1# Wifi manager 2type netmgr, domain; 3type netmgr_exec, exec_type, vendor_file_type, file_type; 4 5init_daemon_domain(netmgr) 6net_domain(netmgr) 7 8allow netmgr execns:fd use; 9 10# Set property to indicate bridging is complete 11set_prop(netmgr, vendor_net); 12# Set ctrl.restart property to restart hostapd when config changes 13set_prop(netmgr, ctl_default_prop); 14# Modify hostapd config file 15allow netmgr hostapd_data_file:file create_file_perms; 16allow netmgr hostapd_data_file:dir rw_dir_perms; 17# Assign addresses to new interfaces as hostapd brings them up 18allow netmgr self:capability { net_raw net_admin }; 19allow netmgr self:socket { create }; 20allow netmgr self:unix_dgram_socket ioctl; 21allow netmgr self:packet_socket { ioctl getopt map }; 22allow netmgr self:udp_socket { ioctl }; 23allow netmgr proc_net:file { read getattr open }; 24allowxperm netmgr self:unix_dgram_socket ioctl { SIOCETHTOOL }; 25allowxperm netmgr self:udp_socket ioctl { SIOCSIFFLAGS 26 SIOCBRADDBR 27 SIOCBRADDIF 28 SIOCBRDELIF }; 29allowxperm netmgr self:packet_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR }; 30 31# Allow netmgr to run ip and modify route table to block unblock traffic 32allow netmgr goldfish_ip_exec:file execute_no_trans; 33allow netmgr self:netlink_route_socket nlmsg_write; 34# Packet socket for wifi forwarding 35allow netmgr self:packet_socket { bind create read setopt write }; 36allow netmgr kernel:system module_request; 37allow netmgr self:capability sys_module; 38