| Zvikomborero VIncent Zvikaramba | ce77c38 | 2016-08-21 04:37:28 -0400 | [diff] [blame^] | 1 | #======================connfwexe=========================================== |
| 2 | type connfwexe, domain; |
| 3 | type connfwexe_exec, exec_type, file_type; |
| 4 | init_daemon_domain(connfwexe) |
| 5 | net_domain(connfwexe) |
| 6 | |
| 7 | # To make VT call |
| 8 | binder_use(connfwexe) |
| 9 | |
| 10 | allow connfwexe ashmem_device:chr_file { getattr execute execute_no_trans }; |
| 11 | allow connfwexe block_device:dir { read search ioctl open getattr }; |
| 12 | allow connfwexe block_device:lnk_file { read lock ioctl open getattr }; |
| 13 | allow connfwexe bugreport_exec:file { execute execute_no_trans }; |
| 14 | allow connfwexe connfwexe:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto }; |
| 15 | allow connfwexe connfwexe:capability { setuid net_raw sys_boot sys_nice dac_override }; |
| 16 | allow connfwexe connfwexe:dir { read search ioctl open getattr }; |
| 17 | allow connfwexe connfwexe:fd use; |
| 18 | allow connfwexe connfwexe:fifo_file { read lock getattr write ioctl open append }; |
| 19 | allow connfwexe connfwexe:file { read lock getattr write ioctl open append }; |
| 20 | allow connfwexe connfwexe:ipc { unix_read setattr associate read create write getattr unix_write destroy }; |
| 21 | allow connfwexe connfwexe:key { search setattr read create write link view }; |
| 22 | allow connfwexe connfwexe:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto }; |
| 23 | allow connfwexe connfwexe:lnk_file { read lock ioctl open getattr }; |
| 24 | allow connfwexe connfwexe:msg { receive send }; |
| 25 | allow connfwexe connfwexe:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy }; |
| 26 | allow connfwexe connfwexe:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto }; |
| 27 | allow connfwexe connfwexe:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto }; |
| 28 | allow connfwexe connfwexe:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto }; |
| 29 | allow connfwexe connfwexe:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition }; |
| 30 | allow connfwexe connfwexe:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind }; |
| 31 | allow connfwexe connfwexe:sem { unix_read setattr associate read create write getattr unix_write destroy }; |
| 32 | allow connfwexe connfwexe:shm { unix_read setattr associate read lock create write getattr unix_write destroy }; |
| 33 | allow connfwexe connfwexe:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto }; |
| 34 | allow connfwexe connfwexe:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind }; |
| 35 | allow connfwexe connfwexe:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto }; |
| 36 | allow connfwexe connfwexe:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind }; |
| 37 | allow connfwexe connfwexe:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto }; |
| 38 | allow connfwexe connfwexe:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto }; |
| 39 | allow connfwexe connfwexe_exec:file { read open getattr entrypoint execute }; |
| 40 | allow connfwexe connfwexe_tmpfs:file { read write }; |
| 41 | allow connfwexe dalvikcache_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append }; |
| 42 | allow connfwexe ddexe:unix_stream_socket connectto; |
| 43 | allow connfwexe dumplog_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name }; |
| 44 | allow connfwexe dumplog_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append }; |
| 45 | allow connfwexe dumplog_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append }; |
| 46 | allow connfwexe dumpstate_exec:file { execute execute_no_trans }; |
| 47 | allow connfwexe dumpsys_exec:file { execute execute_no_trans }; |
| 48 | allow connfwexe emmcblk_device:blk_file { read lock getattr write ioctl open append }; |
| 49 | allow connfwexe init:process sigchld; |
| 50 | allow connfwexe init:unix_stream_socket connectto; |
| 51 | allow connfwexe property_socket:sock_file { write open append }; |
| 52 | allow connfwexe radio_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name }; |
| 53 | allow connfwexe radio_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append }; |
| 54 | allow connfwexe servicemanager:binder { transfer call }; |
| 55 | allow connfwexe servicemanager:fd use; |
| 56 | allow connfwexe shell_exec:file { execute read lock getattr execute_no_trans ioctl open }; |
| 57 | allow connfwexe sysfs:file { read lock getattr write ioctl open append }; |
| 58 | allow connfwexe sysfs_ss_writable:file { read lock getattr write ioctl open append }; |
| 59 | allow connfwexe sysfs_wake_lock:file { read lock getattr write ioctl open append }; |
| 60 | allow connfwexe system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name }; |
| 61 | allow connfwexe system_data_file:sock_file { rename setattr read lock create getattr write ioctl link unlink open append }; |
| 62 | allow connfwexe system_file:file { getattr execute execute_no_trans }; |
| 63 | allow connfwexe system_prop:property_service set; |
| 64 | allow connfwexe system_server:binder { transfer call }; |
| 65 | allow connfwexe system_server:fd use; |
| 66 | allow connfwexe zygote_exec:file { execute read lock getattr execute_no_trans ioctl open }; |