| Tri Vo | bc8dc3a | 2019-05-26 13:17:08 -0700 | [diff] [blame^] | 1 | # Point to Point Protocol daemon |
| 2 | type ppp, domain; |
| 3 | type ppp_device, dev_type; |
| 4 | type ppp_exec, system_file_type, exec_type, file_type; |
| 5 | |
| 6 | net_domain(ppp) |
| 7 | |
| 8 | r_dir_file(ppp, proc_net_type) |
| 9 | |
| 10 | allow ppp mtp:{ socket pppox_socket } rw_socket_perms; |
| 11 | |
| 12 | # ioctls needed for VPN. |
| 13 | allowxperm ppp self:udp_socket ioctl priv_sock_ioctls; |
| 14 | allowxperm ppp mtp:{ socket pppox_socket } ioctl ppp_ioctls; |
| 15 | |
| 16 | allow ppp mtp:unix_dgram_socket rw_socket_perms; |
| 17 | allow ppp ppp_device:chr_file rw_file_perms; |
| 18 | allow ppp self:global_capability_class_set net_admin; |
| 19 | allow ppp system_file:file rx_file_perms; |
| 20 | not_full_treble(`allow ppp vendor_file:file rx_file_perms;') |
| 21 | allow ppp vpn_data_file:dir w_dir_perms; |
| 22 | allow ppp vpn_data_file:file create_file_perms; |
| 23 | allow ppp mtp:fd use; |