1# For IP Multimedia Subsystem(IMS) functionality 2type ims, domain, domain_deprecated; 3type ims_exec, exec_type, file_type; 4 5# Started by init 6init_daemon_domain(ims) 7 8allow ims self:capability { net_raw net_admin }; 9 10# Allow ims to create and use socket to communicate between ims processes. 11allow ims self:socket create_socket_perms; 12 13# Allow ims to tell init to start the ims data service via property=sys.ims.QMI_DAEMON_STATUS 14set_prop(ims, qcom_ims_prop); 15 16# Allow ims to write to ims_socket 17allow ims ims_socket:sock_file write; 18 19# talk to connectivity engine observer interface daemon (cnd) 20unix_socket_connect(ims, cnd, cnd) 21# talk to netd 22unix_socket_connect(ims, netd, netd) 23# talk to qmux 24qmux_socket(ims) 25# communicate with the network driver 26allow ims self:udp_socket { create ioctl }; 27 28# Runs /system/bin/sh for executing ndc commands via popen 29allow ims shell_exec:file rx_file_perms; 30 31# Runs /system/bin/ndc 32allow ims system_file:file rx_file_perms; 33 34# address qualcomm proprietary binary denials 35allow ims self:netlink_socket create_socket_perms; 36allow ims self:netlink_route_socket { create_socket_perms nlmsg_write nlmsg_read }; 37