type wifi_sniffer, domain;
type wifi_sniffer_exec, exec_type, vendor_file_type, file_type;

userdebug_or_eng(`
  # make transition from init to its domain
  init_daemon_domain(wifi_sniffer)
  net_domain(wifi_sniffer)

# configurate con mode
  allow wifi_sniffer self:capability { net_admin net_raw };
  allow wifi_sniffer sysfs_wifi_conmode:file rw_file_perms;

# interface up
  allowxperm wifi_sniffer self:udp_socket ioctl SIOCSIFFLAGS;
  allow wifi_sniffer self:netlink_generic_socket create_socket_perms;
  allowxperm wifi_sniffer self:netlink_generic_socket ioctl { 0x8910 0x8946 };

# tcpdump
  allow wifi_sniffer self:packet_socket create_socket_perms;
  allowxperm wifi_sniffer self:packet_socket ioctl { 0x8933 0x8927 };
  allow wifi_sniffer self:unix_dgram_socket ioctl;
  allowxperm wifi_sniffer self:unix_dgram_socket ioctl 0x8946;
  allow wifi_sniffer sysfs_net:dir search;
  allow wifi_sniffer sysfs_net:file r_file_perms;
  allow wifi_sniffer tcpdump_exec:file rx_file_perms;
  allow wifi_sniffer wifi_logging_data_file:file create_file_perms;
  allow wifi_sniffer wifi_logging_data_file:dir create_dir_perms;

  get_prop(wifi_sniffer, vendor_wifi_sniffer_prop)
')