5c6a227ebb
Copy the final system sepolicy from oc-dev to its prebuilt dir corresponding to its version (26.0) so that we can uprev policy and start maintaining compatibility files, as well as use it for CTS tests targeting future platforms. Bug: 37896931 Test: none, this just copies the old policy. Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
23 lines
669 B
Text
23 lines
669 B
Text
# Point to Point Protocol daemon
|
|
type ppp, domain;
|
|
type ppp_device, dev_type;
|
|
type ppp_exec, exec_type, file_type;
|
|
|
|
net_domain(ppp)
|
|
|
|
r_dir_file(ppp, proc_net)
|
|
|
|
allow ppp mtp:socket rw_socket_perms;
|
|
|
|
# ioctls needed for VPN.
|
|
allowxperm ppp self:udp_socket ioctl priv_sock_ioctls;
|
|
allowxperm ppp mtp:socket ioctl ppp_ioctls;
|
|
|
|
allow ppp mtp:unix_dgram_socket rw_socket_perms;
|
|
allow ppp ppp_device:chr_file rw_file_perms;
|
|
allow ppp self:capability net_admin;
|
|
allow ppp system_file:file rx_file_perms;
|
|
not_full_treble(`allow ppp vendor_file:file rx_file_perms;')
|
|
allow ppp vpn_data_file:dir w_dir_perms;
|
|
allow ppp vpn_data_file:file create_file_perms;
|
|
allow ppp mtp:fd use;
|