1type netmgrd, domain; 2type netmgrd_exec, exec_type, vendor_file_type, file_type; 3init_daemon_domain(netmgrd) 4 5net_domain(netmgrd) 6 7#Allow netmgrd operations 8#TODO(b/125060737): Remove netmgrd net_admin/net_raw privilege 9allow netmgrd netmgrd:capability { 10 net_raw 11 net_admin 12 setgid 13 setuid 14 setpcap 15}; 16 17#Allow operations on different types of sockets 18allow netmgrd netmgrd:netlink_route_socket nlmsg_write; 19allow netmgrd self:netlink_generic_socket create_socket_perms_no_ioctl; 20allow netmgrd self:qipcrtr_socket create_socket_perms_no_ioctl; 21 22#Allow writing of ipv6 network properties 23allow netmgrd proc_net:file rw_file_perms; 24 25#Allow nemtgrd to use esoc api's to determine target 26allow netmgrd sysfs_esoc:dir r_dir_perms; 27allow netmgrd sysfs_esoc:lnk_file r_file_perms; 28 29r_dir_file(netmgrd, sysfs_ssr); 30 31#Allow netmgrd to create netmgrd socket 32allow netmgrd netmgrd_socket:dir create_dir_perms; 33allow netmgrd netmgrd_socket:sock_file create_file_perms; 34 35#Allow netmgrd to use wakelock 36wakelock_use(netmgrd) 37 38allowxperm netmgrd self:udp_socket ioctl priv_sock_ioctls; 39 40#Allow netmgrd to use netd HAL via HIDL 41allow netmgrd system_net_netd_hwservice:hwservice_manager find; 42binder_call(netmgrd, netd) 43 44allow netmgrd sysfs_net:dir r_dir_perms; 45allow netmgrd sysfs_net:file rw_file_perms; 46 47allow netmgrd sysfs_soc:dir search; 48allow netmgrd sysfs_soc:file r_file_perms; 49 50allow netmgrd sysfs_msm_subsys:dir r_dir_perms; 51allow netmgrd sysfs_msm_subsys:file r_file_perms; 52 53#Ignore if device loading for private IOCTL failed 54dontaudit netmgrd kernel:system module_request; 55 56# Allow netmgrd logging mechanism 57allow netmgrd netmgrd_data_file:dir rw_dir_perms; 58allow netmgrd netmgrd_data_file:file create_file_perms; 59 60userdebug_or_eng(` 61 allow netmgrd diag_device:chr_file rw_file_perms; 62 #Allow diag logging 63 allow netmgrd sysfs_timestamp_switch:file r_file_perms; 64 r_dir_file(netmgrd, sysfs_diag) 65') 66allow netmgrd self:netlink_xfrm_socket create_socket_perms_no_ioctl; 67 68#Allow set persist.vendor.data.shs_ko_load 69#Allow set persist.vendor.data.shsusr_load 70#Allow set persist.vendor.data.perf_ko_load 71#Allow set persist.vendor.data.qmipriod_load 72#Allow set persist.vendor.data.offload_ko_load 73set_prop(netmgrd, vendor_radio_prop) 74 75