summaryrefslogtreecommitdiff
path: root/vendor/qcom/common/netmgrd.te
blob: 4d53e7c01c4a17f3d482a2f79a20301b19724eaf (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

type netmgrd, domain;
type netmgrd_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(netmgrd)

net_domain(netmgrd)

#Allow netmgrd operations
#TODO(b/125060737): Remove netmgrd net_admin/net_raw privilege
allow netmgrd netmgrd:capability {
    net_raw
    net_admin
    setgid
    setuid
    setpcap
};

#Allow operations on different types of sockets
allow netmgrd netmgrd:netlink_route_socket nlmsg_write;
allow netmgrd self:netlink_generic_socket create_socket_perms_no_ioctl;
allow netmgrd self:qipcrtr_socket create_socket_perms_no_ioctl;

#Allow writing of ipv6 network properties
allow netmgrd proc_net:file rw_file_perms;

#Allow nemtgrd to use esoc api's to determine target
allow netmgrd sysfs_esoc:dir r_dir_perms;
allow netmgrd sysfs_esoc:lnk_file r_file_perms;

r_dir_file(netmgrd, sysfs_ssr);

#Allow netmgrd to create netmgrd socket
allow netmgrd netmgrd_socket:dir create_dir_perms;
allow netmgrd netmgrd_socket:sock_file create_file_perms;

#Allow netmgrd to use wakelock
wakelock_use(netmgrd)

allowxperm netmgrd self:udp_socket ioctl priv_sock_ioctls;

#Allow netmgrd to use netd HAL via HIDL
allow netmgrd system_net_netd_hwservice:hwservice_manager find;
binder_call(netmgrd, netd)

allow netmgrd sysfs_net:dir r_dir_perms;
allow netmgrd sysfs_net:file rw_file_perms;

allow netmgrd sysfs_soc:dir search;
allow netmgrd sysfs_soc:file r_file_perms;

allow netmgrd sysfs_msm_subsys:dir r_dir_perms;
allow netmgrd sysfs_msm_subsys:file r_file_perms;

#Ignore if device loading for private IOCTL failed
dontaudit netmgrd kernel:system module_request;

# Allow netmgrd logging mechanism
allow netmgrd netmgrd_data_file:dir rw_dir_perms;
allow netmgrd netmgrd_data_file:file create_file_perms;

userdebug_or_eng(`
  allow netmgrd diag_device:chr_file rw_file_perms;
  #Allow diag logging
  allow netmgrd sysfs_timestamp_switch:file r_file_perms;
  r_dir_file(netmgrd, sysfs_diag)
')
allow netmgrd self:netlink_xfrm_socket create_socket_perms_no_ioctl;

#Allow set persist.vendor.data.shs_ko_load
#Allow set persist.vendor.data.shsusr_load
#Allow set persist.vendor.data.perf_ko_load
#Allow set persist.vendor.data.qmipriod_load
#Allow set persist.vendor.data.offload_ko_load
set_prop(netmgrd, vendor_radio_prop)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 14:15:48 +0000