8612e80d18
system_server creates an ICMPv6 socket and send it to ot_daemon via ParcelFileDescriptor. ot_daemon will use that socket to send/receive ICMPv6 messages. Here's how the socket is created in System Server: int sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6); Bug: 294486086 Security consultation bug: 296809188 Test: Verified on a cuttlefish Change-Id: I9d479c9da01187a0e476591f447f7199ecb3a409
31 lines
1.1 KiB
Text
31 lines
1.1 KiB
Text
#
|
|
# ot_daemon is the native Thread network stack on the host (Android) side.
|
|
# Refer to https://www.threadgroup.org for Thread network knowledge.
|
|
#
|
|
|
|
# ot_daemon
|
|
type ot_daemon, domain, coredomain;
|
|
type ot_daemon_exec, exec_type, file_type, system_file_type;
|
|
|
|
# Allow init ot_daemon
|
|
init_daemon_domain(ot_daemon)
|
|
# Allow the ot_daemon to use the net domain.
|
|
net_domain(ot_daemon)
|
|
|
|
# Allow the ot_daemon to access the folder "/data/misc/threadnetwork".
|
|
allow ot_daemon threadnetwork_data_file:dir rw_dir_perms;
|
|
allow ot_daemon threadnetwork_data_file:file create_file_perms;
|
|
allow ot_daemon threadnetwork_data_file:sock_file {create unlink};
|
|
|
|
# Allow OT daemon to read/write the Thread tunnel interface
|
|
allow ot_daemon tun_device:chr_file {read write};
|
|
|
|
# Allow OT daemon to read/write on the socket created by System Server
|
|
allow ot_daemon system_server:rawip_socket rw_socket_perms_no_ioctl;
|
|
|
|
hal_client_domain(ot_daemon, hal_threadnetwork)
|
|
|
|
# Only ot_daemon can publish the binder service
|
|
binder_use(ot_daemon)
|
|
add_service(ot_daemon, ot_daemon_service)
|
|
binder_call(ot_daemon, system_server)
|