blob: 11159a4f36faf7a5642c4b87196aff8a6532c11d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# Network utilities (radio process)
type netmgrd, domain;
type netmgrd_exec, exec_type, file_type;
# Started by init
init_daemon_domain(netmgrd)
allow netmgrd self:udp_socket { create ioctl };
# fsetid, dac_override unlink on /dev/socket/qmux_radio/qmux_client_socket
allow netmgrd self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override };
allow netmgrd self:packet_socket { write bind read create };
allow netmgrd self:netlink_socket { write read create bind setopt };
allow netmgrd self:netlink_route_socket { create bind read write nlmsg_read nlmsg_write setopt getattr };
allow netmgrd kernel:system module_request;
# Talk to qmuxd
qmux_socket(netmgrd)
# Allow logging diagnostic items
allow netmgrd diagnostic_device:chr_file rw_file_perms;
# /data/data_test/ access with shell
allow netmgrd shell_exec:file { execute read open execute_no_trans };
allow netmgrd system_file:file { execute_no_trans };
# Talk to init over the property socket
unix_socket_connect(netmgrd, property, init)
# Set net.rmnet_usb0. values
allow netmgrd radio_prop:property_service set;
|