Gitiles
Code Review Sign In
review.blissroms.org / platform_device_qcom_sepolicy / refs/heads/mm6.0 / . / common / netmgrd.te
blob: 92c69de09251a9a96340aaab65d8190d4784f54f [file] [log] [blame]
Avijit Kanti Das353e9292014-07-23 23:39:30 -0700[diff] [blame]1type netmgrd, domain;
2type netmgrd_exec, exec_type, file_type;
3net_domain(netmgrd)
4init_daemon_domain(netmgrd)
Subash Abhinov Kasiviswanathan1b307e72014-03-04 11:09:42 -0700[diff] [blame]5
6userdebug_or_eng(`
Shruthi Krishnaf1b38f72014-07-25 16:21:53 -0700[diff] [blame]7 domain_auto_trans(shell, netmgrd_exec, netmgrd)
8 domain_auto_trans(adbd, netmgrd_exec, netmgrd)
Subash Abhinov Kasiviswanathan1b307e72014-03-04 11:09:42 -0700[diff] [blame]9')
Avijit Kanti Das353e9292014-07-23 23:39:30 -0700[diff] [blame]10
11#Allow files to be written during the operation of netmgrd
12file_type_auto_trans(netmgrd, system_data_file, data_test_data_file)
13
14#Allow netmgrd operations
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]15allow netmgrd netmgrd:capability {
16 dac_override
17 net_raw
18 net_admin
19 sys_module
20 fsetid
21 setgid
22 setuid
23 setpcap
24};
Avijit Kanti Das353e9292014-07-23 23:39:30 -0700[diff] [blame]25
26#Allow logging
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]27allow netmgrd smem_log_device:chr_file rw_file_perms;
Avijit Kanti Das353e9292014-07-23 23:39:30 -0700[diff] [blame]28
29#Allow operations on different types of sockets
30allow netmgrd netmgrd:rawip_socket { create getopt setopt write };
Subash Abhinov Kasiviswanathan4ac88c62014-11-07 14:13:41 -0700[diff] [blame]31allow netmgrd netmgrd:netlink_xfrm_socket { create_socket_perms nlmsg_write nlmsg_read };
Avijit Kanti Das353e9292014-07-23 23:39:30 -0700[diff] [blame]32allow netmgrd netmgrd:netlink_socket { write read create bind };
33allow netmgrd netmgrd:socket { create ioctl };
34allow netmgrd netmgrd:netlink_route_socket { setopt getattr write nlmsg_write };
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]35unix_socket_connect(netmgrd, property, init)
Avijit Kanti Das353e9292014-07-23 23:39:30 -0700[diff] [blame]36
Subash Abhinov Kasiviswanathan4ac88c62014-11-07 14:13:41 -0700[diff] [blame]37unix_socket_connect(netmgrd, cnd, cnd);
38
Biswajit Paul64f83f62014-10-13 14:36:16 -0700[diff] [blame]39qmux_socket(netmgrd);
Avijit Kanti Das353e9292014-07-23 23:39:30 -0700[diff] [blame]40
41#Allow writing of ipv6 network properties
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]42allow netmgrd { proc_net sysfs }:file w_file_perms;
Avijit Kanti Das353e9292014-07-23 23:39:30 -0700[diff] [blame]43
Subash Abhinov Kasiviswanathan1b307e72014-03-04 11:09:42 -0700[diff] [blame]44#Allow address configuration
Subash Abhinov Kasiviswanathan4e2e5af2014-10-16 13:37:05 -0600[diff] [blame]45#Allow setting of DNS and GW Android properties
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]46allow netmgrd { system_prop net_radio_prop }:property_service set;
Subash Abhinov Kasiviswanathan4e2e5af2014-10-16 13:37:05 -0600[diff] [blame]47
Subash Abhinov Kasiviswanathanfcceff72016-02-04 17:22:18 -0700[diff] [blame]48allow netmgrd xlat_prop:property_service set;
49
Avijit Kanti Das353e9292014-07-23 23:39:30 -0700[diff] [blame]50#Allow execution of commands in shell
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]51allow netmgrd system_file:file x_file_perms;
Avijit Kanti Dasf91f2ba2014-09-24 17:08:13 -0700[diff] [blame]52
Biswajit Pauld8ab6262014-10-23 16:27:42 -0700[diff] [blame]53allow netmgrd self:socket create_socket_perms;
Avijit Kanti Dasfe61c2d2014-10-16 20:17:03 -0700[diff] [blame]54allow netmgrd sysfs_esoc:dir r_dir_perms;
Avijit Kanti Dasf91f2ba2014-09-24 17:08:13 -0700[diff] [blame]55
56#Allow communication with netd
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]57allow netmgrd netd_socket:sock_file w_file_perms;
58r_dir_file(netmgrd, net_data_file)
Subash Abhinov Kasiviswanathan4e2e5af2014-10-16 13:37:05 -0600[diff] [blame]59
60#Allow nemtgrd to use esoc api's to determine target
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]61allow netmgrd sysfs_esoc:lnk_file r_file_perms;
Avijit Kanti Dasd01b3b32014-10-21 10:30:09 -0700[diff] [blame]62
63r_dir_file(netmgrd, sysfs_ssr);
Avijit Kanti Dase0ef7852014-11-05 10:40:03 -0800[diff] [blame]64
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]65allow netmgrd sysfs:file w_file_perms;
Avijit Kanti Dasd6e8d8e2014-11-07 10:27:44 -0800[diff] [blame]66
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]67#Allow netmgrd to create netmgrd socket
68allow netmgrd netmgrd_socket:dir create_dir_perms;
69allow netmgrd netmgrd_socket:sock_file create_file_perms;
70
71allow netmgrd { wcnss_service_exec wpa_exec shell_exec }:file rx_file_perms;
Subash Abhinov Kasiviswanathanff356b92015-09-29 18:48:44 -0600[diff] [blame]72
73#Allow netmgrd to use wakelock
74wakelock_use(netmgrd)