blob: f8f55d45a9a261dee218757a8030d2b806276676
1 | type pppoe_wrapper, domain; |
2 | type pppoe_wrapper_exec, exec_type, vendor_file_type, file_type; |
3 | # |
4 | init_daemon_domain(pppoe_wrapper) |
5 | |
6 | allow pppoe_wrapper vendor_file:file { execute }; |
7 | |
8 | # |
9 | #allow pppoe_wrapper ppp_exec:file { execute_no_trans execute getattr read open }; |
10 | #allow pppoe_wrapper pppoe_wrapper_exec:file { entrypoint read execute }; |
11 | #allow pppoe_wrapper system_file:file execute_no_trans; |
12 | #allow pppoe_wrapper pppoe_wrapper:process setfscreate; |
13 | #allow pppoe_wrapper pppoe_wrapper:capability { net_raw dac_override net_admin setgid setuid kill }; |
14 | #allow pppoe_wrapper pppoe_wrapper:netlink_route_socket { bind create read write }; |
15 | #allow pppoe_wrapper property_socket:sock_file write; |
16 | #allow pppoe_wrapper system_app:unix_dgram_socket sendto; |
17 | #allow pppoe_wrapper ppp_data_file:sock_file { create write setattr unlink }; |
18 | #allow pppoe_wrapper ppp_data_file:dir { write search setattr create add_name mounton remove_name }; |
19 | #allow pppoe_wrapper ppp_data_file:file { create write open lock getattr read unlink }; |
20 | #allow pppoe_wrapper ppp_system_file:dir search; |
21 | #allow pppoe_wrapper socket_device:dir { add_name write }; |
22 | #allow pppoe_wrapper socket_device:sock_file { create setattr }; |
23 | #allow pppoe_wrapper pppoe_wrapper_socket:sock_file { create setattr write }; |
24 | #allow pppoe_wrapper shell_exec:file { execute_no_trans execute read open }; |
25 | #allow pppoe_wrapper net_radio_prop:property_service set; |
26 | #allow pppoe_wrapper dhcp_prop:property_service set; |
27 | #allow pppoe_wrapper init:unix_stream_socket connectto; |
28 | #allow pppoe_wrapper socket_device:sock_file { setattr write }; |
29 | #allow pppoe_wrapper rootfs:file { read open getattr }; |
30 | #allow pppoe_wrapper shell_exec:file getattr; |
31 | #allow pppoe_wrapper proc_net:file { read open getattr }; |
32 |