| Bjoern Johansson | a2d754c | 2018-05-15 15:03:12 -0700 | [diff] [blame] | 1 | type hostapd_nohidl, domain; |
| 2 | type hostapd_nohidl_exec, exec_type, vendor_file_type, file_type; |
| 3 | |
| 4 | init_daemon_domain(hostapd_nohidl) |
| 5 | net_domain(hostapd_nohidl) |
| 6 | |
| 7 | allow hostapd_nohidl execns:fd use; |
| 8 | |
| 9 | allow hostapd_nohidl self:capability { net_admin net_raw }; |
| 10 | allow hostapd_nohidl self:netlink_generic_socket { bind create getattr read setopt write }; |
| 11 | allow hostapd_nohidl self:netlink_route_socket nlmsg_write; |
| 12 | allow hostapd_nohidl self:packet_socket { create setopt }; |
| 13 | allowxperm hostapd_nohidl self:udp_socket ioctl priv_sock_ioctls; |
| 14 | |
| 15 | # hostapd will attempt to search sysfs but it's not needed and will spam the log |
| 16 | dontaudit hostapd_nohidl sysfs_net:dir search; |