blob: 4b92e91b25c2331d8af50bea620af1e78d504fc1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
#dpmd as domain
type dpmd, domain, domain_deprecated, mlstrustedsubject;
type dpmd_exec, exec_type, file_type;
file_type_auto_trans(dpmd, socket_device, dpmwrapper_socket);
init_daemon_domain(dpmd)
net_domain(dpmd)
allow dpmd {
dpmd_exec
system_file
}:file x_file_perms;
#allow dpmd to access dpm_data_file
allow dpmd dpmd_data_file:file create_file_perms;
allow dpmd dpmd_data_file:dir create_dir_perms;
#allow dpmd to access qmux radio socket
qmux_socket(dpmd);
allow dpmd sysfs_wake_lock:file rw_file_perms;
#self capability
allow dpmd self:{
socket
netlink_socket
} rw_socket_perms;
allow dpmd self:capability {
setuid
setgid
dac_override
net_raw chown
fsetid
net_admin
sys_module
};
#socket, self
allow dpmd smem_log_device:chr_file rw_file_perms;
unix_socket_connect(dpmd, property, init)
wakelock_use(dpmd)
allow dpmd {
system_prop
ctl_default_prop
}:property_service set;
#misc.
allow dpmd shell_exec:file rx_file_perms;
#permission to unlink dpmwrapper socket
allow dpmd socket_device:dir remove_name;
#permission to communicate with cnd_socket for installing iptable rules
unix_socket_connect(dpmd, cnd, cnd);
#allow dpmd to create socket
allow dpmd self:socket create_socket_perms;
allow dpmd self:{ netlink_socket netlink_generic_socket } create_socket_perms;
#allow dpmd to write to /proc/net/sys
allow dpmd proc_net:file write;
#allow dpmd get appname and use inet socket.
dpmd_socket_perm(appdomain)
dpmd_socket_perm(system_server)
dpmd_socket_perm(mediaserver)
dpmd_socket_perm(mtp)
dpmd_socket_perm(wfdservice)
dpmd_socket_perm(drmserver)
dpmd_socket_perm(netd)
#explicitly allow udp socket permissions for appdomain
allow dpmd appdomain:udp_socket rw_socket_perms;
#diag
userdebug_or_eng(`
diag_use(dpmd)
')
|
