| Stephen Smalley | 704744a | 2014-09-03 11:07:03 -0400 | [diff] [blame] | 1 | # goldfish-setup service: runs init.goldfish.sh script |
| Jeff Vander Stoep | ec488e1 | 2017-05-15 13:25:06 -0700 | [diff] [blame] | 2 | type goldfish_setup, domain; |
| bohu | cb0bebb | 2017-05-26 10:26:15 -0700 | [diff] [blame] | 3 | type goldfish_setup_exec, vendor_file_type, exec_type, file_type; |
| Stephen Smalley | 704744a | 2014-09-03 11:07:03 -0400 | [diff] [blame] | 4 | |
| 5 | init_daemon_domain(goldfish_setup) |
| 6 | |
| bohu | 7b46d57 | 2017-12-04 12:57:10 -0800 | [diff] [blame] | 7 | set_prop(goldfish_setup, debug_prop); |
| Stephen Smalley | 704744a | 2014-09-03 11:07:03 -0400 | [diff] [blame] | 8 | allow goldfish_setup self:capability { net_admin net_raw }; |
| bohu | cb0bebb | 2017-05-26 10:26:15 -0700 | [diff] [blame] | 9 | allow goldfish_setup self:udp_socket { create ioctl }; |
| 10 | allow goldfish_setup vendor_toolbox_exec:file execute_no_trans; |
| Richard Haines | 8a09cc2 | 2016-10-20 15:47:44 +0100 | [diff] [blame] | 11 | allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls; |
| bohu | cb0bebb | 2017-05-26 10:26:15 -0700 | [diff] [blame] | 12 | wakelock_use(goldfish_setup); |
| 13 | allow goldfish_setup vendor_shell_exec:file { rx_file_perms }; |