• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Policy for /system/bin/cnss-daemon
2type cnss-daemon, domain;
3type cnss-daemon_exec, exec_type, file_type;
4
5# STOPSHIP b/28340421
6# Temporarily grant this permission and log its use.
7allow cnss-daemon self:capability {
8    net_admin
9    net_bind_service
10};
11auditallow cnss-daemon self:capability net_admin;
12
13init_daemon_domain(cnss-daemon)
14
15allow cnss-daemon self:capability { setgid setuid };
16
17# whitelist socket ioctl commands
18allow cnss-daemon self:netlink_socket create_socket_perms;
19allow cnss-daemon self:socket create_socket_perms;
20allowxperm cnss-daemon self:socket ioctl msm_sock_ipc_ioctls;
21
22allow cnss-daemon proc_net:file rw_file_perms;
23allow cnss-daemon sysfs_wifi:file write;
24allow cnss-daemon sysfs_pcie:file write;
25allow cnss-daemon sysfs_msm_core:file write;
26r_dir_file(cnss-daemon, sysfs_type)
27
28# access to /dev/diag on debug builds
29userdebug_or_eng(`
30  allow cnss-daemon diag_device:chr_file rw_file_perms;
31')
32