blob: 988c9b613ee957678eb641eb59d8c03c6c54087e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
# For IP Multimedia Subsystem(IMS) functionality
type ims, domain, domain_deprecated;
type ims_exec, exec_type, file_type;
# Started by init
init_daemon_domain(ims)
allow ims self:capability { net_raw net_admin };
# Allow ims to create and use socket to communicate between ims processes.
allow ims self:socket create_socket_perms;
# Allow ims to tell init to start the ims data service via property=sys.ims.QMI_DAEMON_STATUS
set_prop(ims, qcom_ims_prop);
# Allow ims to write to ims_socket
allow ims ims_socket:sock_file write;
# talk to connectivity engine observer interface daemon (cnd)
unix_socket_connect(ims, cnd, cnd)
# talk to netd
unix_socket_connect(ims, netd, netd)
# talk to qmux
qmux_socket(ims)
# communicate with the network driver
allow ims self:udp_socket { create ioctl };
# Runs /system/bin/sh for executing ndc commands via popen
allow ims shell_exec:file rx_file_perms;
# Runs /system/bin/ndc
allow ims system_file:file rx_file_perms;
# address qualcomm proprietary binary denials
allow ims self:netlink_socket create_socket_perms;
allow ims self:netlink_route_socket { create_socket_perms nlmsg_write nlmsg_read };
|
