1# wpa supplicant macsec or equivalent 2type wpa_supplicant_macsec, domain; 3type wpa_supplicant_macsec_exec, exec_type, vendor_file_type, file_type; 4init_daemon_domain(wpa_supplicant_macsec) 5 6net_domain(wpa_supplicant_macsec) 7 8# Allow wpa_supplicant to configure nl80211 9allow wpa_supplicant_macsec proc_net_type:file write; 10 11# in addition to ioctls allowlisted for all domains, grant wpa_supplicant_macsec priv_sock_ioctls. 12allowxperm wpa_supplicant_macsec self:udp_socket ioctl priv_sock_ioctls; 13 14r_dir_file(wpa_supplicant_macsec, sysfs_type) 15r_dir_file(wpa_supplicant_macsec, proc_net_type) 16 17allow wpa_supplicant_macsec self:global_capability_class_set { setuid net_admin setgid net_raw }; 18allow wpa_supplicant_macsec cgroup:dir create_dir_perms; 19allow wpa_supplicant_macsec cgroup_v2:dir create_dir_perms; 20allow wpa_supplicant_macsec self:netlink_route_socket nlmsg_write; 21allow wpa_supplicant_macsec self:netlink_socket create_socket_perms_no_ioctl; 22allow wpa_supplicant_macsec self:netlink_generic_socket create_socket_perms_no_ioctl; 23allow wpa_supplicant_macsec self:packet_socket create_socket_perms; 24allowxperm wpa_supplicant_macsec self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls }; 25 26binder_use(wpa_supplicant_macsec) 27hal_client_domain(wpa_supplicant_macsec, hal_macsec) 28 29