tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/prebuilts/api/26.0/public/racoon.te
Dan Cashman 5c6a227ebb Commit oc-dev sepolicy to prebuilts. 
Copy the final system sepolicy from oc-dev to its prebuilt dir
corresponding to its version (26.0) so that we can uprev policy and
start maintaining compatibility files, as well as use it for CTS
tests targeting future platforms.

Bug: 37896931
Test: none, this just copies the old policy.
Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
2017-06-06 10:27:37 -07:00

33 lines
1,007 B
Text
Raw Blame History

# IKE key management daemon
type racoon, domain;
type racoon_exec, exec_type, file_type;
typeattribute racoon mlstrustedsubject;
net_domain(racoon)
allowxperm racoon self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR SIOCSIFNETMASK };
binder_use(racoon)
allow racoon tun_device:chr_file r_file_perms;
allow racoon cgroup:dir { add_name create };
allow racoon kernel:system module_request;
allow racoon self:key_socket create_socket_perms_no_ioctl;
allow racoon self:tun_socket create_socket_perms_no_ioctl;
allow racoon self:capability { net_admin net_bind_service net_raw };
# XXX: should we give ip-up-vpn its own label (currently racoon domain)
allow racoon system_file:file rx_file_perms;
not_full_treble(`allow racoon vendor_file:file rx_file_perms;')
allow racoon vpn_data_file:file create_file_perms;
allow racoon vpn_data_file:dir w_dir_perms;
use_keystore(racoon)
# Racoon (VPN) has a restricted set of permissions from the default.
allow racoon keystore:keystore_key {
get
sign
verify
};
Reference in a new issue View git blame Copy permalink