| Stephen Smalley | 704744a | 2014-09-03 11:07:03 -0400 | [diff] [blame^] | 1 | # goldfish-setup service: runs init.goldfish.sh script |
| 2 | type goldfish_setup, domain; |
| 3 | type goldfish_setup_exec, exec_type, file_type; |
| 4 | permissive_or_unconfined(goldfish_setup) |
| 5 | |
| 6 | init_daemon_domain(goldfish_setup) |
| 7 | |
| 8 | # Inherit open file to shell (interpreter) for script. |
| 9 | allow goldfish_setup shell_exec:file read; |
| 10 | |
| 11 | # Run ifconfig, route commands to configure interfaces and routes. |
| 12 | allow goldfish_setup system_file:file execute_no_trans; |
| 13 | allow goldfish_setup self:capability { net_admin net_raw }; |
| 14 | allow goldfish_setup self:udp_socket create_socket_perms; |
| 15 | |
| 16 | # Set net.eth0.dns*, debug.sf.nobootanimation |
| 17 | unix_socket_connect(goldfish_setup, property, init) |
| 18 | allow goldfish_setup system_prop:property_service set; |
| 19 | allow goldfish_setup debug_prop:property_service set; |