blob: 9432fd2634694dd0ec0ec1fa69163dec437e2d81 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
# ==============================================
# NSA Policy Rule
# ==============================================
# Network types
# Use network sockets.
allow netdomain self:{ tcp_socket udp_socket } *;
# Connect to ports.
allow netdomain port_type:tcp_socket name_connect;
# Bind to ports.
allow netdomain node_type:{ tcp_socket udp_socket } node_bind;
allow netdomain port_type:udp_socket name_bind;
allow netdomain port_type:tcp_socket name_bind;
# Get route information.
allow netdomain self:netlink_route_socket { create bind read nlmsg_read };
# Talks to netd via dnsproxyd socket.
unix_socket_connect(netdomain, dnsproxyd, netd)
# ==============================================
# MTK Policy Rule
# ==============================================
|
