1*e4a36f41SAndroid Build Coastguard Workertype wpantund, domain; 2*e4a36f41SAndroid Build Coastguard Workertype wpantund_exec, system_file_type, exec_type, file_type; 3*e4a36f41SAndroid Build Coastguard Worker 4*e4a36f41SAndroid Build Coastguard Workerhal_client_domain(wpantund, hal_lowpan) 5*e4a36f41SAndroid Build Coastguard Workernet_domain(wpantund) 6*e4a36f41SAndroid Build Coastguard Worker 7*e4a36f41SAndroid Build Coastguard Workerbinder_use(wpantund) 8*e4a36f41SAndroid Build Coastguard Workerbinder_call(wpantund, system_server) 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Worker# wpantund needs to be able to check in with the lowpan_service 11*e4a36f41SAndroid Build Coastguard Workerallow wpantund lowpan_service:service_manager find; 12*e4a36f41SAndroid Build Coastguard Worker 13*e4a36f41SAndroid Build Coastguard Worker# Allow wpantund to call any callbacks that have been registered with it. 14*e4a36f41SAndroid Build Coastguard Worker# Generally, only privileged apps are able to register callbacks with 15*e4a36f41SAndroid Build Coastguard Worker# wpantund, so we are limiting the scope for callbacks to only privileged 16*e4a36f41SAndroid Build Coastguard Worker# apps. We also add shell to allow the command-line utility `lowpanctl` 17*e4a36f41SAndroid Build Coastguard Worker# to work properly from `adb shell`. 18*e4a36f41SAndroid Build Coastguard Workerallow wpantund {priv_app shell}:binder call; 19*e4a36f41SAndroid Build Coastguard Worker 20*e4a36f41SAndroid Build Coastguard Worker# create sockets to set interfaces up and down, add multicast groups, etc. 21*e4a36f41SAndroid Build Coastguard Workerallow wpantund self:udp_socket create_socket_perms; 22*e4a36f41SAndroid Build Coastguard Worker 23*e4a36f41SAndroid Build Coastguard Worker# setting interface state up/down and changing MTU are privileged ioctls 24*e4a36f41SAndroid Build Coastguard Workerallowxperm wpantund self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFMTU }; 25*e4a36f41SAndroid Build Coastguard Worker 26*e4a36f41SAndroid Build Coastguard Worker# Allow us to bring up a TUN network interface. 27*e4a36f41SAndroid Build Coastguard Workerallow wpantund tun_device:chr_file rw_file_perms; 28*e4a36f41SAndroid Build Coastguard Workerallow wpantund self:global_capability_class_set { net_admin net_raw }; 29*e4a36f41SAndroid Build Coastguard Workerallow wpantund self:tun_socket create; 30