1# network manager 2type netd, domain; 3type netd_exec, exec_type, file_type; 4 5init_daemon_domain(netd) 6typeattribute netd mlstrustedsubject; 7allow netd self:capability { net_admin net_raw sys_module }; 8allow netd self:netlink_kobject_uevent_socket *; 9allow netd self:netlink_route_socket *; 10allow netd self:netlink_nflog_socket *; 11allow netd self:rawip_socket *; 12allow netd self:udp_socket *; 13allow netd node:udp_socket node_bind; 14allow netd port:udp_socket name_bind; 15allow netd self:unix_stream_socket *; 16allow netd shell_exec:file rx_file_perms; 17allow netd system_file:file x_file_perms; 18allow netd devpts:chr_file rw_file_perms; 19 20# For /proc/sys/net/ipv[46]/route/flush. 21# XXX Split /proc/sys/net into its own type. 22allow netd proc:file write; 23 24# For /sys/modules/bcmdhd/parameters/firmware_path 25# XXX Split into its own type. 26allow netd sysfs:file write; 27 28# Network driver loading. 29allow netd kernel:system module_request; 30 31