blob: 66a44083b84b8cda653ab1e838c44ed2d39db146
| 1 | # Point to Point Protocol daemon |
| 2 | type sh, domain; |
| 3 | type sh_device, dev_type; |
| 4 | type sh_exec, exec_type, file_type; |
| 5 | |
| 6 | domain_auto_trans(ppp, sh_exec, sh) |
| 7 | |
| 8 | init_daemon_domain(ppp) |
| 9 | net_domain(ppp) |
| 10 | |
| 11 | allow ppp mtp:socket rw_socket_perms; |
| 12 | allow ppp mtp:unix_dgram_socket rw_socket_perms; |
| 13 | allow ppp ppp_device:file { rw_file_perms x_file_perms }; |
| 14 | allow ppp ppp_device:dir { rw_file_perms search }; |
| 15 | allow ppp self:capability { dac_override net_admin net_raw setgid setuid }; |
| 16 | allow ppp system_file:file rx_file_perms; |
| 17 | allow ppp system_file:dir r_file_perms; |
| 18 | allow ppp system_data_file:dir rw_file_perms; |
| 19 | allow ppp system_data_file:fifo_file rw_file_perms; |
| 20 | allow ppp vpn_data_file:dir w_dir_perms; |
| 21 | allow ppp vpn_data_file:file create_file_perms; |
| 22 | allow ppp mtp:fd use; |
| 23 | |
| 24 | allow ppp shell_exec:file rx_file_perms; |
| 25 | allow ppp property_socket:sock_file write; |
| 26 | allow ppp radio_prop:property_service set; |
| 27 | allow ppp system_prop:property_service set; |
| 28 | allow ppp net_radio_prop:property_service set; |
| 29 | allow ppp init:unix_stream_socket connectto; |
| 30 | |
| 31 | allow ppp radio_device:chr_file rw_file_perms; |
| 32 | allow ppp radio_data_file:file rw_file_perms; |
| 33 | allow ppp unlabeled:filesystem { associate }; |
| 34 | allow ppp ppp_exec:file rx_file_perms; |
| 35 | allow ppp device:file create_file_perms; |
| 36 | allow ppp device:lnk_file create_file_perms; |
| 37 | allow ppp device:dir { create_file_perms add_name }; |
| 38 | |
| 39 | allow sh shell_exec:file rx_file_perms; |
| 40 | allow sh system_file:file rx_file_perms; |
| 41 | allow sh ppp_exec:file rx_file_perms; |
| 42 | allow sh radio_device:file { rw_file_perms link unlink }; |
| 43 |