platform_system_sepolicy/private/ot_daemon.te

#
# ot_daemon is the native Thread network stack on the host (Android) side.
# Refer to https://www.threadgroup.org for Thread network knowledge.
#

# ot_daemon
type ot_daemon, domain, coredomain;
type ot_daemon_exec, exec_type, file_type, system_file_type;

# Allow init ot_daemon
init_daemon_domain(ot_daemon)
# Allow the ot_daemon to use the net domain.
net_domain(ot_daemon)

# Allow the ot_daemon to access the folder "/data/misc/threadnetwork".
allow ot_daemon threadnetwork_data_file:dir rw_dir_perms;
allow ot_daemon threadnetwork_data_file:file create_file_perms;
allow ot_daemon threadnetwork_data_file:sock_file {create unlink};

hal_client_domain(ot_daemon, hal_threadnetwork)
add sepolicy rules for Thread network bug: 257371610 (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0fd52fd521b8167b0ec8836dac3765a16fd6863b) Merged-In: I2c90639f4baecb010230b3aa60f2f09c0ddd9e4f Change-Id: I2c90639f4baecb010230b3aa60f2f09c0ddd9e4f 2023-06-02 05:36:01 +02:00			`#`
			`# ot_daemon is the native Thread network stack on the host (Android) side.`
			`# Refer to https://www.threadgroup.org for Thread network knowledge.`
			`#`

			`# ot_daemon`
			`type ot_daemon, domain, coredomain;`
			`type ot_daemon_exec, exec_type, file_type, system_file_type;`

			`# Allow init ot_daemon`
			`init_daemon_domain(ot_daemon)`
			`# Allow the ot_daemon to use the net domain.`
			`net_domain(ot_daemon)`

			`# Allow the ot_daemon to access the folder "/data/misc/threadnetwork".`
			`allow ot_daemon threadnetwork_data_file:dir rw_dir_perms;`
			`allow ot_daemon threadnetwork_data_file:file create_file_perms;`
			`allow ot_daemon threadnetwork_data_file:sock_file {create unlink};`

Add sepolicy rules for Thread Network HAL Bug: b/283905423 Test: Build and run the Thread Network stack in Cuttlefish. Change-Id: I783022c66b80274069f8f3c292d84918f41f8221 2023-06-14 07:26:15 +02:00			`hal_client_domain(ot_daemon, hal_threadnetwork)`