1## Network types 2type node, node_type; 3type netif, netif_type; 4type port, port_type; 5 6### 7### Domain with network access 8### 9 10# Use network sockets. 11allow netdomain self:tcp_socket create_stream_socket_perms; 12allow netdomain self:{ icmp_socket udp_socket rawip_socket } create_socket_perms; 13 14# Connect to ports. 15allow netdomain port_type:tcp_socket name_connect; 16# Bind to ports. 17allow {netdomain -ephemeral_app} node_type:{ icmp_socket rawip_socket tcp_socket udp_socket } node_bind; 18allow {netdomain -ephemeral_app} port_type:udp_socket name_bind; 19allow {netdomain -ephemeral_app} port_type:tcp_socket name_bind; 20# See changes to the routing table. 21allow netdomain self:netlink_route_socket { create read getattr write setattr lock append bind connect getopt setopt shutdown nlmsg_read }; 22 23# Talks to netd via dnsproxyd socket. 24unix_socket_connect(netdomain, dnsproxyd, netd) 25 26# Talks to netd via fwmarkd socket. 27unix_socket_connect(netdomain, fwmarkd, netd) 28 29# Connect to mdnsd via mdnsd socket. 30unix_socket_connect(netdomain, mdnsd, mdnsd) 31