diff options
| author | Cosme Domínguez Díaz <cosme.ddiaz@gmail.com> | 2018-04-29 02:45:22 +0200 |
|---|---|---|
| committer | Cosme Domínguez Díaz <cosme.ddiaz@gmail.com> | 2018-05-02 23:46:36 +0200 |
| commit | b5b41d341dd744c40d3908550daaafcee6fe7b4b (patch) | |
| tree | 3c13b9ed2d88a4b15eefb61339152a42eda3104a /sepolicy/netmgrd.te | |
| parent | 008f0bb54500d59599f1b61522dc8ac75bfd2e5c (diff) | |
msm8996-common: sepolicy: Cleanup
Diffstat (limited to 'sepolicy/netmgrd.te')
| -rw-r--r-- | sepolicy/netmgrd.te | 59 |
1 files changed, 4 insertions, 55 deletions
diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te index c7ed94d..933aa83 100644 --- a/sepolicy/netmgrd.te +++ b/sepolicy/netmgrd.te @@ -1,55 +1,4 @@ -net_domain(netmgrd) - -# Grant access to Qualcomm MSM Interface (QMI) radio sockets -qmux_socket(netmgrd) - -wakelock_use(netmgrd) - -# create socket in /dev/socket/netmgrd/ -allow netmgrd netmgrd_socket:dir rw_dir_perms; -allow netmgrd netmgrd_socket:sock_file create_file_perms; - -# communicate with netd -unix_socket_connect(netmgrd, netd, netd) - -allow netmgrd proc_net:file rw_file_perms; - -allow netmgrd self:capability { net_admin net_raw setgid setpcap setuid }; - -# read /data/misc/net -allow netmgrd net_data_file:dir r_dir_perms; -allow netmgrd net_data_file:file r_file_perms; -# read and write /data/misc/netmgr -userdebug_or_eng(` - allow netmgrd netmgr_data_file:dir rw_dir_perms; - allow netmgrd netmgr_data_file:file create_file_perms; -') - -# execute shell, ip, and toolbox -allow netmgrd vendor_shell_exec:file rx_file_perms; -allow netmgrd vendor_toolbox_exec:file rx_file_perms; - -# netmgrd sockets -allow netmgrd self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write }; -allow netmgrd self:netlink_socket create_socket_perms_no_ioctl; -allow netmgrd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write }; -allow netmgrd self:rawip_socket create_socket_perms_no_ioctl; -allow netmgrd self:socket create_socket_perms; -# in addition to ioctl commands granted to domain allow netmgrd to use: -allowxperm netmgrd self:udp_socket ioctl priv_sock_ioctls; -allowxperm netmgrd self:socket ioctl msm_sock_ipc_ioctls; - -set_prop(netmgrd, net_radio_prop) - -# read files in /sys -r_dir_file(netmgrd, sysfs_type) -allow netmgrd sysfs_net:file write; - -userdebug_or_eng(` - allow netmgrd diag_device:chr_file rw_file_perms; -') - -# For netmgrd to be able to execute netutils wrappers -domain_trans(netmgrd, netutils_wrapper_exec, netutils_wrapper) -allow netmgrd netutils_wrapper_exec:file { open read getattr execute }; -allow netmgrd netutils_wrapper:process sigkill; +allow netmgrd sysfs_msm_subsys:dir search; +allow netmgrd sysfs_net:dir search; +allow netmgrd sysfs_net:file rw_file_perms; +allow netmgrd sysfs_soc:dir search; |