1type ims, domain; 2type ims_exec, exec_type, file_type; 3 4# Started by init 5init_daemon_domain(ims) 6 7# Uses network sockets 8net_domain(ims) 9 10# Grant access to Qualcomm MSM Interface (QMI) radio sockets to ims daemon 11qmux_socket(ims) 12 13# Allow ims to communicate with netd. 14allow ims netd_socket:sock_file write; 15 16# Needed to let ims daemon drop unneeded capabilities and to allow access to 17# net_bind 18allow ims self:capability { setpcap setuid net_bind_service }; 19 20# Allow ims to create and use netlink sockets. 21allow ims self:netlink_socket create_socket_perms; 22 23# Allow access to smem log 24allow ims shared_log_device:chr_file rw_file_perms; 25 26# ims needs to parse through /proc to obtain pid of netmgrd 27r_dir_file(ims, netmgrd) 28 29# b/18352920 suppress denials until the procfs lookup is removed 30dontaudit ims domain:dir r_dir_perms; 31 32# Allow ims to create and use socket to communicate between ims processes. 33allow ims self:socket create_socket_perms; 34 35# Runs /system/bin/sh for executing ndc commands via popen 36allow ims shell_exec:file rx_file_perms; 37 38# Runs /system/bin/ndc 39allow ims system_file:file rx_file_perms; 40 41# Talks to init via property socket. 42unix_socket_connect(ims, property, init) 43 44# Allow ims to tell init to start the ims data service via property=sys.ims.QMI_DAEMON_STATUS 45allow ims qcom_ims_prop:property_service set; 46 47allow ims wpa_socket:sock_file create_file_perms; 48allow ims wpa_socket:dir rw_dir_perms; 49 50allow ims wifi_data_file:dir r_dir_perms; 51 52unix_socket_send(ims, wpa, wpa) 53