1type netmgrd, domain; 2type netmgrd_exec, exec_type, vendor_file_type, file_type; 3init_daemon_domain(netmgrd) 4 5net_domain(netmgrd) 6 7#Allow netmgrd operations 8#TODO(b/125060737): Remove netmgrd net_admin/net_raw privilege 9allow netmgrd netmgrd:capability { 10 net_raw 11 net_admin 12 setgid 13 setuid 14 setpcap 15}; 16 17#Allow netutils usage for iwlan 18domain_auto_trans(netmgrd, netutils_wrapper_exec, netutils_wrapper) 19allow netmgrd netutils_wrapper:process sigkill; 20 21#Allow operations on different types of sockets 22allow netmgrd netmgrd:netlink_route_socket nlmsg_write; 23allow netmgrd self:netlink_generic_socket create_socket_perms_no_ioctl; 24allow netmgrd self:qipcrtr_socket create_socket_perms_no_ioctl; 25 26#Allow writing of ipv6 network properties 27allow netmgrd proc_net:file rw_file_perms; 28 29#Allow nemtgrd to use esoc api's to determine target 30allow netmgrd sysfs_esoc:dir r_dir_perms; 31allow netmgrd sysfs_esoc:lnk_file r_file_perms; 32 33r_dir_file(netmgrd, sysfs_ssr); 34 35#Allow netmgrd to create netmgrd socket 36allow netmgrd netmgrd_socket:dir create_dir_perms; 37allow netmgrd netmgrd_socket:sock_file create_file_perms; 38 39#Allow netmgrd to use wakelock 40wakelock_use(netmgrd) 41 42allowxperm netmgrd self:udp_socket ioctl priv_sock_ioctls; 43 44#Allow netmgrd to use netd HAL via HIDL 45allow netmgrd system_net_netd_hwservice:hwservice_manager find; 46get_prop(netmgrd, hwservicemanager_prop) 47hwbinder_use(netmgrd) 48binder_call(netmgrd, netd) 49 50allow netmgrd sysfs_net:dir r_dir_perms; 51allow netmgrd sysfs_net:file rw_file_perms; 52 53allow netmgrd sysfs_soc:dir search; 54allow netmgrd sysfs_soc:file r_file_perms; 55 56allow netmgrd sysfs_msm_subsys:dir r_dir_perms; 57allow netmgrd sysfs_msm_subsys:file r_file_perms; 58 59#Ignore if device loading for private IOCTL failed 60dontaudit netmgrd kernel:system module_request; 61 62# Allow netmgrd logging mechanism 63allow netmgrd netmgrd_data_file:dir rw_dir_perms; 64allow netmgrd netmgrd_data_file:file create_file_perms; 65 66userdebug_or_eng(` 67 allow netmgrd diag_device:chr_file rw_file_perms; 68 #Allow diag logging 69 allow netmgrd sysfs_timestamp_switch:file r_file_perms; 70 r_dir_file(netmgrd, sysfs_diag) 71') 72allow netmgrd self:netlink_xfrm_socket create_socket_perms_no_ioctl; 73allow netmgrd self:netlink_socket create_socket_perms_no_ioctl; 74 75#Allow set persist.vendor.data.shs_ko_load 76#Allow set persist.vendor.data.shsusr_load 77#Allow set persist.vendor.data.perf_ko_load 78#Allow set persist.vendor.data.qmipriod_load 79set_prop(netmgrd, vendor_radio_prop) 80 81dontaudit netmgrd sysfs_faceauth:dir r_dir_perms; 82dontaudit netmgrd sysfs_faceauth:file r_file_perms; 83