39 lines
1.1 KiB
Plaintext
39 lines
1.1 KiB
Plaintext
# General definitions
|
|
type ipacm, domain;
|
|
type ipacm-diag, domain;
|
|
type ipacm_exec, exec_type, vendor_file_type, file_type;
|
|
type ipacm-diag_exec, exec_type, vendor_file_type, file_type;
|
|
init_daemon_domain(ipacm)
|
|
init_daemon_domain(ipacm-diag)
|
|
|
|
# associate netdomain to use for accessing internet sockets
|
|
net_domain(ipacm)
|
|
|
|
userdebug_or_eng(`
|
|
# Allow using the logging file between ipacm and ipacm-diag
|
|
unix_socket_send(ipacm, ipacm, ipacm-diag)
|
|
diag_use(ipacm-diag)
|
|
')
|
|
|
|
# Allow operations with /dev/ipa, /dev/wwan_ioctl and /dev/ipaNatTable
|
|
allow ipacm ipa_dev:chr_file rw_file_perms;
|
|
|
|
# Allow receiving NETLINK messages
|
|
allow ipacm ipacm:{
|
|
netlink_route_socket
|
|
netlink_socket
|
|
# Allow querying the network stack via IOCTLs
|
|
udp_socket
|
|
netlink_generic_socket
|
|
} create_socket_perms_no_ioctl;
|
|
|
|
# Allow creating and modifying the PID file
|
|
allow ipacm ipacm_data_file:dir w_dir_perms;
|
|
allow ipacm ipacm_data_file:file create_file_perms;
|
|
|
|
# To register ipacm to hwbinder
|
|
add_hwservice(ipacm, hal_ipacm_hwservice)
|
|
hwbinder_use(ipacm)
|
|
get_prop(ipacm, hwservicemanager_prop)
|
|
binder_call(ipacm, system_server)
|