4cb4eee99e
As public defination of netd_scoket is removed removing all the references to this. Change-Id: I752d1d546d5d6e76dc4e43fc3d4a90b0aca077c8
55 lines
2.5 KiB
Text
55 lines
2.5 KiB
Text
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without
|
|
# modification, are permitted provided that the following conditions are
|
|
# met:
|
|
# * Redistributions of source code must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
# * Redistributions in binary form must reproduce the above
|
|
# copyright notice, this list of conditions and the following
|
|
# disclaimer in the documentation and/or other materials provided
|
|
# with the distribution.
|
|
# * Neither the name of The Linux Foundation nor the names of its
|
|
# contributors may be used to endorse or promote products derived
|
|
# from this software without specific prior written permission.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
|
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
|
|
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
|
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
|
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
#Policies for IPv6 tethering
|
|
allow netd netd:capability { setgid setuid };
|
|
dontaudit netd self:capability sys_module;
|
|
binder_use(netd);
|
|
allow netd qtitetherservice_service:service_manager find;
|
|
|
|
allow netd netd:packet_socket create_socket_perms_no_ioctl;
|
|
|
|
allow netd wfdservice:fd use;
|
|
#allow netd wfdservice:tcp_socket rw_socket_perms;
|
|
hal_client_domain(netd, wifidisplayhalservice);
|
|
|
|
#allow netd to use privileged sock ioctls
|
|
allowxperm netd self: { unix_stream_socket } ioctl priv_sock_ioctls;
|
|
|
|
allow netd self:capability fsetid;
|
|
#allow netd hostapd:unix_dgram_socket sendto;
|
|
|
|
# Allow netd to chmod dir /data/misc/dhcp
|
|
allow netd dhcp_data_file:dir create_dir_perms;
|
|
|
|
type_transition netd wifi_data_file:dir wpa_socket "sockets";
|
|
#allow netd wpa_socket:sock_file create_file_perms;
|
|
|
|
# If an already existing file is opened with O_CREAT,
|
|
# the kernel might generate a false report of a create
|
|
# denial. Silence these denials
|
|
dontaudit netd system_file:dir write;
|