| /system/sepolicy/prebuilts/api/28.0/public/ |
| D | netd.te | 2 type netd, domain, mlstrustedsubject;
5 net_domain(netd)
6 # in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
7 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
9 r_dir_file(netd, cgroup)
11 allow netd system_server:fd use;
13 allow netd self:global_capability_class_set { net_admin net_raw kill };
19 # for netd to operate.
20 dontaudit netd self:global_capability_class_set fsetid;
22 allow netd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
[all …]
|
| D | dnsmasq.te | 16 # Inherit and use open files from netd.
17 allow dnsmasq netd:fd use;
18 allow dnsmasq netd:fifo_file { read write };
20 allow dnsmasq netd:netlink_kobject_uevent_socket { read write };
21 allow dnsmasq netd:netlink_nflog_socket { read write };
22 allow dnsmasq netd:netlink_route_socket { read write };
23 allow dnsmasq netd:unix_stream_socket { read write };
24 allow dnsmasq netd:unix_dgram_socket { read write };
25 allow dnsmasq netd:udp_socket { read write };
|
| D | clatd.te | 9 # Access objects inherited from netd.
10 allow clatd netd:fd use;
11 allow clatd netd:fifo_file { read write };
13 allow clatd netd:netlink_kobject_uevent_socket { read write };
14 allow clatd netd:netlink_nflog_socket { read write };
15 allow clatd netd:netlink_route_socket { read write };
16 allow clatd netd:udp_socket { read write };
17 allow clatd netd:unix_stream_socket { read write };
18 allow clatd netd:unix_dgram_socket { read write };
|
| /system/sepolicy/prebuilts/api/30.0/public/ |
| D | netd.te | 2 type netd, domain, mlstrustedsubject;
5 net_domain(netd)
6 # in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
7 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
9 r_dir_file(netd, cgroup)
11 allow netd system_server:fd use;
13 allow netd self:global_capability_class_set { net_admin net_raw kill };
19 # for netd to operate.
20 dontaudit netd self:global_capability_class_set fsetid;
22 # Allow netd to open /dev/tun, set it up and pass it to clatd
[all …]
|
| D | dnsmasq.te | 16 # Inherit and use open files from netd.
17 allow dnsmasq netd:fd use;
18 allow dnsmasq netd:fifo_file { getattr read write };
20 allow dnsmasq netd:netlink_kobject_uevent_socket { read write };
21 allow dnsmasq netd:netlink_nflog_socket { read write };
22 allow dnsmasq netd:netlink_route_socket { read write };
23 allow dnsmasq netd:unix_stream_socket { getattr read write };
24 allow dnsmasq netd:unix_dgram_socket { read write };
25 allow dnsmasq netd:udp_socket { read write };
|
| /system/sepolicy/prebuilts/api/31.0/public/ |
| D | netd.te | 2 type netd, domain, mlstrustedsubject;
5 net_domain(netd)
6 # in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
7 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
9 r_dir_file(netd, cgroup)
11 allow netd system_server:fd use;
13 allow netd self:global_capability_class_set { net_admin net_raw kill };
19 # for netd to operate.
20 dontaudit netd self:global_capability_class_set fsetid;
22 # Allow netd to open /dev/tun, set it up and pass it to clatd
[all …]
|
| D | dnsmasq.te | 16 # Inherit and use open files from netd.
17 allow dnsmasq netd:fd use;
18 allow dnsmasq netd:fifo_file { getattr read write };
20 allow dnsmasq netd:netlink_kobject_uevent_socket { read write };
21 allow dnsmasq netd:netlink_nflog_socket { read write };
22 allow dnsmasq netd:netlink_route_socket { read write };
23 allow dnsmasq netd:unix_stream_socket { getattr read write };
24 allow dnsmasq netd:unix_dgram_socket { read write };
25 allow dnsmasq netd:udp_socket { read write };
|
| /system/sepolicy/public/ |
| D | netd.te | 2 type netd, domain, mlstrustedsubject;
5 net_domain(netd)
6 # in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
7 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
9 r_dir_file(netd, cgroup)
11 allow netd system_server:fd use;
13 allow netd self:global_capability_class_set { net_admin net_raw kill };
19 # for netd to operate.
20 dontaudit netd self:global_capability_class_set fsetid;
22 # Allow netd to open /dev/tun, set it up and pass it to clatd
[all …]
|
| D | dnsmasq.te | 16 # Inherit and use open files from netd.
