1# Connectivity Engine Observer Interface daemon (cnd) 2type cnd, domain, device_domain_deprecated; 3type cnd_exec, exec_type, file_type; 4 5init_daemon_domain(cnd) 6 7file_type_auto_trans(cnd, socket_device, cnd_socket); 8 9# Talk to qmuxd (qmux_radio) 10qmux_socket(cnd) 11 12# cnd is started as root uid/gid and transitions to system 13allow cnd self:capability { setuid setgid net_raw }; 14 15# Note: fsetid is deliberately not included above. fsetid checks are 16# triggered by chmod on a directory or file owned by a group other 17# than one of the groups assigned to the current process to see if 18# the setgid bit should be cleared, regardless of whether the setgid 19# bit was even set. We do not appear to truly need this capability 20# for cnd to operate. 21dontaudit cnd self:capability fsetid; 22 23allow cnd self:socket create_socket_perms; 24allowxperm cnd self:socket ioctl msm_sock_ipc_ioctls; 25 26# create upd_socket to gather network info via ioctls (e.g. MTU size) 27allow cnd self:udp_socket { create ioctl }; 28 29userdebug_or_eng(` 30 allow cnd smem_log_device:chr_file rw_file_perms; 31') 32 33wakelock_use(cnd) 34