car_product/sepolicy/netmgrd.te - platform/packages/services/Car - Git at Google

 type netmgrd, domain;
 type netmgrd_exec, exec_type, file_type;

 init_daemon_domain(netmgrd)
 net_domain(netmgrd)

 # Creates/Talks to qmuxd via the qmux_radio socket.
 qmux_socket(netmgrd)

 # Allow writing of ipv6 network properties
 allow netmgrd proc_net:file w_file_perms;

 # Allow netmgrd operations
 allow netmgrd self:capability { net_admin net_raw fsetid };

 # Allow execution of /system/bin/sh.
 allow netmgrd shell_exec:file rx_file_perms;

 # Allow execution of /system/bin/*.
 allow netmgrd system_file:file rx_file_perms;

 allow netmgrd toolbox_exec:file rx_file_perms;

 userdebug_or_eng(`
     allow netmgrd diag_device:chr_file rw_file_perms;
 ')

 dontaudit netmgrd self:capability sys_module;
	type netmgrd, domain;
	type netmgrd_exec, exec_type, file_type;

	init_daemon_domain(netmgrd)
	net_domain(netmgrd)

	# Creates/Talks to qmuxd via the qmux_radio socket.
	qmux_socket(netmgrd)

	# Allow writing of ipv6 network properties
	allow netmgrd proc_net:file w_file_perms;

	# Allow netmgrd operations
	allow netmgrd self:capability { net_admin net_raw fsetid };

	# Allow execution of /system/bin/sh.
	allow netmgrd shell_exec:file rx_file_perms;

	# Allow execution of /system/bin/*.
	allow netmgrd system_file:file rx_file_perms;

	allow netmgrd toolbox_exec:file rx_file_perms;

	userdebug_or_eng(`
	allow netmgrd diag_device:chr_file rw_file_perms;
	')

	dontaudit netmgrd self:capability sys_module;