37 lines
1.7 KiB
Plaintext
37 lines
1.7 KiB
Plaintext
# goldfish-setup service: runs init.goldfish.sh script
|
|
type goldfish_setup, domain;
|
|
type goldfish_setup_exec, vendor_file_type, exec_type, file_type;
|
|
|
|
init_daemon_domain(goldfish_setup)
|
|
|
|
# TODO(b/79502552): Invalid property access from emulator vendor
|
|
#set_prop(goldfish_setup, debug_prop);
|
|
allow goldfish_setup self:capability { fowner chown net_admin net_raw };
|
|
allow goldfish_setup self:udp_socket { create ioctl };
|
|
allow goldfish_setup vendor_toolbox_exec:file execute_no_trans;
|
|
allow goldfish_setup vendor_file:file execute_no_trans;
|
|
allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
|
|
wakelock_use(goldfish_setup);
|
|
allow goldfish_setup vendor_shell_exec:file { rx_file_perms };
|
|
#============= goldfish_setup ==============
|
|
allow goldfish_setup mac80211_create_radios_exec:file execute_no_trans;
|
|
|
|
# Set system properties to start services
|
|
set_prop(goldfish_setup, ctl_default_prop);
|
|
|
|
# Set up WiFi
|
|
allow goldfish_setup self:netlink_route_socket { create nlmsg_write setopt bind getattr read write nlmsg_read };
|
|
allow goldfish_setup self:netlink_generic_socket create_socket_perms_no_ioctl;
|
|
allow goldfish_setup self:capability { sys_module sys_admin };
|
|
allow goldfish_setup proc_net:file rw_file_perms;
|
|
allow goldfish_setup proc:file r_file_perms;
|
|
allow goldfish_setup nsfs:file r_file_perms;
|
|
allow goldfish_setup system_data_file:dir getattr;
|
|
set_prop(goldfish_setup, vendor_qemu_prop);
|
|
get_prop(goldfish_setup, vendor_net_share_prop);
|
|
# Allow goldfish_setup to copy the hostapd conf template to the vendor data dir
|
|
allow goldfish_setup hostapd_data_file:file create_file_perms;
|
|
allow goldfish_setup hostapd_data_file:dir rw_dir_perms;
|
|
#allow goldfish_setup system_file:file { execute getattr open read };
|
|
dontaudit goldfish_setup self:capability dac_override;
|