# Network utilities (radio process)
type netmgrd, domain;
type netmgrd_exec, exec_type, file_type;

# Started by init
init_daemon_domain(netmgrd)

allow netmgrd self:udp_socket { create ioctl };
# fsetid, dac_override unlink on /dev/socket/qmux_radio/qmux_client_socket
allow netmgrd self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override };
allow netmgrd self:packet_socket { write bind read create };
allow netmgrd self:netlink_socket { write read create bind setopt };
allow netmgrd self:netlink_route_socket { create bind read write nlmsg_read nlmsg_write setopt getattr };
allow netmgrd kernel:system module_request;

# Talk to qmuxd
qmux_socket(netmgrd)

# Allow logging diagnostic items
allow netmgrd diagnostic_device:chr_file rw_file_perms;

# /data/data_test/ access with shell
allow netmgrd shell_exec:file { execute read open execute_no_trans };
allow netmgrd system_file:file { execute_no_trans };

# Talk to init over the property socket
unix_socket_connect(netmgrd, property, init)
# Set net.rmnet_usb0. values
allow netmgrd radio_prop:property_service set;