You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
75 lines
2.2 KiB
75 lines
2.2 KiB
4 months ago
|
type netmgrd, domain;
|
||
|
type netmgrd_exec, exec_type, vendor_file_type, file_type;
|
||
|
init_daemon_domain(netmgrd)
|
||
|
|
||
|
net_domain(netmgrd)
|
||
|
|
||
|
#Allow netmgrd operations
|
||
|
#TODO(b/125060737): Remove netmgrd net_admin/net_raw privilege
|
||
|
allow netmgrd netmgrd:capability {
|
||
|
net_raw
|
||
|
net_admin
|
||
|
setgid
|
||
|
setuid
|
||
|
setpcap
|
||
|
};
|
||
|
|
||
|
#Allow operations on different types of sockets
|
||
|
allow netmgrd netmgrd:netlink_route_socket nlmsg_write;
|
||
|
allow netmgrd self:netlink_generic_socket create_socket_perms_no_ioctl;
|
||
|
allow netmgrd self:qipcrtr_socket create_socket_perms_no_ioctl;
|
||
|
|
||
|
#Allow writing of ipv6 network properties
|
||
|
allow netmgrd proc_net:file rw_file_perms;
|
||
|
|
||
|
#Allow nemtgrd to use esoc api's to determine target
|
||
|
allow netmgrd sysfs_esoc:dir r_dir_perms;
|
||
|
allow netmgrd sysfs_esoc:lnk_file r_file_perms;
|
||
|
|
||
|
r_dir_file(netmgrd, sysfs_ssr);
|
||
|
|
||
|
#Allow netmgrd to create netmgrd socket
|
||
|
allow netmgrd netmgrd_socket:dir create_dir_perms;
|
||
|
allow netmgrd netmgrd_socket:sock_file create_file_perms;
|
||
|
|
||
|
#Allow netmgrd to use wakelock
|
||
|
wakelock_use(netmgrd)
|
||
|
|
||
|
allowxperm netmgrd self:udp_socket ioctl priv_sock_ioctls;
|
||
|
|
||
|
#Allow netmgrd to use netd HAL via HIDL
|
||
|
allow netmgrd system_net_netd_hwservice:hwservice_manager find;
|
||
|
binder_call(netmgrd, netd)
|
||
|
|
||
|
allow netmgrd sysfs_net:dir r_dir_perms;
|
||
|
allow netmgrd sysfs_net:file rw_file_perms;
|
||
|
|
||
|
allow netmgrd sysfs_soc:dir search;
|
||
|
allow netmgrd sysfs_soc:file r_file_perms;
|
||
|
|
||
|
allow netmgrd sysfs_msm_subsys:dir r_dir_perms;
|
||
|
allow netmgrd sysfs_msm_subsys:file r_file_perms;
|
||
|
|
||
|
#Ignore if device loading for private IOCTL failed
|
||
|
dontaudit netmgrd kernel:system module_request;
|
||
|
|
||
|
# Allow netmgrd logging mechanism
|
||
|
allow netmgrd netmgrd_data_file:dir rw_dir_perms;
|
||
|
allow netmgrd netmgrd_data_file:file create_file_perms;
|
||
|
|
||
|
userdebug_or_eng(`
|
||
|
allow netmgrd diag_device:chr_file rw_file_perms;
|
||
|
#Allow diag logging
|
||
|
allow netmgrd sysfs_timestamp_switch:file r_file_perms;
|
||
|
r_dir_file(netmgrd, sysfs_diag)
|
||
|
')
|
||
|
allow netmgrd self:netlink_xfrm_socket create_socket_perms_no_ioctl;
|
||
|
|
||
|
#Allow set persist.vendor.data.shs_ko_load
|
||
|
#Allow set persist.vendor.data.shsusr_load
|
||
|
#Allow set persist.vendor.data.perf_ko_load
|
||
|
#Allow set persist.vendor.data.qmipriod_load
|
||
|
#Allow set persist.vendor.data.offload_ko_load
|
||
|
set_prop(netmgrd, vendor_radio_prop)
|
||
|
|