| # ============================================== |
| # Policy File of /vendor/bin/ipsec_mon Executable File |
| |
| # ============================================== |
| # Common SEPolicy Rule |
| # ============================================== |
| |
| type ipsec_mon_exec, exec_type, file_type, vendor_file_type; |
| |
| init_daemon_domain(ipsec_mon) |
| |
| net_domain(ipsec_mon) |
| |
| allow ipsec_mon self:netlink_xfrm_socket { write bind create read nlmsg_read nlmsg_write}; |
| allow ipsec_mon ims_ipsec_data_file:dir w_dir_perms; |
| allow ipsec_mon ims_ipsec_data_file:file create_file_perms; |
| allow ipsec_mon self:key_socket { write read create setopt }; |
| |
| # Date: W17.36 |
| # Purpose: ipsec_mon fulfill 3x solution |
| allow ipsec_mon self:capability { net_admin net_raw }; |
| allow ipsec_mon self:udp_socket { create ioctl }; |
| allow ipsec_mon self:netlink_route_socket { write read create nlmsg_read bind connect nlmsg_write}; |
| allowxperm ipsec_mon self:udp_socket ioctl { SIOCDEVPRIVATE_2 }; |
| allow ipsec_mon devpts:chr_file rw_file_perms; |
| allow ipsec_mon proc_net:file w_file_perms; |
| |
| set_prop(ipsec_mon, vendor_mtk_network_prop) |
| |
| allowxperm ipsec_mon self:udp_socket ioctl SIOCDEVPRIVATE; |
| dontaudit ipsec_mon kernel:system module_request; |