type ipsec_mon_exec , exec_type, file_type, vendor_file_type;
type ipsec_mon, domain;

domain_auto_trans(init,ipsec_mon_exec,ipsec_mon)

allow ipsec_mon self:netlink_xfrm_socket { write bind create read nlmsg_read nlmsg_write};
allow ipsec_mon ims_ipsec_data_file:dir { write add_name search };
allow ipsec_mon ims_ipsec_data_file:file { setattr read create getattr write ioctl open append };
allow ipsec_mon init:unix_stream_socket connectto;
allow ipsec_mon self:key_socket { write read create setopt };

allow ipsec_mon self:capability { net_admin net_raw };
allow ipsec_mon self:udp_socket { create ioctl };
allow ipsec_mon self:netlink_route_socket { write read create nlmsg_read bind connect nlmsg_write};
allowxperm ipsec_mon self:udp_socket ioctl { SIOCDEVPRIVATE_2 };
allow ipsec_mon devpts:chr_file { open read write };
allow ipsec_mon proc_net:file { open write };

set_prop(ipsec_mon, mtk_network_prop)

allowxperm ipsec_mon self:udp_socket ioctl SIOCDEVPRIVATE;
dontaudit ipsec_mon kernel:system  module_request;