1type netmgrd, domain; 2type netmgrd_exec, exec_type, vendor_file_type, file_type; 3init_daemon_domain(netmgrd) 4net_domain(netmgrd) 5 6userdebug_or_eng(` 7 allow netmgrd diag_device:chr_file rw_file_perms; 8 #Allow diag logging 9 allow netmgrd sysfs_timestamp_switch:file r_file_perms; 10 r_dir_file(netmgrd, sysfs_diag) 11') 12 13#Allow netmgrd operations 14allow netmgrd netmgrd:capability { 15 net_raw 16 net_admin 17 setgid 18 setuid 19 setpcap 20}; 21 22#Allow set persist.vendor.data.shs_ko_load 23#Allow set persist.vendor.data.shsusr_load 24#Allow set persist.vendor.data.perf_ko_load 25#Allow set persist.vendor.data.qmipriod_load 26#Allow set persist.vendor.data.offload_ko_load 27set_prop(netmgrd, vendor_radio_prop); 28 29#Allow netmgrd to use wakelock 30wakelock_use(netmgrd) 31 32r_dir_file(netmgrd, sysfs_ssr); 33 34#Allow operations on different types of sockets 35allow netmgrd self:netlink_route_socket nlmsg_write; 36allow netmgrd self:netlink_socket create_socket_perms_no_ioctl; 37allow netmgrd self:netlink_xfrm_socket create_socket_perms_no_ioctl; 38allow netmgrd self:netlink_generic_socket create_socket_perms_no_ioctl; 39allow netmgrd self:qipcrtr_socket create_socket_perms_no_ioctl; 40 41#Allow writing of ipv6 network properties 42allow netmgrd proc_net:file rw_file_perms; 43 44#Allow netmgrd to create netmgrd socket 45allow netmgrd netmgrd_socket:dir create_dir_perms; 46allow netmgrd netmgrd_socket:sock_file create_file_perms; 47 48allowxperm netmgrd self:udp_socket ioctl priv_sock_ioctls; 49#Allow netmgrd to use netd HAL via HIDL 50allow netmgrd system_net_netd_hwservice:hwservice_manager find; 51get_prop(netmgrd, hwservicemanager_prop) 52hwbinder_use(netmgrd) 53binder_call(netmgrd, netd) 54 55allow netmgrd sysfs_net:dir r_dir_perms; 56allow netmgrd sysfs_net:file rw_file_perms; 57allow netmgrd sysfs_soc:dir search; 58allow netmgrd sysfs_soc:file r_file_perms; 59allow netmgrd sysfs_msm_subsys:dir r_dir_perms; 60allow netmgrd sysfs_msm_subsys:file r_file_perms; 61 62# Allow netmgrd logging mechanism 63allow netmgrd netmgrd_data_file:dir rw_dir_perms; 64allow netmgrd netmgrd_data_file:file create_file_perms; 65 66#Ignore if device loading for private IOCTL failed 67dontaudit netmgrd kernel:system module_request; 68