Revert "Remove device specific SEPolicy"

Will follow with policy updates

This reverts commit 8e368fa918f244e214ee8bd53ce332ce6ad74663.

Change-Id: I58247300df68442709b44623e29b1bee0c6d5496

1 files changed, 33 insertions, 0 deletions

diff --git a/selinux/netmgrd.te b/selinux/netmgrd.te
new file mode 100755
index 0000000..0f31fad
--- /dev/null
+++ b/selinux/netmgrd.te
@@ -0,0 +1,33 @@
+# Network utilities (radio process)
+type netmgrd, domain;
+type netmgrd_exec, exec_type, file_type;
+
+net_domain(netmgrd)
+# Started by init
+init_daemon_domain(netmgrd)
+
+
+allow netmgrd self:udp_socket { create ioctl };
+# fsetid, dac_override unlink on /dev/socket/qmux_radio/qmux_client_socket
+allow netmgrd self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override };
+allow netmgrd self:packet_socket { write bind read create };
+allow netmgrd self:netlink_socket { write read create bind setopt };
+allow netmgrd self:netlink_route_socket { create bind read write nlmsg_read nlmsg_write setopt getattr };
+allow netmgrd kernel:system module_request;
+
+# Talk to qmuxd
+qmux_socket(netmgrd)
+
+# Allow logging diagnostic items
+allow netmgrd diagnostic_device:chr_file rw_file_perms;
+
+# /data/data_test/ access with shell
+allow netmgrd shell_exec:file { execute read open execute_no_trans };
+allow netmgrd system_file:file { execute_no_trans };
+
+# Talk to init over the property socket
+unix_socket_connect(netmgrd, property, init)
+# Set net.rmnet_usb0. values
+allow netmgrd radio_prop:property_service set;
+
+allow netmgrd netmgrd:process { execmem };