| Stephen Smalley | 704744a | 2014-09-03 11:07:03 -0400 | [diff] [blame] | 1 | # goldfish-setup service: runs init.goldfish.sh script |
| 2 | type goldfish_setup, domain; |
| 3 | type goldfish_setup_exec, exec_type, file_type; |
| Stephen Smalley | 704744a | 2014-09-03 11:07:03 -0400 | [diff] [blame] | 4 | |
| 5 | init_daemon_domain(goldfish_setup) |
| 6 | |
| 7 | # Inherit open file to shell (interpreter) for script. |
| 8 | allow goldfish_setup shell_exec:file read; |
| 9 | |
| 10 | # Run ifconfig, route commands to configure interfaces and routes. |
| 11 | allow goldfish_setup system_file:file execute_no_trans; |
| 12 | allow goldfish_setup self:capability { net_admin net_raw }; |
| 13 | allow goldfish_setup self:udp_socket create_socket_perms; |
| 14 | |
| 15 | # Set net.eth0.dns*, debug.sf.nobootanimation |
| William Roberts | cccc901 | 2015-05-11 10:23:59 -0700 | [diff] [blame^] | 16 | set_prop(goldfish_setup, system_prop) |
| 17 | set_prop(goldfish_setup, debug_prop) |