diff options
| author | Linux Build Service Account <lnxbuild@localhost> | 2015-01-26 21:26:40 -0800 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2015-01-26 21:26:40 -0800 |
| commit | 7cdac77d445cb2a3b9c0eb8b656313ca5619e2eb (patch) | |
| tree | ca0abc529d3d5cc78ef7dfe870eb27860cce713d /common/ims.te | |
| parent | c552d2b020783a928a62eb2477c745b687fd4af0 (diff) | |
| parent | a1432652304530418c043509ebe560df501ff06b (diff) | |
| download | android_device_qcom_sepolicy-7cdac77d445cb2a3b9c0eb8b656313ca5619e2eb.tar.gz android_device_qcom_sepolicy-7cdac77d445cb2a3b9c0eb8b656313ca5619e2eb.tar.bz2 android_device_qcom_sepolicy-7cdac77d445cb2a3b9c0eb8b656313ca5619e2eb.zip | |
Merge "Merge tag 'AU_LINUX_ANDROID_LA.BF.1.1.05.00.02.162.248' into HEAD"
Diffstat (limited to 'common/ims.te')
| -rw-r--r-- | common/ims.te | 54 |
1 files changed, 48 insertions, 6 deletions
diff --git a/common/ims.te b/common/ims.te index 401ee51d..5a104780 100644 --- a/common/ims.te +++ b/common/ims.te @@ -4,12 +4,54 @@ type ims_exec, exec_type, file_type; # Started by init init_daemon_domain(ims) +net_domain(ims) -allow radio ims_socket:sock_file { open read write }; -allow ims ims_socket:sock_file { open read write }; -allow ims property_socket:sock_file write; -allow ims servicemanager:binder call; +# Talk to qmuxd +qmux_socket(ims) + +# To make VT call binder_use(ims) + +# Bring up IMSPDM +allow ims kernel:system module_request; + +allow ims self:socket create_socket_perms; +allow ims self:capability { net_admin net_raw }; + +# Use generic netlink socket +allow ims self:netlink_socket create_socket_perms; + +# To run NDC command +allow ims shell_exec:file rx_file_perms; +allow ims system_file:file rx_file_perms; + +# IMS route installation +allow ims wcnss_service_exec:file rx_file_perms; + +# Talk to netd via netd_socket +unix_socket_connect(ims, netd, netd) + +# Talk to qumuxd via ims_socket +unix_socket_connect(ims, ims, qmuxd) + +# Talk to init via property_socket unix_socket_connect(ims, property, init) -allow ims self:socket { read bind create write ioctl }; -allow ims system_prop:property_service set; + +#Add connectionmanager service +allow ims imscm_service:service_manager add; + +# Set property to start imsdata_daemon and ims_rtp_daemon +allow ims qcom_ims_prop:property_service set; + +# permissions needed for IMS to connect and interact with WPA supplicant +allow ims wpa:unix_dgram_socket sendto; +allow ims wpa_exec:file rx_file_perms; +allow ims wpa_socket:dir w_dir_perms; +allow ims wpa_socket:sock_file { write create unlink setattr }; +allow ims wifi_data_file:dir r_dir_perms; + +# permissions for communication with CNE in LBO use case +unix_socket_connect(ims, cnd, cnd) + +#Communication with voice_svc device for audio on APP +allow ims voice_device:chr_file rw_file_perms; |