1# Network utilities (radio process) 2type netmgrd, domain, domain_deprecated; 3type netmgrd_exec, exec_type, file_type; 4 5# Uses network sockets. 6net_domain(netmgrd) 7 8# Talk to qmuxd (qmux_radio) 9qmux_socket(netmgrd) 10 11# Runs commands via sh. 12allow netmgrd shell_exec:file rx_file_perms; 13 14# Starts as (root,radio) changes to (radio,radio) 15allow netmgrd self:capability { setuid setgid net_admin net_raw }; 16 17# Started by init 18init_daemon_domain(netmgrd) 19 20allow netmgrd shared_log_device:chr_file rw_file_perms; 21 22# Access to /proc/sys/net/* 23allow netmgrd proc_net:file rw_file_perms; 24allow netmgrd proc_net:dir r_dir_perms; 25 26# Runs /system/bin/toolbox 27allow netmgrd toolbox_exec:file rx_file_perms; 28# Run other system commands. 29allow netmgrd system_file:file rx_file_perms; 30 31#Allow operations on different types of sockets 32allow netmgrd self:netlink_socket create_socket_perms; 33allow netmgrd self:rawip_socket create_socket_perms; 34allow netmgrd self:netlink_route_socket nlmsg_write; 35allow netmgrd self:netlink_xfrm_socket { create_socket_perms nlmsg_write nlmsg_read }; 36 37# b/17065650 38allow netmgrd self:socket create_socket_perms; 39 40#Allow communication with cnd 41unix_socket_connect(netmgrd, cnd, cnd) 42 43# CONFIG_MODULES not set in shamu_defconfig 44dontaudit netmgrd self:capability sys_module; 45 46# Set net_radio properties 47set_prop(netmgrd, net_radio_prop) 48 49#Set netmgrd properties 50allow netmgrd qcom_netmgrd_prop:property_service set; 51 52# Permission to run netd commands 53allow netmgrd netd_socket:sock_file write; 54 55#Allow access to files associated with netd 56allow netmgrd net_data_file:file r_file_perms; 57allow netmgrd net_data_file:dir r_dir_perms; 58