diff options
Diffstat (limited to 'sepolicy/netdiag.te')
| -rw-r--r-- | sepolicy/netdiag.te | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/sepolicy/netdiag.te b/sepolicy/netdiag.te new file mode 100644 index 0000000..71da394 --- /dev/null +++ b/sepolicy/netdiag.te @@ -0,0 +1,72 @@ +# ============================================== +# Policy File of /system/binnetdiag Executable File + + +# ============================================== +# Type Declaration +# ============================================== + +type netdiag_exec , exec_type, file_type; +type netdiag ,domain; + +# ============================================== +# Android Policy Rule +# ============================================== + +# ============================================== +# NSA Policy Rule +# ============================================== + +# ============================================== +# MTK Policy Rule +# ============================================== + +#permissive netdiag; +init_daemon_domain(netdiag) +#unconfined_domain(netdiag) + + +# Date : WK14.31 +# Operation : Migration +# Purpose : for L early bring-up +allow netdiag shell_exec:file execute_no_trans; +allow netdiag sdcard_internal:dir { write search read create open add_name }; +allow netdiag sdcard_internal:file { write create open getattr }; +allow netdiag self:packet_socket { write ioctl setopt read getopt create }; +allow netdiag fuse:dir { remove_name write search read remove_name open add_name create}; +allow netdiag fuse:file { rename write getattr read create open unlink}; + +allow netdiag init:unix_stream_socket connectto; +allow netdiag property_socket:sock_file write; +allow netdiag self:capability { setuid net_raw setgid }; +allow netdiag shell_exec:file { read execute open }; +allow netdiag tmpfs:lnk_file read; +allow netdiag domain:dir search; +allow netdiag domain:file { read open }; +#/proc/3523/net/xt_qtaguid/ctrl & /proc +allow netdiag qtaguid_proc:file { read getattr open }; + +allow netdiag self:capability net_admin; +allow netdiag self:udp_socket create; +allow netdiag system_file:file execute_no_trans; +#/system/bin/aee +#allow netdiag aee_exec:file { read getattr open execute execute_no_trans }; + +#ping +allow netdiag dnsproxyd_socket:sock_file write; +allow netdiag fwmarkd_socket:sock_file write; +allow netdiag netd:unix_stream_socket connectto; + +#ip +allow netdiag self:netlink_route_socket { write getattr setopt read bind create nlmsg_read }; + +allow netdiag net_data_file:file { read getattr open }; +allow netdiag net_data_file:dir search; +allow netdiag self:rawip_socket { getopt create }; +allow netdiag self:udp_socket ioctl; + +#for network log property +allow netdiag debug_netlog_prop:property_service set; +allow netdiag persist_mtklog_prop:property_service set; +allow netdiag debug_mtklog_prop:property_service set; + |