platform_system_sepolicy/vendor/ot_rcp.te
Yakun Xu c5f8e959d3 Thread: allow ot-rcp to bind a specific netif
This commit adds necessary permissions for ot-rcp to bind
to a network interface specified by its address or name.

Test: presubmit
Bug: 329188649
Change-Id: I6731df79c04eeeb2c39017b99b9c2acf315256e2
2024-05-09 17:05:04 +08:00

19 lines
832 B
Text

#
# ot_rcp is the simulated Thread Radio Coprocessor device which is used by
# Thread Network HAL for simulating the Thread radio chip.
#
type ot_rcp, domain;
type ot_rcp_exec, exec_type, vendor_file_type, file_type;
userdebug_or_eng(`
domain_auto_trans(hal_threadnetwork_default, ot_rcp_exec, ot_rcp)
allow hal_threadnetwork_default devpts:chr_file {open read write ioctl};
allow hal_threadnetwork_default ot_rcp:process signal;
allow ot_rcp hal_threadnetwork_default:fd use;
allow ot_rcp hal_threadnetwork_default:fifo_file rw_file_perms;
allow ot_rcp devpts:chr_file {read write ioctl};
allow ot_rcp self:udp_socket { bind create ioctl read setopt write };
allow ot_rcp node:udp_socket node_bind;
allow ot_rcp port:udp_socket name_bind;
allow ot_rcp self:netlink_route_socket { nlmsg_read nlmsg_readpriv create read write };
')