1 # wificond 2 type wificond, domain; 3 type wificond_exec, exec_type, file_type; 4 5 binder_use(wificond) 6 binder_call(wificond, system_server) 7 8 add_service(wificond, wificond_service) 9 10 set_prop(wificond, wifi_prop) 11 set_prop(wificond, ctl_default_prop) 12 13 # create sockets to set interfaces up and down 14 allow wificond self:udp_socket create_socket_perms; 15 # setting interface state up/down is a privileged ioctl 16 allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS }; 17 allow wificond self:capability { net_admin net_raw }; 18 # allow wificond to speak to nl80211 in the kernel 19 allow wificond self:netlink_socket create_socket_perms_no_ioctl; 20 # newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets 21 allow wificond self:netlink_generic_socket create_socket_perms_no_ioctl; 22 23 r_dir_file(wificond, proc_net) 24 25 # wificond writes out configuration files for wpa_supplicant/hostapd. 26 # wificond also reads pid files out of this directory 27 allow wificond wifi_data_file:dir rw_dir_perms; 28 allow wificond wifi_data_file:file create_file_perms; 29 30 # allow wificond to check permission for dumping logs 31 allow wificond permission_service:service_manager find; 32 33 # dumpstate support 34 allow wificond dumpstate:fd use; 35 allow wificond dumpstate:fifo_file write; 36
