1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
set_prop(vendor_cnd, vendor_cnd_vendor_prop)
net_domain(vendor_cnd)
allow vendor_cnd vendor_smem_log_device:chr_file rw_file_perms;
# allow vendor_cnd the following capability
allow vendor_cnd self:capability {
net_admin
};
allow vendor_cnd self:{
netlink_tcpdiag_socket
netlink_route_socket
} create_socket_perms_no_ioctl;
# allow vendor_cnd to access wpa_socket
allow vendor_cnd vendor_wifi_vendor_data_file:dir r_dir_perms;
allow vendor_cnd vendor_wifi_vendor_wpa_socket:sock_file write;
#allow vendor_cnd daemon to invoke hostapd_cli
allow vendor_cnd vendor_shell_exec:file rx_file_perms;
domain_auto_trans(vendor_cnd, vendor_hostapd_exec, vendor_hostapd)
allow vendor_cnd vendor_hostapd_socket:dir r_dir_perms;
unix_socket_send(vendor_cnd, vendor_hostapd, vendor_hostapd)
# only allow getopt for appdomain
allow appdomain zygote:unix_dgram_socket getopt;
dontaudit { domain -appdomain } zygote:unix_dgram_socket getopt;
allow vendor_cnd self:socket create_socket_perms_no_ioctl;
allowxperm vendor_cnd self:udp_socket ioctl wlan_sock_ioctls;
add_hwservice(vendor_cnd, vendor_hal_latency_hwservice)
add_hwservice(vendor_cnd, vendor_hal_slmadapter_hwservice)
get_prop(vendor_cnd, vendor_slm_prop)
add_hwservice(vendor_cnd, vendor_hal_mwqemadapter_hwservice)
get_prop(vendor_cnd, vendor_mwqem_prop)
##############################################################
#for using public interface vendor.qti.data.factory
#client should add their domain to vendor_cnd.te
##############################################################
userdebug_or_eng(`
binder_call(vendor_cnd, radio)
diag_use(vendor_cnd)
')
|
