1type auto_ethernet_setup, domain; 2typeattribute auto_ethernet_setup coredomain; 3type auto_ethernet_setup_exec, exec_type, system_file_type, file_type; 4 5init_daemon_domain(auto_ethernet_setup) 6 7# Required for `#!/system/bin/sh` 8allow auto_ethernet_setup shell_exec:file rx_file_perms; 9 10# Required for `getprop` 11allow auto_ethernet_setup toolbox_exec:file { execute execute_no_trans getattr map open read }; 12get_prop(auto_ethernet_setup, auto_eth_guest_addr_prop) 13 14# Required for logging to /dev/kmsg 15allow auto_ethernet_setup kmsg_device:chr_file w_file_perms; 16 17# Required for `ifconfig eth1 $IP` 18allow auto_ethernet_setup self:capability { net_admin sys_module }; 19allow auto_ethernet_setup self:udp_socket create; 20# Allow the application to do ioctl() syscalls on the udp_socket. 21allow auto_ethernet_setup self:udp_socket ioctl; 22# Allow the application to do privileged ioctls on the udp_socket, such as `SIOCSIFADDR`, which is 23# for setting an IP address of an interface. 24# WARNING: `allowxperm` alone will not grant the access: it must be used in combination with 25# `allow`. See `allow auto_ethernet_setup self:udp_socket ioctl` above. 26allowxperm auto_ethernet_setup self:udp_socket ioctl priv_sock_ioctls; 27 28# Required for executing `ip`. 29allow auto_ethernet_setup system_file:file execute_no_trans; 30 31# Required for `ip route` operations. 32allow auto_ethernet_setup self:netlink_route_socket { bind create getattr nlmsg_write read setopt write }; 33 34# Required for `ip netns` and move ethernet interface into a particular network namespace operations. 35allow auto_ethernet_setup self:netlink_route_socket nlmsg_read; 36allow auto_ethernet_setup tmpfs:dir { add_name create mounton write }; 37allow auto_ethernet_setup tmpfs:file { create mounton open read }; 38allow auto_ethernet_setup nsfs:file { open read }; 39allow auto_ethernet_setup proc_filesystems:file { getattr open read }; 40allow auto_ethernet_setup self:capability sys_admin;