legacy/vendor/common/netd.te - device/qcom/sepolicy - Gitiles

 # Copyright (c) 2019, The Linux Foundation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are
 # met:
 #     * Redistributions of source code must retain the above copyright
 #       notice, this list of conditions and the following disclaimer.
 #     * Redistributions in binary form must reproduce the above
 #       copyright notice, this list of conditions and the following
 #       disclaimer in the documentation and/or other materials provided
 #       with the distribution.
 #     * Neither the name of The Linux Foundation nor the names of its
 #       contributors may be used to endorse or promote products derived
 #       from this software without specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
 # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
 # ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
 # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
 # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 #Policies for IPv6 tethering
 allow netd netd:capability { setgid setuid };
 dontaudit netd self:capability sys_module;
 binder_use(netd);
 allow netd qtitetherservice_service:service_manager find;

 allow netd netd:packet_socket create_socket_perms_no_ioctl;

 #unix_socket_connect(netd, cnd, cnd)

 allow netd wfdservice:fd use;
 #allow netd wfdservice:tcp_socket rw_socket_perms;
 hal_client_domain(netd, wifidisplayhalservice);

 #allow netd to use privileged sock ioctls
 allowxperm netd self: { unix_stream_socket } ioctl priv_sock_ioctls;

 allow netd self:capability fsetid;
 #allow netd hostapd:unix_dgram_socket sendto;

 # Allow netd to chmod dir /data/misc/dhcp
 allow netd dhcp_data_file:dir create_dir_perms;

 type_transition netd wifi_data_file:dir wpa_socket "sockets";
 #allow netd wpa_socket:sock_file create_file_perms;

 # If an already existing file is opened with O_CREAT,
 # the kernel might generate a false report of a create
 # denial. Silence these denials
 dontaudit netd system_file:dir write;
	# Copyright (c) 2019, The Linux Foundation. All rights reserved.
	#
	# Redistribution and use in source and binary forms, with or without
	# modification, are permitted provided that the following conditions are
	# met:
	# * Redistributions of source code must retain the above copyright
	# notice, this list of conditions and the following disclaimer.
	# * Redistributions in binary form must reproduce the above
	# copyright notice, this list of conditions and the following
	# disclaimer in the documentation and/or other materials provided
	# with the distribution.
	# * Neither the name of The Linux Foundation nor the names of its
	# contributors may be used to endorse or promote products derived
	# from this software without specific prior written permission.
	#
	# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
	# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
	# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
	# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
	# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
	# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
	# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
	# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
	# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

	#Policies for IPv6 tethering
	allow netd netd:capability { setgid setuid };
	dontaudit netd self:capability sys_module;
	binder_use(netd);
	allow netd qtitetherservice_service:service_manager find;

	allow netd netd:packet_socket create_socket_perms_no_ioctl;

	#unix_socket_connect(netd, cnd, cnd)

	allow netd wfdservice:fd use;
	#allow netd wfdservice:tcp_socket rw_socket_perms;
	hal_client_domain(netd, wifidisplayhalservice);

	#allow netd to use privileged sock ioctls
	allowxperm netd self: { unix_stream_socket } ioctl priv_sock_ioctls;

	allow netd self:capability fsetid;
	#allow netd hostapd:unix_dgram_socket sendto;

	# Allow netd to chmod dir /data/misc/dhcp
	allow netd dhcp_data_file:dir create_dir_perms;

	type_transition netd wifi_data_file:dir wpa_socket "sockets";
	#allow netd wpa_socket:sock_file create_file_perms;

	# If an already existing file is opened with O_CREAT,
	# the kernel might generate a false report of a create
	# denial. Silence these denials
	dontaudit netd system_file:dir write;