| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # rild - radio interface layer daemon |
| 2 | type rild, domain; |
| 3 | type rild_exec, exec_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(rild) |
| 6 | net_domain(rild) |
| Stephen Smalley | 1601132 | 2014-02-24 15:06:11 -0500 | [diff] [blame] | 7 | allow rild self:netlink_route_socket nlmsg_write; |
| Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 8 | allow rild kernel:system module_request; |
| Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 9 | allow rild self:capability { setuid net_admin net_raw }; |
| 10 | allow rild alarm_device:chr_file rw_file_perms; |
| 11 | allow rild cgroup:dir create_dir_perms; |
| 12 | allow rild radio_device:chr_file rw_file_perms; |
| 13 | allow rild radio_device:blk_file r_file_perms; |
| Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 14 | allow rild mtd_device:dir search; |
| 15 | allow rild efs_file:dir create_dir_perms; |
| 16 | allow rild efs_file:file create_file_perms; |
| 17 | allow rild shell_exec:file rx_file_perms; |
| 18 | allow rild bluetooth_efs_file:file r_file_perms; |
| 19 | allow rild bluetooth_efs_file:dir r_dir_perms; |
| 20 | allow rild radio_data_file:dir rw_dir_perms; |
| 21 | allow rild radio_data_file:file create_file_perms; |
| 22 | allow rild sdcard_type:dir r_dir_perms; |
| Stephen Smalley | 9e012cd | 2014-03-18 14:01:27 -0400 | [diff] [blame] | 23 | allow rild system_data_file:dir r_dir_perms; |
| 24 | allow rild system_data_file:file r_file_perms; |
| Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 25 | allow rild system_file:file x_file_perms; |
| Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 26 | |
| 27 | # property service |
| William Roberts | 2f5a6a9 | 2015-05-04 18:22:45 -0700 | [diff] [blame] | 28 | set_prop(rild, radio_prop) |
| 29 | set_prop(rild, net_radio_prop) |
| 30 | set_prop(rild, system_radio_prop) |
| Stephen Smalley | fee4915 | 2014-06-19 10:27:02 -0400 | [diff] [blame] | 31 | auditallow rild net_radio_prop:property_service set; |
| 32 | auditallow rild system_radio_prop:property_service set; |
| Stephen Smalley | dcbab90 | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 33 | |
| 34 | # Read/Write to uart driver (for GPS) |
| 35 | allow rild gps_device:chr_file rw_file_perms; |
| 36 | |
| 37 | allow rild tty_device:chr_file rw_file_perms; |
| 38 | |
| Stephen Smalley | 1601132 | 2014-02-24 15:06:11 -0500 | [diff] [blame] | 39 | # Allow rild to create and use netlink sockets. |
| 40 | allow rild self:netlink_socket create_socket_perms; |
| 41 | allow rild self:netlink_kobject_uevent_socket create_socket_perms; |
| William Roberts | ec7d39b | 2013-09-28 18:46:21 -0400 | [diff] [blame] | 42 | |
| 43 | # Access to wake locks |
| Nick Kralevich | 8599e34 | 2014-05-23 13:33:32 -0700 | [diff] [blame] | 44 | wakelock_use(rild) |
| Robert Craig | aa37683 | 2013-12-05 17:24:03 -0500 | [diff] [blame] | 45 | |
| 46 | allow rild self:socket create_socket_perms; |