1type cnd, domain; 2type cnd_exec, exec_type, file_type; 3 4# cnd creates /dev/socket/nims 5file_type_auto_trans(cnd, socket_device, cnd_socket); 6allow cnd socket_device:dir remove_name; 7 8init_daemon_domain(cnd) 9net_domain(cnd) 10wakelock_use(cnd) 11 12# do not grant net_raw, net_admin, or dac_override 13allow cnd self:capability { chown fsetid setgid setuid net_bind_service}; 14 15# Grant access to Qualcomm MSM Interface (QMI) radio sockets 16qmux_socket(cnd) 17 18set_prop(cnd, system_prop) 19 20allow cnd proc_meminfo:file r_file_perms; 21allow cnd self:netlink_tcpdiag_socket create_socket_perms; 22allow cnd self:socket create_socket_perms; 23allowxperm cnd self:socket ioctl msm_sock_ipc_ioctls; 24 25r_dir_file(cnd, sysfs_type) 26 27userdebug_or_eng(` 28 allow cnd diag_device:chr_file rw_file_perms; 29') 30 31# use for mobile hostspot 32allow cnd shell_exec:file rx_file_perms; 33allow cnd system_file:file rx_file_perms; 34