38 lines
1.5 KiB
Plaintext
38 lines
1.5 KiB
Plaintext
# Wifi manager
|
|
type netmgr, domain;
|
|
type netmgr_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
init_daemon_domain(netmgr)
|
|
net_domain(netmgr)
|
|
|
|
allow netmgr execns:fd use;
|
|
|
|
# Set property to indicate bridging is complete
|
|
set_prop(netmgr, vendor_net);
|
|
# Set ctrl.restart property to restart hostapd when config changes
|
|
set_prop(netmgr, ctl_default_prop);
|
|
# Modify hostapd config file
|
|
allow netmgr hostapd_data_file:file create_file_perms;
|
|
allow netmgr hostapd_data_file:dir rw_dir_perms;
|
|
# Assign addresses to new interfaces as hostapd brings them up
|
|
allow netmgr self:capability { net_raw net_admin };
|
|
allow netmgr self:socket { create };
|
|
allow netmgr self:unix_dgram_socket ioctl;
|
|
allow netmgr self:packet_socket { ioctl getopt map };
|
|
allow netmgr self:udp_socket { ioctl };
|
|
allow netmgr proc_net:file { read getattr open };
|
|
allowxperm netmgr self:unix_dgram_socket ioctl { SIOCETHTOOL };
|
|
allowxperm netmgr self:udp_socket ioctl { SIOCSIFFLAGS
|
|
SIOCBRADDBR
|
|
SIOCBRADDIF
|
|
SIOCBRDELIF };
|
|
allowxperm netmgr self:packet_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR };
|
|
|
|
# Allow netmgr to run ip and modify route table to block unblock traffic
|
|
allow netmgr goldfish_ip_exec:file execute_no_trans;
|
|
allow netmgr self:netlink_route_socket nlmsg_write;
|
|
# Packet socket for wifi forwarding
|
|
allow netmgr self:packet_socket { bind create read setopt write };
|
|
allow netmgr self:capability sys_module;
|
|
allow netmgr self:vsock_socket create_socket_perms_no_ioctl;
|