NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../non_plat/ipsec_mon.te
Aayush Gupta 901eb61127 non_plat: Label ipsec_mon binary and grant required permissions 
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I0bb583b380590ef753fbdd949e92a34f505b6ce1
2020-12-31 23:28:10 +05:30

23 lines
1.0 KiB
Plaintext
Raw Permalink Blame History

type ipsec_mon_exec , exec_type, file_type, vendor_file_type;
type ipsec_mon, domain;
domain_auto_trans(init,ipsec_mon_exec,ipsec_mon)
allow ipsec_mon self:netlink_xfrm_socket { write bind create read nlmsg_read nlmsg_write};
allow ipsec_mon ims_ipsec_data_file:dir { write add_name search };
allow ipsec_mon ims_ipsec_data_file:file { setattr read create getattr write ioctl open append };
allow ipsec_mon init:unix_stream_socket connectto;
allow ipsec_mon self:key_socket { write read create setopt };
allow ipsec_mon self:capability { net_admin net_raw };
allow ipsec_mon self:udp_socket { create ioctl };
allow ipsec_mon self:netlink_route_socket { write read create nlmsg_read bind connect nlmsg_write};
allowxperm ipsec_mon self:udp_socket ioctl { SIOCDEVPRIVATE_2 };
allow ipsec_mon devpts:chr_file { open read write };
allow ipsec_mon proc_net:file { open write };
set_prop(ipsec_mon, mtk_network_prop)
allowxperm ipsec_mon self:udp_socket ioctl SIOCDEVPRIVATE;
dontaudit ipsec_mon kernel:system module_request;
Reference in New Issue View Git Blame Copy Permalink