug_or_eng(` 30 allow cnss-daemon diag_device:chr_file rw_file_perms; 31 ') 32
