1# Wifi manager 2type netmgr, domain; 3type netmgr_exec, exec_type, vendor_file_type, file_type; 4 5init_daemon_domain(netmgr) 6net_domain(netmgr) 7 8allow netmgr execns:fd use; 9 10# Set ctrl.restart property to restart hostapd when config changes 11set_prop(netmgr, ctl_default_prop); 12# Modify hostapd config file 13allow netmgr hostapd_data_file:file rw_file_perms; 14allow netmgr hostapd_data_file:dir rw_dir_perms; 15# Assign addresses to new interfaces as hostapd brings them up 16allow netmgr self:capability { net_raw net_admin }; 17allow netmgr self:socket { create ioctl }; 18allow netmgr self:packet_socket { ioctl getopt }; 19allow netmgr self:udp_socket { ioctl }; 20allow netmgr proc_net:file { read getattr open }; 21allowxperm netmgr self:socket ioctl { SIOCETHTOOL }; 22allowxperm netmgr self:udp_socket ioctl { SIOCSIFADDR SIOCSIFNETMASK SIOCSIFBRDADDR }; 23allowxperm netmgr self:packet_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR }; 24 25# Allow netmgr to run iptables to block and unblock network traffic 26# TODO(b/113124961): clean up this Treble violation. 27typeattribute netmgr vendor_executes_system_violators; 28allow netmgr system_file:file execute_no_trans; 29allow netmgr system_file:file lock; 30# Packet socket for wifi forwarding 31allow netmgr self:packet_socket { bind create read setopt write }; 32