17 allow dnsmasq netd:fd use;
18 allow dnsmasq netd:fifo_file { getattr read write };
20 allow dnsmasq netd:netlink_kobject_uevent_socket { read write };
21 allow dnsmasq netd:netlink_nflog_socket { read write };
22 allow dnsmasq netd:netlink_route_socket { read write };
23 allow dnsmasq netd:unix_stream_socket { getattr read write };
24 allow dnsmasq netd:unix_dgram_socket { read write };
25 allow dnsmasq netd:udp_socket { read write };
|
| /system/sepolicy/prebuilts/api/27.0/public/ |
| D | netd.te | 2 type netd, domain, mlstrustedsubject;
5 net_domain(netd)
6 # in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
7 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
9 r_dir_file(netd, cgroup)
10 allow netd system_server:fd use;
12 allow netd self:capability { net_admin net_raw kill };
18 # for netd to operate.
19 dontaudit netd self:capability fsetid;
21 allow netd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
[all …]
|
| D | dnsmasq.te | 16 # Inherit and use open files from netd.
17 allow dnsmasq netd:fd use;
18 allow dnsmasq netd:fifo_file { read write };
20 allow dnsmasq netd:netlink_kobject_uevent_socket { read write };
21 allow dnsmasq netd:netlink_nflog_socket { read write };
22 allow dnsmasq netd:netlink_route_socket { read write };
23 allow dnsmasq netd:unix_stream_socket { read write };
24 allow dnsmasq netd:unix_dgram_socket { read write };
25 allow dnsmasq netd:udp_socket { read write };
|
| /system/sepolicy/prebuilts/api/29.0/public/ |
| D | netd.te | 2 type netd, domain, mlstrustedsubject;
5 net_domain(netd)
6 # in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
7 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
9 r_dir_file(netd, cgroup)
11 allow netd system_server:fd use;
13 allow netd self:global_capability_class_set { net_admin net_raw kill };
19 # for netd to operate.
20 dontaudit netd self:global_capability_class_set fsetid;
22 # Allow netd to open /dev/tun, set it up and pass it to clatd
[all …]
|
| D | dnsmasq.te | 16 # Inherit and use open files from netd.
17 allow dnsmasq netd:fd use;
18 allow dnsmasq netd:fifo_file { getattr read write };
20 allow dnsmasq netd:netlink_kobject_uevent_socket { read write };
21 allow dnsmasq netd:netlink_nflog_socket { read write };
22 allow dnsmasq netd:netlink_route_socket { read write };
23 allow dnsmasq netd:unix_stream_socket { getattr read write };
24 allow dnsmasq netd:unix_dgram_socket { read write };
25 allow dnsmasq netd:udp_socket { read write };
|
| /system/sepolicy/prebuilts/api/26.0/public/ |
| D | netd.te | 2 type netd, domain, mlstrustedsubject;
5 net_domain(netd)
6 # in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
7 allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
9 r_dir_file(netd, cgroup)
10 allow netd system_server:fd use;
12 allow netd self:capability { net_admin net_raw kill };
18 # for netd to operate.
19 dontaudit netd self:capability fsetid;
21 allow netd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
[all …]
|
| D | dnsmasq.te | 16 # Inherit and use open files from netd.
17 allow dnsmasq netd:fd use;
18 allow dnsmasq netd:fifo_file { read write };
20 allow dnsmasq netd:netlink_kobject_uevent_socket { read write };
21 allow dnsmasq netd:netlink_nflog_socket { read write };
22 allow dnsmasq netd:netlink_route_socket { read write };
23 allow dnsmasq netd:unix_stream_socket { read write };
24 allow dnsmasq netd:unix_dgram_socket { read write };
25 allow dnsmasq netd:udp_socket { read write };
|
| D | clatd.te | 9 # Access objects inherited from netd.
