diff options
Diffstat (limited to 'sepolicy/netd.te')
| -rwxr-xr-x | sepolicy/netd.te | 120 |
1 files changed, 120 insertions, 0 deletions
diff --git a/sepolicy/netd.te b/sepolicy/netd.te new file mode 100755 index 0000000..a94eaee --- /dev/null +++ b/sepolicy/netd.te @@ -0,0 +1,120 @@ +# ============================================== +# MTK Policy Rule +# ============================================== + +type dhcp6s_exec,exec_type,file_type; + + +# Date : WK14.34 +# Operation : Migration +# Purpose : wifi +allow netd wmtWifi_device:chr_file { write open }; + +allow netd kernel:system module_request; +allow netd self:capability sys_module; +allow netd self:capability fsetid; + + +# Date : WK14.34 +# Operation : Migration +# Purpose : property_service for wifi +allow netd mtk_wifi_prop:property_service set; + + +# Date : WK14.34 +# Operation : Migration +# Purpose : APP +allow netd platform_app:fd use; +allow netd platform_app_tmpfs:file write; + + +# Date : WK14.37 +# Operation : Migration +# Purpose : PPPOE Test +allow netd ppp:process sigkill; + +# Date : WK14.39 +# Operation : Migration +# Purpose : MDLogger USB logging +allow netd mdlogger:fd use; +allow netd mdlogger:tcp_socket { read write }; +allow netd mdlogger:tcp_socket { getopt setopt }; + +# Date : WK14.41 +# Operation : Migration +# Purpose : network logging +allow netd netdiag:fd use; +allow netd netdiag:udp_socket { read write getopt setopt}; + + +# Date : WK14.41 +# Operation : Migration +# Purpose : ipv6 Tethering Test +#============= netd ============== +allow netd dhcp6s_exec:file execute; +allow netd dhcp_data_file:dir { read search write add_name remove_name }; +allow netd dhcp_data_file:file { read write create open getattr unlink}; + +allow netd radvd_data_file:dir { read write search add_name remove_name}; +allow netd radvd_data_file:file { read write create open unlink}; + +allow netd self:capability { setuid net_bind_service setgid }; +allow netd wide_dhcpv6_data_file:dir { read search write add_name remove_name}; +allow netd wide_dhcpv6_data_file:file { read write create open getattr unlink}; + +# Date : WK14.42 +# Operation : Migration +# Purpose : for VoLTE L early bring up and first call +allow netd volte_stack:fd use; +allow netd volte_stack:tcp_socket { read write setopt getopt }; +allow netd volte_stack:udp_socket { read write setopt getopt }; + +# Date : WK14.42 +# Operation : Migration +# Purpose : ALPS01774455[Need Patch] [Sanity Fail][95E2 L][WFD][EE]EE occur when connect dongle1 +allow netd device:file { open write }; + + +# Date : WK14.44 +# Operation : Migration +# Purpose : ALPS01789552 +#============= netd ============== +allow netd self:capability { setuid setgid }; + + +#============= netd ============== +allow netd isolated_app_tmpfs:file write; + +# Date : W14.52 +# Operation : Migration +# Purpose : add ePDG support +allow netd ipsec:fd use; +allow netd ipsec:tcp_socket { read write setopt getopt }; + +#============= netd ============== +allow netd untrusted_app:fd use; +allow netd untrusted_app_tmpfs:file write; + +#============= netd ============== +# Date : W14.53 +# Operation : Migration +# Purpose : For volte_imcb ut +allow netd volte_imcb:fd use; +allow netd volte_imcb:tcp_socket { read write }; +allow netd volte_imcb:tcp_socket getopt; +allow netd volte_imcb:tcp_socket setopt; + + +# Date : W15.02 +# Operation : SQC +# Purpose : CTS for wifi +allow netd untrusted_app:unix_stream_socket { read write getopt setopt}; + +allow netd isolated_app:fd use; + + +#============= netd ============== +allow netd radio_tmpfs:file write; + + + |