1*e4a36f41SAndroid Build Coastguard Workertypeattribute netd coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(netd) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# Allow netd to spawn dnsmasq in it's own domain 6*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(netd, dnsmasq_exec, dnsmasq) 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Worker# Allow netd to start clatd in its own domain 9*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(netd, clatd_exec, clatd) 10*e4a36f41SAndroid Build Coastguard Worker 11*e4a36f41SAndroid Build Coastguard Worker# give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write 12*e4a36f41SAndroid Build Coastguard Worker# the map created by bpfloader 13*e4a36f41SAndroid Build Coastguard Workerallow netd bpfloader:bpf { prog_run map_read map_write }; 14*e4a36f41SAndroid Build Coastguard Worker 15*e4a36f41SAndroid Build Coastguard Worker# in order to invoke side effect of close() on such a socket calling synchronize_rcu() 16*e4a36f41SAndroid Build Coastguard Worker# TODO: Remove this permission when 4.9 kernel is deprecated. 17*e4a36f41SAndroid Build Coastguard Workerallow netd self:key_socket create; 18*e4a36f41SAndroid Build Coastguard Worker 19*e4a36f41SAndroid Build Coastguard Workerget_prop(netd, bpf_progs_loaded_prop) 20*e4a36f41SAndroid Build Coastguard Worker 21*e4a36f41SAndroid Build Coastguard Worker# Allow netd to write to statsd. 22*e4a36f41SAndroid Build Coastguard Workerunix_socket_send(netd, statsdw, statsd) 23*e4a36f41SAndroid Build Coastguard Worker 24*e4a36f41SAndroid Build Coastguard Worker# Allow netd to send callbacks to network_stack 25*e4a36f41SAndroid Build Coastguard Workerbinder_call(netd, network_stack) 26*e4a36f41SAndroid Build Coastguard Worker 27*e4a36f41SAndroid Build Coastguard Worker# Allow netd to send dump info to dumpstate 28*e4a36f41SAndroid Build Coastguard Workerallow netd dumpstate:fd use; 29*e4a36f41SAndroid Build Coastguard Workerallow netd dumpstate:fifo_file { getattr write }; 30