1# wificond 2type wificond, domain; 3type wificond_exec, exec_type, file_type; 4 5binder_use(wificond) 6binder_call(wificond, system_server) 7 8add_service(wificond, wificond_service) 9 10set_prop(wificond, wifi_prop) 11set_prop(wificond, ctl_default_prop) 12 13# create sockets to set interfaces up and down 14allow wificond self:udp_socket create_socket_perms; 15# setting interface state up/down is a privileged ioctl 16allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS }; 17allow wificond self:capability { net_admin net_raw }; 18# allow wificond to speak to nl80211 in the kernel 19allow wificond self:netlink_socket create_socket_perms_no_ioctl; 20# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets 21allow wificond self:netlink_generic_socket create_socket_perms_no_ioctl; 22 23r_dir_file(wificond, proc_net) 24 25# wificond writes out configuration files for wpa_supplicant/hostapd. 26# wificond also reads pid files out of this directory 27allow wificond wifi_data_file:dir rw_dir_perms; 28allow wificond wifi_data_file:file create_file_perms; 29 30# allow wificond to check permission for dumping logs 31allow wificond permission_service:service_manager find; 32 33# dumpstate support 34allow wificond dumpstate:fd use; 35allow wificond dumpstate:fifo_file write; 36