Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
drachfly
/
android10
1
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: 6b68537209
Atzari Tagi
android10
/
system
/
sepolicy
/
public
/
racoon.te

racoon.te 1.1 KB
Vēsture Neapstrādāts

12345678910111213141516171819202122232425262728293031323334 
  1. # IKE key management daemon
    2. 

  2. type racoon, domain;
    3. 

  3. type racoon_exec, system_file_type, exec_type, file_type;
    4. 

  4. 

  5. typeattribute racoon mlstrustedsubject;
    6. 

  6. 

  7. net_domain(racoon)
    8. 

  8. allowxperm racoon self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR SIOCSIFNETMASK };
    9. 

  9. 

  10. binder_use(racoon)
    11. 

  11. 

  12. allow racoon tun_device:chr_file r_file_perms;
    13. 

  13. allowxperm racoon tun_device:chr_file ioctl TUNSETIFF;
    14. 

  14. allow racoon cgroup:dir { add_name create };
    15. 

  15. allow racoon kernel:system module_request;
    16. 

  16. 

  17. allow racoon self:key_socket create_socket_perms_no_ioctl;
    18. 

  18. allow racoon self:tun_socket create_socket_perms_no_ioctl;
    19. 

  19. allow racoon self:global_capability_class_set { net_admin net_bind_service net_raw };
    20. 

  20. 

  21. # XXX: should we give ip-up-vpn its own label (currently racoon domain)
    22. 

  22. allow racoon system_file:file rx_file_perms;
    23. 

  23. not_full_treble(`allow racoon vendor_file:file rx_file_perms;')
    24. 

  24. allow racoon vpn_data_file:file create_file_perms;
    25. 

  25. allow racoon vpn_data_file:dir w_dir_perms;
    26. 

  26. 

  27. use_keystore(racoon)
    28. 

  28. 

  29. # Racoon (VPN) has a restricted set of permissions from the default.
    30. 

  30. allow racoon keystore:keystore_key {
    31. 

  31. 	get
    32. 

  32. 	sign
    33. 

  33. 	verify
    34. 

  34. };
    35.