10 allow clatd netd:fd use;
11 allow clatd netd:fifo_file { read write };
13 allow clatd netd:netlink_kobject_uevent_socket { read write };
14 allow clatd netd:netlink_nflog_socket { read write };
15 allow clatd netd:netlink_route_socket { read write };
16 allow clatd netd:udp_socket { read write };
17 allow clatd netd:unix_stream_socket { read write };
18 allow clatd netd:unix_dgram_socket { read write };
|
| /system/sepolicy/prebuilts/api/31.0/private/ |
| D | netd.te | 1 typeattribute netd coredomain;
3 init_daemon_domain(netd)
5 # Allow netd to spawn dnsmasq in it's own domain
6 domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
8 # Allow netd to start clatd in its own domain and kill it
9 domain_auto_trans(netd, clatd_exec, clatd)
10 allow netd clatd:process signal;
12 # give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
14 allow netd bpfloader:bpf { prog_run map_read map_write };
18 allow netd self:key_socket create;
[all …]
|
| /system/sepolicy/private/ |
| D | netd.te | 1 typeattribute netd coredomain;
3 init_daemon_domain(netd)
5 # Allow netd to spawn dnsmasq in it's own domain
6 domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
8 # Allow netd to start clatd in its own domain and kill it
9 domain_auto_trans(netd, clatd_exec, clatd)
10 allow netd clatd:process signal;
12 # give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
14 allow netd bpfloader:bpf { prog_run map_read map_write };
18 allow netd self:key_socket create;
[all …]
|
| /system/sepolicy/prebuilts/api/30.0/private/ |
| D | netd.te | 1 typeattribute netd coredomain;
3 init_daemon_domain(netd)
5 # Allow netd to spawn dnsmasq in it's own domain
6 domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
8 # Allow netd to start clatd in its own domain and kill it
9 domain_auto_trans(netd, clatd_exec, clatd)
10 allow netd clatd:process signal;
12 # give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
14 allow netd bpfloader:bpf { prog_run map_read map_write };
18 allow netd self:key_socket create;
[all …]
|
| /system/sepolicy/prebuilts/api/29.0/private/ |
| D | netd.te | 1 typeattribute netd coredomain;
3 init_daemon_domain(netd)
5 # Allow netd to spawn dnsmasq in it's own domain
6 domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
8 # Allow netd to start clatd in its own domain
9 domain_auto_trans(netd, clatd_exec, clatd)
11 # give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
13 allow netd bpfloader:bpf { prog_run map_read map_write };
17 allow netd self:key_socket create;
19 get_prop(netd, bpf_progs_loaded_prop)
[all …]
|
| /system/sepolicy/prebuilts/api/28.0/private/ |
| D | netd.te | 1 typeattribute netd coredomain;
3 init_daemon_domain(netd)
5 # Allow netd to spawn dnsmasq in it's own domain
6 domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
8 # Allow netd to start clatd in its own domain
9 domain_auto_trans(netd, clatd_exec, clatd)
11 # Allow netd to start bpfloader_exec in its own domain
12 domain_auto_trans(netd, bpfloader_exec, bpfloader)
14 # give netd permission to setup iptables rule with xt_bpf
15 allow netd bpfloader:bpf prog_run;
|
| D | bpfloader.te | 11 # These permission is required for pin bpf program for netd.
16 allow bpfloader netd:fd use;
18 # Use pinned bpf map files from netd.
19 allow bpfloader netd:bpf { map_read map_write };
24 neverallow { domain -bpfloader -netd -netutils_wrapper} *:bpf prog_run;
25 neverallow { domain -netd -bpfloader } bpfloader_exec:file { execute execute_no_trans };
27 # only system_server, netd and bpfloader can read/write the bpf maps
28 neverallow { domain -system_server -netd -bpfloader} netd:bpf { map_read map_write };
|
| /system/sepolicy/prebuilts/api/26.0/private/ |
| D | netd.te | 1 typeattribute netd coredomain;
2 typeattribute netd domain_deprecated;
4 init_daemon_domain(netd)
6 # Allow netd to spawn dnsmasq in it's own domain
7 domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
9 # Allow netd to start clatd in its own domain
10 domain_auto_trans(netd, clatd_exec, clatd)
|
| /system/sepolicy/prebuilts/api/27.0/private/ |
| D | netd.te | 1 typeattribute netd coredomain;
2 typeattribute netd domain_deprecated;
4 init_daemon_domain(netd)
6 # Allow netd to spawn dnsmasq in it's own domain
7 domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
9 # Allow netd to start clatd in its own domain
10 domain_auto_trans(netd, clatd_exec, clatd)
|
| /system/netd/ |
| D | TEST_MAPPING | 11 "keywords": ["netd-device-kernel-4.9", "netd-device-kernel-4.14"]},
13 "keywords": ["netd-device-kernel-4.9", "netd-device-kernel-4.14"]},
15 "keywords": ["netd-device-kernel-4.9", "netd-device-kernel-4.14"]}
|