blob: 812d531dc31e68b1e61ea7271f20b98734981c34 [file] [log] [blame]
# ==============================================
# Policy File of /vendor/bin/ipsec_mon Executable File
# ==============================================
# Common SEPolicy Rule
# ==============================================
type ipsec_mon_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(ipsec_mon)
net_domain(ipsec_mon)
allow ipsec_mon self:netlink_xfrm_socket { write bind create read nlmsg_read nlmsg_write};
allow ipsec_mon ims_ipsec_data_file:dir w_dir_perms;
allow ipsec_mon ims_ipsec_data_file:file create_file_perms;
allow ipsec_mon self:key_socket { write read create setopt };
# Date: W17.36
# Purpose: ipsec_mon fulfill 3x solution
allow ipsec_mon self:capability { net_admin net_raw };
allow ipsec_mon self:udp_socket { create ioctl };
allow ipsec_mon self:netlink_route_socket { write read create nlmsg_read bind connect nlmsg_write};
allowxperm ipsec_mon self:udp_socket ioctl { SIOCDEVPRIVATE_2 };
allow ipsec_mon devpts:chr_file rw_file_perms;
allow ipsec_mon proc_net:file w_file_perms;
set_prop(ipsec_mon, vendor_mtk_network_prop)
allowxperm ipsec_mon self:udp_socket ioctl SIOCDEVPRIVATE;
dontaudit ipsec_mon kernel:system module_request;