Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # rild - radio interface layer daemon |
| 2 | type rild, domain; |
| 3 | type rild_exec, exec_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(rild) |
| 6 | net_domain(rild) |
Stephen Smalley | 1601132 | 2014-02-24 15:06:11 -0500 | [diff] [blame] | 7 | allow rild self:netlink_route_socket nlmsg_write; |
Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 8 | allow rild kernel:system module_request; |
| 9 | unix_socket_connect(rild, property, init) |
Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 10 | allow rild self:capability { setuid net_admin net_raw }; |
| 11 | allow rild alarm_device:chr_file rw_file_perms; |
| 12 | allow rild cgroup:dir create_dir_perms; |
| 13 | allow rild radio_device:chr_file rw_file_perms; |
| 14 | allow rild radio_device:blk_file r_file_perms; |
Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 15 | allow rild mtd_device:dir search; |
| 16 | allow rild efs_file:dir create_dir_perms; |
| 17 | allow rild efs_file:file create_file_perms; |
| 18 | allow rild shell_exec:file rx_file_perms; |
| 19 | allow rild bluetooth_efs_file:file r_file_perms; |
| 20 | allow rild bluetooth_efs_file:dir r_dir_perms; |
| 21 | allow rild radio_data_file:dir rw_dir_perms; |
| 22 | allow rild radio_data_file:file create_file_perms; |
| 23 | allow rild sdcard_type:dir r_dir_perms; |
Stephen Smalley | 9e012cd | 2014-03-18 14:01:27 -0400 | [diff] [blame] | 24 | allow rild system_data_file:dir r_dir_perms; |
| 25 | allow rild system_data_file:file r_file_perms; |
Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 26 | allow rild system_file:file x_file_perms; |
Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 27 | |
| 28 | # property service |
Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 29 | allow rild radio_prop:property_service set; |
Stephen Smalley | fee4915 | 2014-06-19 10:27:02 -0400 | [diff] [blame^] | 30 | allow rild net_radio_prop:property_service set; |
| 31 | allow rild system_radio_prop:property_service set; |
| 32 | auditallow rild net_radio_prop:property_service set; |
| 33 | auditallow rild system_radio_prop:property_service set; |
Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 34 | |
| 35 | # Read/Write to uart driver (for GPS) |
| 36 | allow rild gps_device:chr_file rw_file_perms; |
| 37 | |
| 38 | allow rild tty_device:chr_file rw_file_perms; |
| 39 | |
Stephen Smalley | 1601132 | 2014-02-24 15:06:11 -0500 | [diff] [blame] | 40 | # Allow rild to create and use netlink sockets. |
| 41 | allow rild self:netlink_socket create_socket_perms; |
| 42 | allow rild self:netlink_kobject_uevent_socket create_socket_perms; |
William Roberts | ec7d39b | 2013-09-28 18:46:21 -0400 | [diff] [blame] | 43 | |
| 44 | # Access to wake locks |
Nick Kralevich | 8599e34 | 2014-05-23 13:33:32 -0700 | [diff] [blame] | 45 | wakelock_use(rild) |
Robert Craig | aa37683 | 2013-12-05 17:24:03 -0500 | [diff] [blame] | 46 | |
| 47 | allow rild self:socket create_socket_perms; |