1# 2# ot_daemon is the native Thread network stack on the host (Android) side. 3# Refer to https://www.threadgroup.org for Thread network knowledge. 4# 5 6# ot_daemon 7type ot_daemon, domain, coredomain; 8type ot_daemon_exec, exec_type, file_type, system_file_type; 9 10# Allow init ot_daemon 11init_daemon_domain(ot_daemon) 12# Allow the ot_daemon to use the net domain. 13net_domain(ot_daemon) 14 15# Allow ot_daemon to find /data/misc/apexdata/com.android.tethering 16allow ot_daemon apex_module_data_file:dir search; 17 18# Allow the ot_daemon to access files and subdirectories under 19# /data/misc/apexdata/com\.android\.tethering 20allow ot_daemon apex_tethering_data_file:dir {create rw_dir_perms}; 21allow ot_daemon apex_tethering_data_file:file create_file_perms; 22 23# Allow OT daemon to read/write the Thread tunnel interface 24allow ot_daemon tun_device:chr_file {read write}; 25 26# Allow OT daemon to read/write on the socket created by System Server 27allow ot_daemon system_server:rawip_socket rw_socket_perms_no_ioctl; 28 29hal_client_domain(ot_daemon, hal_threadnetwork) 30 31# Only ot_daemon can publish the binder service 32binder_use(ot_daemon) 33add_service(ot_daemon, ot_daemon_service) 34binder_call(ot_daemon, system_server) 35 36# Allow OT daemon to write to statsd 37unix_socket_send(ot_daemon, statsdw, statsd) 38 39# For collecting bugreports. 40allow ot_daemon dumpstate:fd use; 41allow ot_daemon dumpstate:fifo_file write; 42