1# Policy for /system/bin/netmgrd 2type netmgrd, domain; 3type netmgrd_exec, exec_type, file_type; 4 5init_daemon_domain(netmgrd) 6net_domain(netmgrd) 7 8# Grant access to Qualcomm MSM Interface (QMI) radio sockets 9qmux_socket(netmgrd) 10 11wakelock_use(netmgrd) 12 13# create socket in /dev/socket/netmgrd/ 14allow netmgrd netmgrd_socket:dir rw_dir_perms; 15allow netmgrd netmgrd_socket:sock_file create_file_perms; 16 17# communicate with netd 18unix_socket_connect(netmgrd, netd, netd) 19 20allow netmgrd proc_net:file rw_file_perms; 21 22allow netmgrd self:capability { net_admin net_raw setgid setpcap setuid }; 23 24# read /data/misc/net 25allow netmgrd net_data_file:dir r_dir_perms; 26allow netmgrd net_data_file:file r_file_perms; 27 28# execute shell, ip, and toolbox 29allow netmgrd shell_exec:file rx_file_perms; 30allow netmgrd system_file:file rx_file_perms; 31allow netmgrd toolbox_exec:file rx_file_perms; 32 33# netmgrd sockets 34allow netmgrd self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write }; 35allow netmgrd self:netlink_socket create_socket_perms; 36allow netmgrd self:netlink_xfrm_socket { create_socket_perms nlmsg_read nlmsg_write }; 37allow netmgrd self:rawip_socket create_socket_perms; 38allow netmgrd self:socket create_socket_perms; 39# in addition to ioctl commands granted to domain allow netmgrd to use: 40allowxperm netmgrd self:udp_socket ioctl { priv_sock_ioctls SIOCKILLADDR }; 41allowxperm netmgrd self:socket ioctl msm_sock_ipc_ioctls; 42 43set_prop(netmgrd, net_radio_prop) 44 45# read files in /sys 46r_dir_file(netmgrd, sysfs_type) 47allow netmgrd sysfs_net:file write; 48 49userdebug_or_eng(` 50 allow netmgrd diag_device:chr_file rw_file_perms; 51') 52