Stephen Smalley | 945fb56 | 2013-10-29 14:42:36 -0400 | [diff] [blame] | 1 | # userspace wifi access points |
Nick Kralevich | dbd28d9 | 2013-06-27 15:11:02 -0700 | [diff] [blame] | 2 | type hostapd, domain; |
Nick Kralevich | 623975f | 2014-01-11 01:31:03 -0800 | [diff] [blame] | 3 | permissive_or_unconfined(hostapd) |
Nick Kralevich | dbd28d9 | 2013-06-27 15:11:02 -0700 | [diff] [blame] | 4 | type hostapd_exec, exec_type, file_type; |
| 5 | |
Stephen Smalley | 945fb56 | 2013-10-29 14:42:36 -0400 | [diff] [blame] | 6 | allow hostapd self:capability { net_admin net_raw setuid setgid }; |
| 7 | allow hostapd self:netlink_socket create_socket_perms; |
| 8 | allow hostapd self:packet_socket { create write read }; |
| 9 | allow hostapd self:netlink_route_socket { bind create write nlmsg_write read }; |
| 10 | allow hostapd self:udp_socket { create ioctl }; |
| 11 | |
| 12 | allow hostapd wifi_data_file:file rw_file_perms; |
| 13 | allow hostapd wifi_data_file:dir create_dir_perms; |
Stephen Smalley | f206737 | 2014-02-11 10:44:21 -0500 | [diff] [blame] | 14 | allow hostapd wpa_socket:dir create_dir_perms; |
| 15 | allow hostapd wpa_socket:sock_file create_file_perms; |
Stephen Smalley | 945fb56 | 2013-10-29 14:42:36 -0400 | [diff] [blame] | 16 | allow hostapd netd:fd use; |
| 17 | allow hostapd netd:udp_socket { read write }; |
| 18 | allow hostapd netd:netlink_kobject_uevent_socket { read write }; |
| 19 | allow hostapd netd:netlink_nflog_socket { read write }; |
| 20 | allow hostapd netd:netlink_route_socket { read write }; |
| 21 | allow hostapd netd:unix_stream_socket { read write }; |
| 22 | allow hostapd netd:fifo_file { read write }; |