blob: 66a44083b84b8cda653ab1e838c44ed2d39db146
1 | # Point to Point Protocol daemon |
2 | type sh, domain; |
3 | type sh_device, dev_type; |
4 | type sh_exec, exec_type, file_type; |
5 | |
6 | domain_auto_trans(ppp, sh_exec, sh) |
7 | |
8 | init_daemon_domain(ppp) |
9 | net_domain(ppp) |
10 | |
11 | allow ppp mtp:socket rw_socket_perms; |
12 | allow ppp mtp:unix_dgram_socket rw_socket_perms; |
13 | allow ppp ppp_device:file { rw_file_perms x_file_perms }; |
14 | allow ppp ppp_device:dir { rw_file_perms search }; |
15 | allow ppp self:capability { dac_override net_admin net_raw setgid setuid }; |
16 | allow ppp system_file:file rx_file_perms; |
17 | allow ppp system_file:dir r_file_perms; |
18 | allow ppp system_data_file:dir rw_file_perms; |
19 | allow ppp system_data_file:fifo_file rw_file_perms; |
20 | allow ppp vpn_data_file:dir w_dir_perms; |
21 | allow ppp vpn_data_file:file create_file_perms; |
22 | allow ppp mtp:fd use; |
23 | |
24 | allow ppp shell_exec:file rx_file_perms; |
25 | allow ppp property_socket:sock_file write; |
26 | allow ppp radio_prop:property_service set; |
27 | allow ppp system_prop:property_service set; |
28 | allow ppp net_radio_prop:property_service set; |
29 | allow ppp init:unix_stream_socket connectto; |
30 | |
31 | allow ppp radio_device:chr_file rw_file_perms; |
32 | allow ppp radio_data_file:file rw_file_perms; |
33 | allow ppp unlabeled:filesystem { associate }; |
34 | allow ppp ppp_exec:file rx_file_perms; |
35 | allow ppp device:file create_file_perms; |
36 | allow ppp device:lnk_file create_file_perms; |
37 | allow ppp device:dir { create_file_perms add_name }; |
38 | |
39 | allow sh shell_exec:file rx_file_perms; |
40 | allow sh system_file:file rx_file_perms; |
41 | allow sh ppp_exec:file rx_file_perms; |
42 | allow sh radio_device:file { rw_file_perms link unlink }; |
43 |