Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / e1ee768a97f41a8b925e9cdd74108f6962cffde0 / . / private / ot_daemon.te
blob: 457e1bf2c0ed877c69282b582a2addebd1c81053 [file] [log] [blame]
Yakun Xu07429e32023-06-02 03:36:01 +0000[diff] [blame]1#
2# ot_daemon is the native Thread network stack on the host (Android) side.
3# Refer to https://www.threadgroup.org for Thread network knowledge.
4#
5
6# ot_daemon
7type ot_daemon, domain, coredomain;
8type ot_daemon_exec, exec_type, file_type, system_file_type;
9
10# Allow init ot_daemon
11init_daemon_domain(ot_daemon)
12# Allow the ot_daemon to use the net domain.
13net_domain(ot_daemon)
14
15# Allow the ot_daemon to access the folder "/data/misc/threadnetwork".
16allow ot_daemon threadnetwork_data_file:dir rw_dir_perms;
17allow ot_daemon threadnetwork_data_file:file create_file_perms;
18allow ot_daemon threadnetwork_data_file:sock_file {create unlink};
19
Kangping Dong0b3e8c62022-10-28 15:56:02 +0800[diff] [blame]20# Allow OT daemon to read/write the Thread tunnel interface
21allow ot_daemon tun_device:chr_file {read write};
22
Handa Wang8612e802023-08-23 15:40:49 +0800[diff] [blame]23# Allow OT daemon to read/write on the socket created by System Server
24allow ot_daemon system_server:rawip_socket rw_socket_perms_no_ioctl;
25
Zhanglong Xiab2d1fbb2023-06-14 05:26:15 +0000[diff] [blame]26hal_client_domain(ot_daemon, hal_threadnetwork)
Kangping Dong0b3e8c62022-10-28 15:56:02 +0800[diff] [blame]27
28# Only ot_daemon can publish the binder service
29binder_use(ot_daemon)
30add_service(ot_daemon, ot_daemon_service)
31binder_call(ot_daemon, system_server)
Tony Zhou4ed6a0d2023-10-26 13:43:59 +0800[diff] [blame]32
33# Allow OT daemon to write to statsd
34unix_socket_send(ot_daemon, statsdw, statsd)
Kangping Donge1ee7682023-12-01 13:02:38 +0800[diff] [blame^]35
36# For collecting bugreports.
37allow ot_daemon dumpstate:fd use;
38allow ot_daemon dumpstate:fifo_file write;