Blame - common/ipacm.te - platform_device_qcom_sepolicy-legacy

blob: 7e9bb2b8f0207ebe75ca553d22b1c3bc0911d32f [file] [log] [blame]

Avijit Kanti Das	2b495d0	2014-10-20 17:43:13 -0700	[diff] [blame]	1	# General definitions
Biswajit Paul	6786a92	2017-03-16 11:53:53 -0700	[diff] [blame]	2	type ipacm, domain;
				3	type ipacm-diag, domain;
Ravi Kumar Siddojigari	c7def12	2017-06-13 00:49:19 +0530	[diff] [blame]	4	type ipacm_exec, exec_type, vendor_file_type, file_type;
				5	type ipacm-diag_exec, exec_type, vendor_file_type, file_type;
Avijit Kanti Das	2b495d0	2014-10-20 17:43:13 -0700	[diff] [blame]	6	init_daemon_domain(ipacm)
				7	init_daemon_domain(ipacm-diag)
				8
Skylar Chang	cc21afc	2015-03-09 12:58:40 -0700	[diff] [blame]	9	# associate netdomain to use for accessing internet sockets
				10	net_domain(ipacm)
Tyler Wear	a56100f	2017-10-05 14:54:03 -0700	[diff] [blame]	11	# ipacm to become hal_tetheroffload_server
				12	hal_server_domain(ipacm, hal_tetheroffload)
Skylar Chang	cc21afc	2015-03-09 12:58:40 -0700	[diff] [blame]	13
Avijit Kanti Das	441bad4	2015-05-12 14:07:41 -0700	[diff] [blame]	14	userdebug_or_eng(`
				15	# Allow using the logging file between ipacm and ipacm-diag
				16	unix_socket_send(ipacm, ipacm, ipacm-diag)
Biswajit Paul	277acbb	2016-07-20 12:02:14 -0700	[diff] [blame]	17	diag_use(ipacm-diag)
Avijit Kanti Das	441bad4	2015-05-12 14:07:41 -0700	[diff] [blame]	18	')
Avijit Kanti Das	2b495d0	2014-10-20 17:43:13 -0700	[diff] [blame]	19
Avijit Kanti Das	2b495d0	2014-10-20 17:43:13 -0700	[diff] [blame]	20	# Allow operations with /dev/ipa, /dev/wwan_ioctl and /dev/ipaNatTable
				21	allow ipacm ipa_dev:chr_file rw_file_perms;
				22
Avijit Kanti Das	2b495d0	2014-10-20 17:43:13 -0700	[diff] [blame]	23	# Allow receiving NETLINK messages
Avijit Kanti Das	441bad4	2015-05-12 14:07:41 -0700	[diff] [blame]	24	allow ipacm ipacm:{
				25	netlink_route_socket
				26	netlink_socket
				27	# Allow querying the network stack via IOCTLs
				28	udp_socket
Biswajit Paul	c6024d2	2016-07-06 17:35:41 -0700	[diff] [blame]	29	netlink_generic_socket
Biswajit Paul	2d35d98	2017-02-01 17:40:10 -0800	[diff] [blame]	30	} create_socket_perms_no_ioctl;
Avijit Kanti Das	2b495d0	2014-10-20 17:43:13 -0700	[diff] [blame]	31
				32	# Allow creating and modifying the PID file
Tyler Wear	a56100f	2017-10-05 14:54:03 -0700	[diff] [blame]	33	allow ipacm ipa_vendor_data_file:dir w_dir_perms;
				34	allow ipacm ipa_vendor_data_file:file create_file_perms;
Skylar Chang	fa220b8	2017-05-23 17:17:02 -0700	[diff] [blame]	35
Skylar Chang	811d601	2017-10-04 17:17:47 -0700	[diff] [blame]	36	# Allow receiving netlink_netfilter_socket messages
				37	allow ipacm ipacm:netlink_netfilter_socket create_socket_perms_no_ioctl;
				38
Skylar Chang	fa220b8	2017-05-23 17:17:02 -0700	[diff] [blame]	39	# To register ipacm to hwbinder
Tyler Wear	a56100f	2017-10-05 14:54:03 -0700	[diff] [blame]	40	add_hwservice(ipacm, hal_tetheroffload_hwservice)
Skylar Chang	fa220b8	2017-05-23 17:17:02 -0700	[diff] [blame]	41	hwbinder_use(ipacm)
				42	get_prop(ipacm, hwservicemanager_prop)
				43	binder_call(ipacm, system_server)