| ##################################### |
| # qmux_socket(clientdomain) |
| # Allow client domain to connecto and send |
| # via a local socket to the qmux domain. |
| # Also allow the client domain to remove |
| # its own socket. |
| define(`qmux_socket', ` |
| allow $1 qmuxd_socket:dir create_dir_perms; |
| unix_socket_connect($1, qmuxd, qmuxd) |
| allow $1 qmuxd_socket:sock_file { read getattr write setattr create unlink }; |
| ') |
| |
| ##################################### |
| # netmgr_socket(clientdomain) |
| # Allow client domain to connecto and send |
| # via a local socket to the netmgrd domain. |
| # Also allow the client domain to remove |
| # its own socket. |
| define(`netmgr_socket', ` |
| allow $1 netmgrd_socket:dir r_dir_perms; |
| unix_socket_connect($1, netmgrd, netmgrd) |
| allow $1 netmgrd_socket:sock_file { read getattr write }; |
| ') |
| |
| ######################################## |
| # peripheral_manager |
| # Allow clients to interact with peripheral |
| # manager |
| define(`use_per_mgr', ` |
| binder_call(per_mgr, $1); |
| binder_call($1, per_mgr); |
| allow $1 per_mgr_service:service_manager find; |
| ') |
| |
| ##################################### |
| # cnd_nims_socket_perm(clientdomain) |
| # allow cnd to read /proc/pid/cmdline to get appname |
| # allow cnd to use inet socket created by app. |
| define(`cnd_nims_socket_perm', ` |
| allow cnd $1:dir r_dir_perms; |
| allow cnd $1:file r_file_perms; |
| allow cnd $1:fd use; |
| allow cnd $1:tcp_socket rw_socket_perms; |
| ') |
| |
| ##################################### |
| # dpmd_socket_perm(clientdomain) |
| # allow dpmd to read /proc/pid/cmdline to get appname |
| # allow dpmd to use inet socket created by app. |
| define(`dpmd_socket_perm', ` |
| allow dpmd $1:dir r_dir_perms; |
| allow dpmd $1:file r_file_perms; |
| allow dpmd $1:fd use; |
| allow dpmd $1:tcp_socket rw_socket_perms; |
| ') |