sepolicy/common/hostapd_nohidl.te - device/generic/goldfish - Git at Google

 type hostapd_nohidl, domain;
 type hostapd_nohidl_exec, exec_type, vendor_file_type, file_type;

 init_daemon_domain(hostapd_nohidl)
 net_domain(hostapd_nohidl)

 allow hostapd_nohidl execns:fd use;

 allow hostapd_nohidl kernel:system module_request;

 allow hostapd_nohidl hostapd_data_file:file r_file_perms;
 allow hostapd_nohidl hostapd_data_file:dir r_dir_perms;
 allow hostapd_nohidl self:capability { net_admin net_raw setgid setuid };
 allow hostapd_nohidl self:netlink_generic_socket { bind create getattr read setopt write };
 allow hostapd_nohidl self:netlink_route_socket nlmsg_write;
 allow hostapd_nohidl self:packet_socket { create setopt read write };
 allowxperm hostapd_nohidl self:udp_socket ioctl priv_sock_ioctls;

 # hostapd will attempt to search sysfs but it's not needed and will spam the log
 dontaudit hostapd_nohidl sysfs_net:dir search;
	type hostapd_nohidl, domain;
	type hostapd_nohidl_exec, exec_type, vendor_file_type, file_type;

	init_daemon_domain(hostapd_nohidl)
	net_domain(hostapd_nohidl)

	allow hostapd_nohidl execns:fd use;

	allow hostapd_nohidl kernel:system module_request;

	allow hostapd_nohidl hostapd_data_file:file r_file_perms;
	allow hostapd_nohidl hostapd_data_file:dir r_dir_perms;
	allow hostapd_nohidl self:capability { net_admin net_raw setgid setuid };
	allow hostapd_nohidl self:netlink_generic_socket { bind create getattr read setopt write };
	allow hostapd_nohidl self:netlink_route_socket nlmsg_write;
	allow hostapd_nohidl self:packet_socket { create setopt read write };
	allowxperm hostapd_nohidl self:udp_socket ioctl priv_sock_ioctls;

	# hostapd will attempt to search sysfs but it's not needed and will spam the log
	dontaudit hostapd_nohidl sysfs_net:dir search;