1typeattribute netd coredomain; 2 3init_daemon_domain(netd) 4 5# Allow netd to spawn dnsmasq in it's own domain 6domain_auto_trans(netd, dnsmasq_exec, dnsmasq) 7 8# Allow netd to start clatd in its own domain and kill it 9domain_auto_trans(netd, clatd_exec, clatd) 10allow netd clatd:process signal; 11 12# give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write 13# the map created by bpfloader 14allow netd bpfloader:bpf { prog_run map_read map_write }; 15 16# in order to invoke side effect of close() on such a socket calling synchronize_rcu() 17# TODO: Remove this permission when 4.9 kernel is deprecated. 18allow netd self:key_socket create; 19 20get_prop(netd, bpf_progs_loaded_prop) 21 22# Allow netd to write to statsd. 23unix_socket_send(netd, statsdw, statsd) 24 25# Allow netd to send callbacks to network_stack 26binder_call(netd, network_stack) 27 28# Allow netd to send dump info to dumpstate 29allow netd dumpstate:fd use; 30allow netd dumpstate:fifo_file { getattr write }; 31