25 lines
984 B
Plaintext
25 lines
984 B
Plaintext
|
type epdg_wod, domain, netdomain, mtkimsmddomain;
|
||
|
|
type epdg_wod_exec, exec_type, file_type, vendor_file_type;
|
||
|
|
|
||
|
|
init_daemon_domain(epdg_wod)
|
||
|
|
|
||
|
|
allow epdg_wod self:tun_socket { create relabelfrom relabelto };
|
||
|
|
allow epdg_wod self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
|
||
|
|
allow epdg_wod self:netlink_xfrm_socket { read write create getattr bind setopt nlmsg_write };
|
||
|
|
allow epdg_wod self:udp_socket { ioctl create };
|
||
|
|
allow epdg_wod self:rawip_socket { create getopt setopt };
|
||
|
|
allow epdg_wod self:capability { kill net_admin net_raw };
|
||
|
|
|
||
|
|
allow epdg_wod tun_device:chr_file rw_file_perms;
|
||
|
|
allow epdg_wod { property_socket netd_socket }:sock_file write;
|
||
|
|
allow epdg_wod init:unix_stream_socket connectto;
|
||
|
|
|
||
|
|
allow epdg_wod kernel:process signal;
|
||
|
|
allow epdg_wod system_server:process { signull signal };
|
||
|
|
|
||
|
|
allow epdg_wod device:dir { write add_name };
|
||
|
|
allow epdg_wod device:lnk_file create;
|
||
|
|
|
||
|
|
set_prop(epdg_wod, mtk_wod_prop)
|
||
|
|
set_prop(epdg_wod, persist_wod_prop)
|