selinux/netmgrd.te


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

# Network utilities (radio process)
type netmgrd, domain;
type netmgrd_exec, exec_type, file_type;

net_domain(netmgrd)
# Started by init
init_daemon_domain(netmgrd)


allow netmgrd self:udp_socket { create ioctl };
# fsetid, dac_override unlink on /dev/socket/qmux_radio/qmux_client_socket
allow netmgrd self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override };
allow netmgrd self:packet_socket { write bind read create };
allow netmgrd self:netlink_socket { write read create bind setopt };
allow netmgrd self:netlink_route_socket { create bind read write nlmsg_read nlmsg_write setopt getattr };
allow netmgrd kernel:system module_request;

# Talk to qmuxd
qmux_socket(netmgrd)

# Allow logging diagnostic items
allow netmgrd diagnostic_device:chr_file rw_file_perms;

# /data/data_test/ access with shell
allow netmgrd shell_exec:file { execute read open execute_no_trans };
allow netmgrd system_file:file { execute_no_trans };

# Talk to init over the property socket
unix_socket_connect(netmgrd, property, init)
# Set net.rmnet_usb0. values
allow netmgrd radio_prop:property_service set;

allow netmgrd netmgrd:process { execmem };